Hi!
I think your post this is quite old so you either abandoned the project or solved it.
Anyway, I had the same "problem" many years ago with my home automation. (RaspberryPi and Android for Comm+Control). From my experience, exposing any device port to internet is a no-go. What I did, is use a "real time database" to communicate. This real-time db notifies all the listeners when something changed. So RaPi happily pushes stuff in db w/o any pesky script-kiddie knowing about it. No open ports, no exposed IPs. The Android phone would listen for changes, updating the UI accordingly.
The other way around is the same. A process would listen for changes in db, and trigger certain changes in the control code. Like temperature thresholds, start/stop various valves, change schedules, etc etc. Once the message is on RaPi, it is decoded and dispatched to relevant controller.
Drawbacks: The db service is paid (
https://www.back4app.com/). Multiple users is another complication, and probably the plan must be upgraded after a while. Maybe a paid MQTT instance could be a communication alternative? But I did not work w MQTT on Android, I have no idea about the quality of libraries there. Also, maybe there are questions with security and message filtering. Don't remember the security policies and access control on MQTT topics.
Backend code is Python and it is quite big and fiddly. For 24/7 I needed to put a lot of monitoring logic. Internet goes down randomly, websocket link sometimes drop silently, etc. A lot of timers, queue inspectors, multiprocessing, watchdogs, etc was needed to ensure hands-off service. Now, uptime is 190 days+. Don't know if ESP32 can handle python and required libraries (async, websocket, requests, some file caching etc). Never coded with it.
I don't know how to code iOS. I coded Android app in Flutter and deployed only to my phone. Pushing it through Google Play was beyond the goals.
This is a looong rant about my choices:
https://odysee.com/@ml-visoft:d/08_homeautomation_rants:8More about me:
https://www.visoft.ro/If you solved the project, I am curious about the details and what technical solutions you implemented.