Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to obfuscate Flutter apps?

Tags:

Flutter's wiki mentions obfuscation is an opt-in in release mode.
And yet, the flutter build command has no relevant option - see:
flutter help -v build apk

Am I missing something here?
Did they make obfuscation the default?
Is obfuscation even relevant for flutter?

Any pointers on this would be very appreciated.

like image 870
Ehud Banunu Avatar asked May 26 '18 12:05

Ehud Banunu

People also ask

How do you obfuscate Flutter APK?

There is a simple procedure for obfuscation of the flutter app, you only need to run the build command for the release version using the --obfuscate flag combined with the --split-debug-info flag. Once you've obfuscated your binary, save the symbols file. You need this if you later want to de-obfuscate a stack trace.

Is Flutter code obfuscated?

Obfuscation is not supported for web apps, but a web app can be minified, which is similar. When you build a release version of a Flutter web app, it is automatically minified. For more information, see Build and release a web app. Flutter's code obfuscation, when supported, works only on a release build.

How do I protect my Flutter app?

Thankfully Flutter makes it very easy to obfuscate applications. To obfuscate your app, build a release version using the --obfuscate flag, combined with the --split-debug-info flag. Obfuscation is currently supported for release builds on Android, iOS, and MacOS.

Can Flutter apps be reverse engineering?

We also demonstrated that with only several lines of code, this information could be used to considerably speed up the reverse engineering of a Flutter application. We showed that as Dart and Flutter further mature so will the reverse engineering tooling and any current perceived difficulties will mostly be removed.

1 Answers

Obfuscation is needed - a flutter app knows its function names, which can be shown using Dart's StackTrace class. There's under-tested support for obfuscation. To enable it:

For Android:
Add to the file [ProjectRoot]/android/gradle.properties : 

extra-gen-snapshot-options=--obfuscate

For iOS:
First, edit [FlutterRoot]/packages/flutter_tools/bin/xcode_backend.sh:
Locate the build aot call, and add a flag to it, 

${extra_gen_snapshot_options_or_none}

defined as: 

local extra_gen_snapshot_options_or_none="" if [[ -n "$EXTRA_GEN_SNAPSHOT_OPTIONS" ]]; then   extra_gen_snapshot_options_or_none="--extra-gen-snapshot-options=$EXTRA_GEN_SNAPSHOT_OPTIONS" fi

To apply your changes, in [FlutterRoot], run 

git commit -am "Enable obfuscation on iOS"   flutter

(Running "flutter" after the commit rebuilds flutter tools.)

Next, in your project, add following to [ProjectRoot]/ios/Flutter/Release.xcconfig file: 

EXTRA_GEN_SNAPSHOT_OPTIONS=--obfuscate

PS: Haven't tried the --save-obfuscation-map flag mentioned at https://github.com/dart-lang/sdk/issues/30524
Again, obfuscation isn't very well tested, as mentioned by @mraleph.

like image 69
Ehud Banunu Avatar answered Sep 18 '22 17:09

Ehud Banunu
Sign in to Comment

Related questions

What is $t in Vue.js
How can I convert an array into a comma separated string?
how to divide two integer into decimal in kotlin?
How to use sklearn Column Transformer?
Type error: Object is possibly 'null'. TS2531 for window.document
Install Python 3.8 kernel in Google Colaboratory
In ASP.Net, during which page lifecycle event does viewstate get loaded?
Recommend an Open Source .NET Statistics Library [closed]
Monkey-patching Vs. S.O.L.I.D. principles?
Test class extending test class in dependency module
Create Out-Of-Process COM in C#/.Net?
How to specify an order for the columns in a matrix?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!