device_security 1.0.1

Flutter plugin for device security detection: root/jailbreak, emulator, hooking framework, and virtual camera detection with confidence scoring.

device_security

Flutter plugin for device environment security detection — designed to run before liveness verification to ensure the device is not compromised or spoofed.

Detection Categories

Category	Android	iOS	Description
Root / Jailbreak	Root detection (su, Magisk, SuperSU)	Jailbreak detection (Cydia, Substrate, fork test)	Checks whether the OS sandbox has been broken
Emulator	Build properties, QEMU, emulator files	Simulator env vars, architecture, compile flags	Detects virtual device environments
Hooking Framework	Frida, Xposed, LSPosed, Substrate	Frida, Substrate, dylib injection, debugger	Detects dynamic instrumentation tools
Virtual Camera	Installed apps, Camera2 API anomalies, /dev/video	AVCaptureDevice anomalies, virtual dylibs	Detects camera feed injection

Installation

Add to your pubspec.yaml:

dependencies:
  device_security:
    path: ./path/to/device_security

Quick Start

import 'package:device_security/device_security.dart';

// Run all checks at once
final result = await DeviceSecurityChecker.check();

// Overall assessment
print(result.riskLevel);        // RiskLevel.safe / low / medium / high / critical
print(result.overallRiskScore); // 0.0 – 1.0

// Gate liveness verification
if (!result.isSafeForLiveness) {
  // Block or warn the user
  return;
}

// Individual results
print(result.rootJailbreak);     // DetectionDetail
print(result.emulator);
print(result.hookingFramework);
print(result.virtualCamera);

Single-Category Checks

final rootDetail    = await DeviceSecurityChecker.checkRoot();
final emulDetail    = await DeviceSecurityChecker.checkEmulator();
final hookDetail    = await DeviceSecurityChecker.checkHookingFramework();
final vcamDetail    = await DeviceSecurityChecker.checkVirtualCamera();

Custom Weights

Adjust how much each category contributes to the overall risk score:

final result = await DeviceSecurityChecker.check(
  rootWeight: 0.20,
  emulatorWeight: 0.20,
  hookWeight: 0.35,
  virtualCameraWeight: 0.25,
);

Models

SecurityResult

Field	Type	Description
overallRiskScore	double	0.0 (safe) to 1.0 (critical)
riskLevel	RiskLevel	safe / low / medium / high / critical
rootJailbreak	DetectionDetail	Root / jailbreak results
emulator	DetectionDetail	Emulator / simulator results
hookingFramework	DetectionDetail	Frida / Xposed / etc. results
virtualCamera	DetectionDetail	Virtual camera injection results
isSafeForLiveness	bool	true if risk is safe or low
isThreatDetected	bool	true if any category flagged

DetectionDetail

Field	Type	Description
detected	bool	Whether the threat was found
confidence	double	0.0 – 1.0 confidence score
reasons	List<String>	Human-readable evidence list

RiskLevel Thresholds

Level	Score Range
safe	< 0.2
low	0.2 – 0.5
medium	0.5 – 0.7
high	0.7 – 0.9
critical	>= 0.9

Android Permissions

The plugin requests CAMERA and QUERY_ALL_PACKAGES permissions. If your app already requests these, no additional configuration is needed. Otherwise, add to your AndroidManifest.xml:

<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" />

Platform Support

Platform	Minimum Version
Android	API 21 (5.0)
iOS	13.0

How It Works

Each detector runs multiple independent heuristic checks. Every check that triggers adds to that category's confidence score (capped at 1.0). The overall risk score is a weighted average of the four category scores. A category is marked as "detected" when its confidence reaches 0.3 or above.

All native checks run in parallel on background threads to minimize UI impact.