Flutter Security Suite (SecureBankKit)

A comprehensive, enterprise-grade Flutter security plugin providing root/jailbreak detection, certificate pinning, app integrity verification, screenshot protection, and encrypted secure storage.

Built with Clean Architecture principles and full native support for both Android (Kotlin) and iOS (Swift).

License: MIT Platform Flutter

Features

Feature Android iOS Description
Root/Jailbreak Detection su binary & app detection Cydia, dylib scanning, file checks Detects compromised devices
Certificate Pinning SHA-256 fingerprint validation SHA-256 fingerprint validation Prevents MITM attacks
App Integrity Debug flag & installer validation Debugger & provisioning checks Detects tampering
Screenshot Protection FLAG_SECURE window flag Secure UITextField overlay Blocks screen capture
Secure Storage EncryptedSharedPreferences (AES-256) iOS Keychain (SecItem API) Encrypted key-value storage

Architecture

┌─────────────────────────────────────────────┐
│   PUBLIC API (SecureBankKit)                 │  Consumer-facing facade
├─────────────────────────────────────────────┤
│   DOMAIN (Entities, UseCases, Repositories) │  Business logic & contracts
├─────────────────────────────────────────────┤
│   DATA (Datasources, Repository Impls)      │  Implementation layer
├─────────────────────────────────────────────┤
│   PLATFORM (MethodChannel Bridge)           │  Flutter ↔ Native bridge
├─────────────────────────────────────────────┤
│   CORE (Result types, Exceptions, Logger)   │  Shared utilities
└─────────────────────────────────────────────┘

Getting Started

Installation

Add to your pubspec.yaml:

dependencies:
  flutter_security_suite:
    git:
      url: https://github.com/DeepakPal25/flutter_security_suite.git

Platform Setup

Android - No additional setup required. Min SDK: 21.

iOS - Minimum deployment target: iOS 12.0. If using jailbreak detection with Cydia URL scheme check, add to your Info.plist:

<key>LSApplicationQueriesSchemes</key>
<array>
    <string>cydia</string>
</array>

Usage

Initialize

import 'package:flutter_security_suite/flutter_security_suite.dart';

final kit = SecureBankKit.initialize(
  enableRootDetection: true,
  enableAppIntegrity: true,
  enablePinning: false,
  enableLogging: false,
  certificatePins: {},
);

Run Security Check

final status = await kit.runSecurityCheck();

if (status.isSecure) {
  // Device is clean - proceed normally
} else {
  if (status.isRooted) print('Device is rooted/jailbroken');
  if (!status.isAppIntegrityValid) print('App integrity compromised');
  if (!status.isCertificatePinningValid) print('Certificate pinning failed');
}

Certificate Pinning

final kit = SecureBankKit.initialize(
  enablePinning: true,
  certificatePins: {
    'api.example.com': ['sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='],
  },
);

final status = await kit.runSecurityCheck();
print('Certificate valid: ${status.isCertificatePinningValid}');

Screenshot Protection

// Block screenshots and screen recording
await kit.screenshotProtection.enable();

// Re-enable screenshots
await kit.screenshotProtection.disable();

Secure Storage

// Write encrypted data
await kit.secureStorage.write(key: 'auth_token', value: 'jwt_abc123');

// Read decrypted data
final token = await kit.secureStorage.read(key: 'auth_token');

// Delete a key
await kit.secureStorage.delete(key: 'auth_token');

// Clear all stored data
await kit.secureStorage.deleteAll();

Error Handling

The plugin uses a type-safe SecurityResult<T> sealed class:

final result = await someSecurityOperation();

result.fold(
  onSuccess: (data) => print('Result: $data'),
  onFailure: (error) => print('Error: ${error.message}'),
);

// Or use convenience accessors
if (result.isSuccess) {
  final value = result.dataOrNull;
}

How It Works

Root/Jailbreak Detection

Android:

  • Scans system paths for su binaries (/sbin/su, /system/bin/su, etc.)
  • Detects rooting apps (SuperSU, Magisk Manager, etc.)
  • Checks build tags for test-keys

iOS:

  • Checks for known jailbreak files (Cydia, MobileSubstrate, bash, ssh, apt)
  • Scans loaded dylibs for suspicious modules (FridaGadget, SubstrateLoader, etc.)
  • Tests Cydia URL scheme availability
  • Attempts writing to restricted /private/ paths

App Integrity

Android:

  • Verifies the app is not marked as debuggable
  • Validates installer source (Google Play, Amazon, Huawei)

iOS:

  • Detects debugger attachment via sysctl (P_TRACED flag)
  • Checks for embedded.mobileprovision file presence

Secure Storage

Android: Uses EncryptedSharedPreferences with:

  • Key encryption: AES-256-SIV
  • Value encryption: AES-256-GCM

iOS: Uses Keychain via SecItem API with:

  • Accessibility: kSecAttrAccessibleWhenUnlockedThisDeviceOnly

Project Structure

flutter_security_suite/
├── lib/
│   ├── flutter_security_suite.dart       # Main export
│   ├── secure_bank_kit.dart              # Public API facade
│   ├── core/
│   │   ├── exceptions/                   # SecurityException hierarchy
│   │   ├── result/                       # SecurityResult sealed class
│   │   └── utils/                        # Logger utility
│   ├── domain/
│   │   ├── entities/                     # SecurityStatus entity
│   │   ├── repositories/                 # 5 abstract repository contracts
│   │   └── usecases/                     # 5 use cases
│   ├── data/
│   │   ├── datasources/                  # 5 datasource implementations
│   │   └── repositories_impl/           # 5 repository implementations
│   └── platform/
│       └── method_channel_security.dart  # MethodChannel bridge
├── android/src/main/kotlin/              # Kotlin native handlers
├── ios/Classes/                          # Swift native handlers
├── example/                              # Demo application
└── test/                                 # 11 test files (47 tests)

Testing

Run all tests:

flutter test

Coverage:

  • Platform layer - MethodChannel mock tests for all method calls
  • Domain layer - UseCase tests with mocked repositories (success & failure paths)
  • Data layer - Repository implementation tests with mocked datasources

Requirements

Minimum
Flutter >= 3.10.0
Dart SDK >= 3.10.4
Android API 21 (Lollipop)
iOS 12.0

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Libraries

core/exceptions/security_exception
core/result/security_result
core/utils/logger
data/datasources/app_integrity_datasource
data/datasources/certificate_pinning_datasource
data/datasources/root_detection_datasource
data/datasources/screenshot_protection_datasource
data/datasources/secure_storage_datasource
data/repositories_impl/app_integrity_repository_impl
data/repositories_impl/certificate_pinning_repository_impl
data/repositories_impl/root_detection_repository_impl
data/repositories_impl/screenshot_protection_repository_impl
data/repositories_impl/secure_storage_repository_impl
domain/entities/security_status
domain/repositories/app_integrity_repository
domain/repositories/certificate_pinning_repository
domain/repositories/root_detection_repository
domain/repositories/screenshot_protection_repository
domain/repositories/secure_storage_repository
domain/usecases/check_app_integrity_usecase
domain/usecases/check_root_status_usecase
domain/usecases/secure_storage_usecase
domain/usecases/toggle_screenshot_protection_usecase
domain/usecases/validate_certificate_usecase
flutter_security_suite
SecureBankKit – Enterprise-grade Flutter security plugin.
platform/method_channel_security
secure_bank_kit