The question is related to this one: How to check obfuscation results of flutter app? But the answer there is unclear.
Is it possible for hackers to see the dart code in flutter apps? Or is it compiled in a way that is difficult to understand and track?
After unzipping the apk that resulted from flutter build apk
- the only file I found related to my own Dart code was "libflutter.so". Looking at the functions in it by nm -D libflutter.so
didn't show anything resembling my code, so it seems pretty safe. But - I would like someone who actually knows to confirm, perhaps I missed something.
What is the best practice used to publish flutter apps?
UPDATE - December 2019 - the following post says that if the app is compiled in release mode, then the dart code is compiled to assembly, which is pretty hard to reverse engineer: https://medium.com/@rondalal54/reverse-engineering-flutter-apps-5d620bb105c0
In debug mode flutter apps are jitted from source. This requires the source be distributed with the app. However you shouldn't be distributing a debug build, so let's not worry about that possibility.
In release mode your source is AoT compiled, so there is no actual copy of your source, but if someone wanted to recreate it, they could potentially (easily?) reverse engineer it from assembly.
If you want to obfuscate your compiled code, your best bet is probably to follow the advice given here: https://github.com/flutter/flutter/wiki/Obfuscating-Dart-Code
I don't claim to be an expert on this so please do your own research, but hopefully this points you in the right direction.
Further reading about the build process: https://proandroiddev.com/flutters-compilation-patterns-24e139d14177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With