Flutter Tutorial for beginner

How to Protecting Flutter Application

How to Protecting Flutter Application
813views

In the second part of securing the flutter application development, I will discuss the Application part. How to Protecting Flutter Application at the coding side. What are the main focuses on the Protecting Flutter Application development time and our application side security implementation?

Flutter Obfuscate Code optimization.

The compiled binary code of your apps can be reversed engineered. So that Some of the objects that can be exposed the code. Include strings,  class names, and its method and API keys. These data are either original form or in are in plain text. From the dart side what you can do is use the --obfuscate parameter when making your APK.

flutter build appbundle --obfuscate --split-debug-info=/<directory>

Also, you can handle that on the flutter from the native side you need to handle that. Use can use minify enabled and user proguard in the android side.

How to Protecting Flutter Application development

android

In your /android/app/build.gradle file, add the following:

android {
	...
	buildTypes {
		release {
			signingConfig signingConfigs.release
			minifyEnabled true
			useProguard true
			proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
		}
	}
}

Create a ProGuard configuration file in /android/app/proguard-rules.pro:

# Flutter
-keep class io.flutter.app.** { *; }
-keep class io.flutter.plugin.**  { *; }
-keep class io.flutter.util.**  { *; }
-keep class io.flutter.view.**  { *; }
-keep class io.flutter.**  { *; }
-keep class io.flutter.plugins.**  { *; }

In Android with ProGuard, it does not only obfuscate your code. And also helps you contract the size of your Android apps and Protecting Flutter Application development.

How to Protecting Flutter Application development

iOS

On your Ios side if you are using Objective-C or Swift for building iOS. The compiler strips and symbols or applies optimizations to your code. The iOS is already harder about is motivated attacker to read the compiled output of your code. if you are using the paid tool there are also some of the paid tools that help you obfuscate your code: iXGuard and Vermatrix.

The next one is Jailbroken and rooted devices

The Jailbroken is used for the iOS side and checking rooted devices on the android side. It has more privileges and may introduce malware to your user’s device that can circumvent the normal operations of the device. and making your app more secure.

flutter_jailbreak_detection is a package that helps to detect your device is jailbroken or rooted.  And It checks your app is currently running on a jailbroken or rooted device. So that you can use RootBeer for Android, and DTTJailbreakDetection for iOS applications.

And  it easy to use :

import 'package:flutter_jailbreak_detection/flutter_jailbreak_detection.dart';

bool jailbroken = await FlutterJailbreakDetection.jailbroken;
bool developerMode = await FlutterJailbreakDetection.developerMode; // android only.

Follow the link:- https://pub.dev/packages/flutter_jailbreak_detection

Secure user data

For storing sensitive user data you should never use the shared preferences or SQLite.  Because it is easy to open on any device, that you need to encrypt data. So you can use flutter_secure_storage it for that. This flutter package is used for Keystore for android App and keychains for iOS App. it is also worth setting up a periodic time for automatically cleaning the data cache that has been expired. Follow these Flutter Package for Secure user data:  https://pub.dev/packages/flutter_secure_storage

Use local authentication

Suppose the user phone has been stolen and your Protecting Flutter Application development is installed on it and it has some payment information 🙂 to prevent any access to your app you should use Biometrics authentication by using this package. User For Local Auth:-  https://pub.dev/packages/local_auth

Background Snapshot Prevention

When the app is running in backgrounded an operating system takes a snapshot of the last visible state to present in the task switcher. So the operating system prevents account balances and payment details from being captured by background snapshots. Hence this is highly desired. This could be solved by using this package his plugin allows you to protect your application content from view on demand. User For Backgroud Snapshot:- https://pub.dev/packages/secure_application

How to secure flutter code and securing flutter apps:-  Read More