FlutterDefend is a lightweight, modular, and pluggable security SDK designed for Flutter mobile applications. It aims to protect critical operations and data within your app. This SDK provides tools to defend against common attacks and enhance overall security. Key features include SQL injection detection, local encrypted storage, screenshot prevention for input fields, and detection of jailbroken or rooted devices.
For the latest releases, please visit Releases.
-
SQL Injection Detection: Protect your app from SQL injection attacks by validating inputs and sanitizing queries.
-
Local Encrypted Storage: Store sensitive data securely on the device using strong encryption algorithms.
-
Screenshot Prevention: Prevent unauthorized screenshots of sensitive input fields to protect user privacy.
-
Jailbreak/Root Detection: Identify if the app runs on compromised devices, reducing the risk of data breaches.
-
Modular Architecture: Add or remove components based on your app's needs without bloating the codebase.
To install FlutterDefend, follow these steps:
-
Add Dependency: Open your
pubspec.yamlfile and add the following line under dependencies:dependencies: flutter_defend: ^1.0.0
-
Install Packages: Run the following command in your terminal:
flutter pub get
-
Import the Package: In your Dart files, import the package:
import 'package:flutter_defend/flutter_defend.dart';
-
Download and Execute: For the latest version, visit Releases to download the necessary files and execute them.
Hereβs a quick guide on how to use FlutterDefend in your application.
Before using any features, initialize the SDK in your main.dart file:
void main() {
FlutterDefend.initialize();
runApp(MyApp());
}To protect your queries, use the built-in validation methods:
String safeQuery(String input) {
return FlutterDefend.validateSQL(input);
}Store sensitive data securely:
void storeData(String key, String value) {
FlutterDefend.storeEncrypted(key, value);
}
Future<String> retrieveData(String key) async {
return await FlutterDefend.retrieveEncrypted(key);
}Enable screenshot prevention for specific input fields:
Widget sensitiveInputField() {
return FlutterDefend.preventScreenshot(
child: TextField(
obscureText: true,
decoration: InputDecoration(labelText: 'Password'),
),
);
}Check if the device is compromised:
bool isDeviceSecure = FlutterDefend.isDeviceSecure();
if (!isDeviceSecure) {
// Handle the situation accordingly
}This component scans user inputs and queries to identify potential SQL injection patterns. It uses a set of predefined rules and algorithms to sanitize inputs.
FlutterDefend employs AES encryption to ensure that sensitive data is stored securely. This component manages encryption keys and handles data read/write operations seamlessly.
By wrapping sensitive widgets, this component blocks screenshot capabilities. It leverages platform-specific APIs to enforce this restriction.
This component checks various indicators of device compromise. It examines system files, settings, and installed applications to determine the security status of the device.
FlutterDefend adheres to best practices in security. Here are some measures implemented in the SDK:
-
Data Encryption: All sensitive data is encrypted using AES-256, ensuring high security.
-
Input Validation: User inputs undergo rigorous validation to prevent common attacks like SQL injection.
-
Regular Updates: The SDK is regularly updated to address new security vulnerabilities and improve features.
-
Community Contributions: The open-source nature of FlutterDefend encourages contributions, ensuring that the SDK evolves with community input.
We welcome contributions from the community. If you want to contribute, please follow these steps:
- Fork the repository.
- Create a new branch for your feature or bug fix.
- Make your changes and commit them with clear messages.
- Push your branch and submit a pull request.
For more details, check the CONTRIBUTING.md file in the repository.
FlutterDefend is licensed under the MIT License. See the LICENSE file for more information.
For any inquiries or issues, please reach out via the following channels:
- GitHub Issues: GitHub Issues
- Email: [email protected]
For the latest releases, please visit Releases.