Is that possible the hack different user capabilities in app?

Hello, i am new here (:

I am planning to develop an app for students and teachers communication. But they will have different capabilities. For example teachers can create courses but students can’t create courses. Students only can attend to courses. Because of the application written in javascript can students hack the application through browser? Like we did for debugging with browser? Can be modify with someway?

I know i can get secure through backend api. But i just want to learn students can reach teachers ui or not?

It’s easy to unzip the apk or ipa of an ionic app and be able to read the view templates, the only way is to secure the data access on backend.

Thanks for answer. So, i have another question. Is that possible to secure access token for api connection? Or if user wants can unzip the apk and can see the access token or url variables for accessing api?

you should have in your config client_id/client_secret and then you have to retrieve an access_token by a request