My question is quite fundamental, the way I imagine mobile apps is that they utilize an API to connect my server and get data from there to avoid any critical information from leaking. Is that correct approach?