flutter_tamper_detector 0.5.0

flutter_tamper_detector is a Flutter security plugin that detects rooting, hooking tools like Frida and Xposed, or emulators, allowing you to block execution or exit the app.

flutter_tamper_detector

flutter_tamper_detector is a Flutter security plugin designed to detect and prevent application tampering. It checks if the device is rooted, if tools like Frida, Xposed, or Cydia Substrate are being used, or if the app is running on an emulator. With this information, you can implement security measures in your Flutter app, such as terminating the application or blocking execution.

Getting Started

$ flutter pub add flutter_tamper_detector

copied to clipboard

or add in your dependencies

dependencies:
  flutter_tamper_detector: <latest>

copied to clipboard

Usage

Simple and easy to use!

import 'package:flutter_tamper_detector/flutter_tamper_detector.dart';

copied to clipboard

Now just use the functions directly with our main class FlutterTamperDetector:

bool isEmulator = await FlutterTamperDetector.isEmulator();
bool isRooted   = await FlutterTamperDetector.isRooted();
bool isHooked   = await FlutterTamperDetector.isHooked();
bool isDebug    = await FlutterTamperDetector.isDebug();
bool installedFromPlayStore = await FlutterTamperDetector.isInstalledFromPlaystore();

copied to clipboard

Then you can make some decision in your app according to your needs, for example, the app if it is running on a rooted device.

 Future<void> checkIfRooted() async {
    bool isRooted = await FlutterTamperDetector.isRooted();

    if (isRooted) {
      print('Device is rooted...');
      // TODO: your logic here
    } else {
      print('Device is not rooted.');
    }
  }

copied to clipboard

Or, if you want to automatically terminate the app process when any of the functions are true, you can use the exitProcessIfTrue: true parameter.
This way, the application will terminate the process immediately without the need for a decision structure in your Flutter code.
Only for isInstalledFromPlaystore we have a different parameter that is similar to the previous one but this time, we want to take action if the return is false, and not true, so we use exitProcessIfFalse: true if the app was not installed directly from the store. (in debug this will always return false)

bool isEmulator = await FlutterTamperDetector.isEmulator(exitProcessIfTrue: true);
bool isRooted   = await FlutterTamperDetector.isRooted(exitProcessIfTrue: true);
bool isHooked   = await FlutterTamperDetector.isHooked(exitProcessIfTrue: true);
bool isDebug    = await FlutterTamperDetector.isDebug(exitProcessIfTrue: true);
bool installedFromPlayStore = await FlutterTamperDetector.isInstalledFromPlaystore(exitProcessIfFalse: true);

copied to clipboard

We also have a new parameter for the isRooted and isHooked functions uninstallIfTrue that can be passed to use the "attacking" phone's own root to uninstall the app with administrator permissions automatically. (This can only be tested on rooted devices)

bool isRooted   = await FlutterTamperDetector.isRooted(uninstallIfTrue: true);
bool isHooked   = await FlutterTamperDetector.isHooked(uninstallIfTrue: true);

copied to clipboard

If you use both parameters as true, the uninstallation process is called first, if you just want to exit the app just use exitProcessIfTrue
See more details in /example

Now we also have the functionality to prevent screenshots and not leave the application visible when it is in the app menu (when you minimize it to switch apps for example) resulting in a black screen.

await FlutterTamperDetector.appSecuritySettings();

copied to clipboard

Use native

If you want to stop the process before even entering the Flutter engine, I will provide an example using the same classes here in the package for you to implement directly in the onCreate of our MainActivity.kt, this way we close the application and end the process before even entering the Flutter engine. Suggestion received via Linkedin from: Adrian Kohls
Access -> native_tamper_detector

ProGuard/R8

If your Flutter app is configured to use ProGuard or R8 (code minification enabled), some flutter_tamper_detector classes may be obfuscated or removed.
To avoid this, add the following rules to your proguard-rules.pro file (located in android/app/proguard-rules.pro in your project):

# Keeps all classes from the native package
-keep class com.deebx.flutter_tamper_detector.** { *; }

# Prevents class names from being changed
-keepnames class com.deebx.flutter_tamper_detector.**

copied to clipboard

See more details in /example.

How test

1 - Run on a emulator
2 - Run on a device rooted (ex with magisk)
3 - Run on a device that has frida on it, for example, you can test this by following the official frida documentation, after completing the steps described there, run the application.
Don't worry, after that you will be able to remove Frida from your device.