Flutter Security Suite (SecureBankKit)

A comprehensive, enterprise-grade Flutter security plugin providing root/jailbreak detection, certificate pinning, app integrity verification, screenshot protection, and encrypted secure storage.

Built with Clean Architecture principles and full native support for both Android (Kotlin) and iOS (Swift).

---

Features

Feature	Android	iOS	Description
Root/Jailbreak Detection	su binary & app detection	Cydia, dylib scanning, file checks	Detects compromised devices
Certificate Pinning	SHA-256 fingerprint validation	SHA-256 fingerprint validation	Prevents MITM attacks
App Integrity	Debug flag & installer validation	Debugger & provisioning checks	Detects tampering
Screenshot Protection	FLAG_SECURE window flag	Secure UITextField overlay	Blocks screen capture
Secure Storage	EncryptedSharedPreferences (AES-256)	iOS Keychain (SecItem API)	Encrypted key-value storage

---

Architecture

┌─────────────────────────────────────────────┐
│   PUBLIC API (SecureBankKit)                 │  Consumer-facing facade
├─────────────────────────────────────────────┤
│   DOMAIN (Entities, UseCases, Repositories) │  Business logic & contracts
├─────────────────────────────────────────────┤
│   DATA (Datasources, Repository Impls)      │  Implementation layer
├─────────────────────────────────────────────┤
│   PLATFORM (MethodChannel Bridge)           │  Flutter ↔ Native bridge
├─────────────────────────────────────────────┤
│   CORE (Result types, Exceptions, Logger)   │  Shared utilities
└─────────────────────────────────────────────┘

---

Getting Started

Installation

Add to your pubspec.yaml:

dependencies:
  flutter_security_suite:
    git:
      url: https://github.com/DeepakPal25/flutter_security_suite.git

Platform Setup

Android - No additional setup required. Min SDK: 21.

iOS - Minimum deployment target: iOS 12.0. If using jailbreak detection with Cydia URL scheme check, add to your Info.plist:

<key>LSApplicationQueriesSchemes</key>
<array>
    <string>cydia</string>
</array>

---

Usage

Initialize

import 'package:flutter_security_suite/flutter_security_suite.dart';

final kit = SecureBankKit.initialize(
  enableRootDetection: true,
  enableAppIntegrity: true,
  enablePinning: false,
  enableLogging: false,
  certificatePins: {},
);

Run Security Check

final status = await kit.runSecurityCheck();

if (status.isSecure) {
  // Device is clean - proceed normally
} else {
  if (status.isRooted) print('Device is rooted/jailbroken');
  if (!status.isAppIntegrityValid) print('App integrity compromised');
  if (!status.isCertificatePinningValid) print('Certificate pinning failed');
}

Certificate Pinning

final kit = SecureBankKit.initialize(
  enablePinning: true,
  certificatePins: {
    'api.example.com': ['sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='],
  },
);

final status = await kit.runSecurityCheck();
print('Certificate valid: ${status.isCertificatePinningValid}');

Screenshot Protection

// Block screenshots and screen recording
await kit.screenshotProtection.enable();

// Re-enable screenshots
await kit.screenshotProtection.disable();

Secure Storage

// Write encrypted data
await kit.secureStorage.write(key: 'auth_token', value: 'jwt_abc123');

// Read decrypted data
final token = await kit.secureStorage.read(key: 'auth_token');

// Delete a key
await kit.secureStorage.delete(key: 'auth_token');

// Clear all stored data
await kit.secureStorage.deleteAll();

Error Handling

The plugin uses a type-safe SecurityResult<T> sealed class:

final result = await someSecurityOperation();

result.fold(
  onSuccess: (data) => print('Result: $data'),
  onFailure: (error) => print('Error: ${error.message}'),
);

// Or use convenience accessors
if (result.isSuccess) {
  final value = result.dataOrNull;
}

---

How It Works

Root/Jailbreak Detection

Android:

• Scans system paths for su binaries (/sbin/su, /system/bin/su, etc.)
• Detects rooting apps (SuperSU, Magisk Manager, etc.)
• Checks build tags for test-keys

iOS:

• Checks for known jailbreak files (Cydia, MobileSubstrate, bash, ssh, apt)
• Scans loaded dylibs for suspicious modules (FridaGadget, SubstrateLoader, etc.)
• Tests Cydia URL scheme availability
• Attempts writing to restricted /private/ paths

App Integrity

Android:

• Verifies the app is not marked as debuggable
• Validates installer source (Google Play, Amazon, Huawei)

iOS:

• Detects debugger attachment via sysctl (P_TRACED flag)
• Checks for embedded.mobileprovision file presence

Secure Storage

Android: Uses EncryptedSharedPreferences with:

• Key encryption: AES-256-SIV
• Value encryption: AES-256-GCM

iOS: Uses Keychain via SecItem API with:

• Accessibility: kSecAttrAccessibleWhenUnlockedThisDeviceOnly

---

Project Structure

flutter_security_suite/
├── lib/
│   ├── flutter_security_suite.dart       # Main export
│   ├── secure_bank_kit.dart              # Public API facade
│   ├── core/
│   │   ├── exceptions/                   # SecurityException hierarchy
│   │   ├── result/                       # SecurityResult sealed class
│   │   └── utils/                        # Logger utility
│   ├── domain/
│   │   ├── entities/                     # SecurityStatus entity
│   │   ├── repositories/                 # 5 abstract repository contracts
│   │   └── usecases/                     # 5 use cases
│   ├── data/
│   │   ├── datasources/                  # 5 datasource implementations
│   │   └── repositories_impl/           # 5 repository implementations
│   └── platform/
│       └── method_channel_security.dart  # MethodChannel bridge
├── android/src/main/kotlin/              # Kotlin native handlers
├── ios/Classes/                          # Swift native handlers
├── example/                              # Demo application
└── test/                                 # 11 test files (47 tests)

---

Testing

Run all tests:

flutter test

Coverage:

• Platform layer - MethodChannel mock tests for all method calls
• Domain layer - UseCase tests with mocked repositories (success & failure paths)
• Data layer - Repository implementation tests with mocked datasources

---

Requirements

	Minimum
Flutter	>= 3.10.0
Dart SDK	>= 3.10.4
Android	API 21 (Lollipop)
iOS	12.0

---

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

1. Fork the repository
2. Create your feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

---

License

This project is licensed under the MIT License - see the LICENSE file for details.

Libraries

core/exceptions/security_exception

core/result/security_result

core/utils/logger

data/datasources/app_integrity_datasource

data/datasources/certificate_pinning_datasource

data/datasources/root_detection_datasource

data/datasources/screenshot_protection_datasource

data/datasources/secure_storage_datasource

data/repositories_impl/app_integrity_repository_impl

data/repositories_impl/certificate_pinning_repository_impl

data/repositories_impl/root_detection_repository_impl

data/repositories_impl/screenshot_protection_repository_impl

data/repositories_impl/secure_storage_repository_impl

domain/entities/security_status

domain/repositories/app_integrity_repository

domain/repositories/certificate_pinning_repository

domain/repositories/root_detection_repository

domain/repositories/screenshot_protection_repository

domain/repositories/secure_storage_repository

domain/usecases/check_app_integrity_usecase

domain/usecases/check_root_status_usecase

domain/usecases/secure_storage_usecase

domain/usecases/toggle_screenshot_protection_usecase

domain/usecases/validate_certificate_usecase

flutter_security_suite

SecureBankKit – Enterprise-grade Flutter security plugin.

platform/method_channel_security

secure_bank_kit