In the second part of securing the flutter application development, I will discuss the Application part. How to Protecting Flutter Application at the coding side. What are the main focuses on the Protecting Flutter Application development time and our application side security implementation?
Flutter Obfuscate Code optimization.
The compiled binary code of your apps can be reversed engineered. So that Some of the objects that can be exposed the code. Include strings, class names, and its method and API keys. These data are either original form or in are in plain text. From the dart side what you can do is use the --obfuscate parameter when making your APK.
flutter build appbundle --obfuscate --split-debug-info=/<directory>
Also, you can handle that on the flutter from the native side you need to handle that. Use can use minify enabled and user proguard in the android side.
How to Protecting Flutter Application development
android
In your /android/app/build.gradle file, add the following:
android {
...
buildTypes {
release {
signingConfig signingConfigs.release
minifyEnabled true
useProguard true
proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
}
}
}
Create a ProGuard configuration file in /android/app/proguard-rules.pro:
# Flutter
-keep class io.flutter.app.** { *; }
-keep class io.flutter.plugin.** { *; }
-keep class io.flutter.util.** { *; }
-keep class io.flutter.view.** { *; }
-keep class io.flutter.** { *; }
-keep class io.flutter.plugins.** { *; }
In Android with ProGuard, it does not only obfuscate your code. And also helps you contract the size of your Android apps and Protecting Flutter Application development.
How to Protecting Flutter Application development
iOS
On your Ios side if you are using Objective-C or Swift for building iOS. The compiler strips and symbols or applies optimizations to your code. The iOS is already harder about is motivated attacker to read the compiled output of your code. if you are using the paid tool there are also some of the paid tools that help you obfuscate your code: iXGuard and Vermatrix.
The next one is Jailbroken and rooted devices
The Jailbroken is used for the iOS side and checking rooted devices on the android side. It has more privileges and may introduce malware to your user’s device that can circumvent the normal operations of the device. and making your app more secure.
flutter_jailbreak_detection is a package that helps to detect your device is jailbroken or rooted. And It checks your app is currently running on a jailbroken or rooted device. So that you can use RootBeer for Android, and DTTJailbreakDetection for iOS applications.
And it easy to use :
import 'package:flutter_jailbreak_detection/flutter_jailbreak_detection.dart';
bool jailbroken = await FlutterJailbreakDetection.jailbroken;
bool developerMode = await FlutterJailbreakDetection.developerMode; // android only.
Follow the link:- https://pub.dev/packages/flutter_jailbreak_detection
Secure user data
For storing sensitive user data you should never use the shared preferences or SQLite. Because it is easy to open on any device, that you need to encrypt data. So you can use flutter_secure_storage it for that. This flutter package is used for Keystore for android App and keychains for iOS App. it is also worth setting up a periodic time for automatically cleaning the data cache that has been expired. Follow these Flutter Package for Secure user data: https://pub.dev/packages/flutter_secure_storage
Use local authentication
Suppose the user phone has been stolen and your Protecting Flutter Application development is installed on it and it has some payment information 🙂 to prevent any access to your app you should use Biometrics authentication by using this package. User For Local Auth:- https://pub.dev/packages/local_auth
Background Snapshot Prevention
When the app is running in backgrounded an operating system takes a snapshot of the last visible state to present in the task switcher. So the operating system prevents account balances and payment details from being captured by background snapshots. Hence this is highly desired. This could be solved by using this package his plugin allows you to protect your application content from view on demand. User For Backgroud Snapshot:- https://pub.dev/packages/secure_application
How to secure flutter code and securing flutter apps:- Read More