ing_app_security

IngAppSecurity is a one stop to provide all the security solutions that secure your flutter mobile app and help in pen test.

Purpose

Provides data encryption without hardcoded the encryption key. The key is random generated and store at secure storage.

Jailbreak detection, real device detection, and hide the app screen when app move to background.

  • Hide the app screen when app move to background.
  • String Encryption without hardcoded the encryption key.
  • Secure store the data in user preference without hardcoded the encryption key.
  • JailBreak detection.
  • Real device detection.
  • Check can mock location.
  • File encryption without hardcoded the encryption key.

Getting Started

Install and then follow the below sample: -

import 'package:flutter/material.dart';
import 'dart:async';

import 'package:flutter/services.dart';
import 'package:ing_app_security/ing_app_security.dart';

import 'package:path_provider/path_provider.dart';
import 'dart:io';

void main() {
  runApp(MyApp());
}

class MyApp extends StatefulWidget {
  @override
  _MyAppState createState() => _MyAppState();
}

class _MyAppState extends State<MyApp> {
  String _jailBreak = 'Unknown';

  @override
  void initState() {
    super.initState();
    initPlatformState();
  }

  _write(String text) async {
    final Directory directory = await getApplicationDocumentsDirectory();
    String fileName = '${directory.path}/my_file.txt';
    await IngAppSecurity.secureOpenFile(fileName);
    final File file = File(fileName);
    await file.writeAsString(text);
    await IngAppSecurity.secureCloseFile(fileName);
}

Future<String> _read() async {
  String text;
  try {
    final Directory directory = await getApplicationDocumentsDirectory();
    String fileName = '${directory.path}/my_file.txt';
    await IngAppSecurity.secureOpenFile(fileName);
    final File file = File(fileName);
    text = await file.readAsString();
    await IngAppSecurity.secureCloseFile(fileName);
  } catch (e) {
    print("Couldn't read file");
  }
  return text;
}

  // Platform messages are asynchronous, so we initialize in an async method.
  Future<void> initPlatformState() async {
    String jailBreak;
    // Platform messages may fail, so we use a try/catch PlatformException.
    try {

      //Hide the app screen when app move to background
      await IngAppSecurity.determineNeedBlackoutScreen(true);

      //String encryption without hardcoded the encryption key
      print("My secure String: ${await IngAppSecurity.decryptStr(await IngAppSecurity.encryptStr("my secure word"))}");

      //Secure store the data in user preference without hardcoded the encryption key
      await IngAppSecurity.secureSetPref("userId", "admin123");
      print("Secure Store on user preference: ${await IngAppSecurity.secureGetPref("userId")}");

      //JailBreak detection      
      jailBreak = await IngAppSecurity.jailBroken ? 'JailBroken - Yes' : 'JailBroken = No';

      //Check is real device
      print("Real Device? ${await IngAppSecurity.realDevice}");

      //Check can mock location
      print("Can mock location? ${await IngAppSecurity.mockLocation}");

      //Write text to file then encrypt the file without hardcoded the encryption key
      await _write("Hello World");

      //Decrypt the file then read the content
      print("Secure file content: ${await _read()}");

    } on PlatformException {
      jailBreak = 'Failed to get jailbreak detection info.';
    }

    // If the widget was removed from the tree while the asynchronous platform
    // message was in flight, we want to discard the reply rather than calling
    // setState to update our non-existent appearance.
    if (!mounted) return;

    setState(() {
      _jailBreak = jailBreak;
    });
  }

  @override
  Widget build(BuildContext context) {
    return MaterialApp(
      home: Scaffold(
        appBar: AppBar(
          title: const Text('IngAppSecurity'),
        ),
        body: Center(
          child: Text('Secure: $_jailBreak\n'),
        ),
      ),
    );
  }
}

Libraries

ing_app_security