I'm hoping I can quickly lay out my situation and let someone who has more experience in mobile app development give me their advice.
I'm writing an application that will -- eventually -- need to be very secure (as in HIPAA compliant). At the current moment I'm doing an exploratory, alpha-phase test with a number of users. This test will indicate whether the service/product is even one worth continuing to explore. However, even though the users involved in the alpha test are aware of the app's status as being "in its infancy", I still want to respect privacy and also security.
I'm an experienced client-side app developer, but this is my first real mobile app. So the thought of concerning myself with session tracking, cookie handling and so forth within the client, mobile code is concerning. The thought occurred to me that ALL of the interface required at this point (save the notification/reminder/alarm framework) can be hosted in a web browser. So my question is this: how clunky is it (or how "bad form" is it) to host a web browser control in your Xamarin form and let that handle the logging in/session/interface stuff while the underlying C# code handles everything "native" to the device (such as alarming the user and so forth)? That is, I'd have a website the web browser control would interact with.
It's difficult to explain without giving away all the details of what I'm doing (which isn't necessary), but the underlying C# portion does NOT need to interact with the web browser's interface. So I don't need to know, from the client app, that someone pushed a button in the web page (for example). The only thing the client portion needs to do is respond to push notifications and set alarms and so forth.
Thoughts? Or am I making too big of a deal out of securing the C# back-end (the communication between it and the server, as well as the session management)? It just seems like something where, if I can offload all session management / security to a web browser which has been tested by companies with far more money than I, then I should.