freeRASP for Flutter

freeRASP for Flutter is a part of security SDK for the app shielding and security monitoring. Learn more about provided features on the freeRASP's main repository first.


We will guide you step-by-step, but you can always check the expected result in example.

Step 1: Prepare Talsec library

Add dependency to your pubspec.yaml file

  freerasp: 1.0.0

and then run: pub get

iOS setup

After depending on plugin follow with these steps:

  1. Open terminal
  2. Navigate to your Flutter project
  3. Switch to ios folder
$ cd ios
  1. Run: pod install
$ pod install

Note: .symlinks folder should be now visible under your ios folder.

  1. Open .xcworkspace/.xcodeproject folder of Flutter project in xcode
  2. Go to Product > Scheme > Edit Scheme... > Build (dropdown arrow) > Pre-actions
  3. Hit + and then New Run Script Action
  4. Set Provide build setting from to Runner
  5. Use the following code to automatically use an appropriate Talsec version for a release or debug (dev) build (see an explanation here):
cd "${SRCROOT}/.symlinks/plugins/freerasp/ios"
if [ "${CONFIGURATION}" = "Release" ]; then
    rm -rf ./TalsecRuntime.xcframework
    ln -s ./Release/TalsecRuntime.xcframework/ TalsecRuntime.xcframework
    rm -rf ./TalsecRuntime.xcframework
    ln -s ./Debug/TalsecRuntime.xcframework/ TalsecRuntime.xcframework
  1. Close the terminal window and then resolve warnings in the xcode project:

    1. Go to Show the Issue navigator
    2. Click twice on Update to recommended settings under Runner project issue > Perform changes
    3. Click twice on Update to recommended settings under Pods project issue > Perform changes

    Issues should be clear now.

Android setup

  • From root of your project, go to android > app > build.gradle
  • In defaultConfig update minSdkVersion to at least 19 (Android 4.4) or higher
android {
defaultConfig {
    minSdkVersion 19

Dev vs. Release version

Dev version is used during the development of application. It separates development and production data and disables some checks which won't be triggered during development process:

  • Emulator-usage
  • Debugging
  • Signing

Step 2: Setup the Configuration for your App

Make (convert or create a new one) your "top-most" widget (typically one in runApp(MyWidget())) and override its initState in State

void main() {

class MyApp extends StatefulWidget {
  _MyAppState createState() => _MyAppState();

class _MyAppState extends State<MyApp> {
  void initState() {
    //TODO: freeRASP implementation

and then create a Talsec config and insert androidConfig and/or IOSConfig with highlighted identifiers: expectedPackageName and expectedSigningCertificateHash are needed for Android version. Similarly, appBundleId and appTeamId are needed for iOS version of app. If you publish on the Google Play Store and/or Huawei AppGallery, you don't have to assign anything to supportedAlternativeStores as those are supported out of the box.

 void initState() {

    TalsecConfig config = TalsecConfig(

      // For Android
      androidConfig: AndroidConfig(
        expectedPackageName: 'YOUR_PACKAGE_NAME',
        expectedSigningCertificateHash: 'HASH_OF_YOUR_APP',
        supportedAlternativeStores: [""],
      // For iOS
      IOSConfig: IOSconfig(
        appBundleId: 'YOUR_APP_BUNDLE_ID',
        appTeamId: 'YOUR_APP_TEAM_ID',
      // Common email for Alerts and Reports
      watcherMail: '',

Step 3: Handle detected threats

Create AndroidCallback and/or IOSCallback objects and provide VoidCallback function pointers to handle detected threats:

void initState(){
    // Talsec config
    // ...
    // Callback setup
    TalsecCallback callback = TalsecCallback(

      // For Android
      androidCallback: AndroidCallback(
          onRootDetected: () => print('Root detected'),
          onEmulatorDetected: () => print('Emulator detected'),
          onFingerprintDetected: () => print('Fingerprint detected'),
          onHookDetected: () => print('Hook detected'),
          onTamperDetected: () => print('Tamper detected'),

      // For iOS
      IOSCallback: IOScallback(
        onSignatureDetected: () => print('Signature detected'),
        onRuntimeManipulationDetected: () => print('Runtime manipulation detected'),
        onJailbreakDetected: () => print('Jailbreak detected'),
        onPasscodeChangeDetected: () => print('Passcode change detected'),
        onPasscodeDetected: () => print('Passcode detected'),
        onSimulatorDetected: () => print('Simulator detected'),
        onMissingSecureEnclaveDetected: () => print('Missing secure enclave detected'),

      // Common for both platforms
      onDebuggerDetected: () => print("Debugger detected"),

Step 4: Start the Talsec

Start Talsec to detect threats just by adding these two lines below the created config and the callback handler:

void initState(){
  // Talsec config
  // ...
  // Talsec callback handler
  // ...
  TalsecApp app = TalsecApp(
        config: config,
        callback: callback,

And you're done 🎉!