Question 285116 in Flutter Question posted in
The official Flutter documentation can be found here.

How to secure flutter app from decompile or sniffing?

I’m curious if there is a way to decompile and access flutter codes from a release apk? and how to prevent that? if there is no way to prevent, so how to keep data securely?
In my case i have to keep user name and a password static , how can i secure them and prevent them to be accessed?
It’s just an android version not ios.

Tags:

2

Answers


  1. 0

    There is no way of safely storing a secret in your dart code, it will always be possible to reverse engineer the apk and find the secret. See this question for better explanation.

    The main question is then: Why do you need to hard code a username and a password? Maybe another way is possible that does not require to have access to this information in the app. Having a backend which does all the requests to the authenticated service you want to access can be a solution.

    Login or Signup to reply.
  2. 0

    To answer your case maybe you can check the code below. The code source

    void main() async {
  const secureStorage = FlutterSecureStorage();
  // if key not exists return null
  final encryptionKeyString = await secureStorage.read(key: 'key');
  if (encryptionKeyString == null) {
    final key = Hive.generateSecureKey();
    await secureStorage.write(
      key: 'key',
      value: base64UrlEncode(key),
    );
  }
  final key = await secureStorage.read(key: 'key');
  final encryptionKeyUint8List = base64Url.decode(key!);
  print('Encryption key Uint8List: $encryptionKeyUint8List');
  final encryptedBox = await Hive.openBox('vaultBox', encryptionCipher: HiveAesCipher(encryptionKeyUint8List));
  encryptedBox.put('secret', 'Hive is cool');
  print(encryptedBox.get('secret'));
}

    From that code, you generate a random secure key that will be used to encrypt and decrypt a data with AES Encryption. From the code, there are two storage libraries, flutter_secure_storage and hive. Since the flutter_secure_storage is good for security, the random security key will be saved using this library. And the Hive is good for fast and light databases. A combination of both libraries will be good to achieve your case.

    Also, check this article. The article is a good guide to help increase the security of the Flutter app.

    https://medium.com/kbtg-life/mobile-security-via-flutter-ep-1-ssl-pinning-c57f18b711f6

    https://medium.com/kbtg-life/70b4322bffc2

    I followed several guidelines from the article so that my application passed the penetration test.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search