secure_application 3.3.0

  • Readme
  • Changelog
  • Example
  • Installing
  • 77

previously nammed secure_window

secure_application #

This plugin allow you to protect your application content from view on demand

Pluggin in iOS is in swift

Pluggin in Android is in Kotlin / AndroidX libraries

Usage #

Installation #

Add secure_application as a dependency in your pubspec.yaml file (what?).

Import #

Import secure_application:

import 'package:secure_application/secure_application.dart';

Add a top level SecureApplication

SecureApplication(
        onNeedUnlock: (secure) => print(
            'need unlock maybe use biometric to confirm and then use sercure.unlock()'),
        child: MyAppContent(),
)

Put the content you want to protect in a SecureGate (could be the whole app)

SecureGate(
          blurr: 5,
          lockedBuilder: (context, secureNotifier) => Center(
              child: RaisedButton(
            child: Text('test'),
            onPressed: () => secureNotifier.unlock(),
          )),
          child: YouProtectedWidget(),
)

API Docs #

API Reference

Basic understanding #

The library is mainly controller via the SecureApplicationController which can be

secured #

if the user switch app or leave app the content will not be visible in the app switcher and when it goes back to the app it will lock it

locked #

the child of the SecureGates will be hidden bellow the blurry barrier

paused #

even if secured SecureGates will not activate when user comes back to the app

authenticated #

last authentication status. To help you manage visibility of some elements of your UI depending on auth status

  • secureApplicationController.authFailed() will set it to false
  • secureApplicationController.authLogout() will set it to false
  • secureApplicationController.authSuccess() will set it to true

You could use the authenticationEvents for the same purpose as it is a BehaviorSubject stream

Streams #

There is two different BehaviorStream (emit last value when you subscribe):

  • authenticationEvents: When there is a successful or unsucessful authentification (you can use it for example to clean your app if authentification is not successful)
  • lockEvents: Will be called when the application lock or unlock. Usefull for example to pause media when the app lock

Example #

Look at example app to see a use case

Authentication #

This tool does not impose a way to authenticate the user to give them back access to their content

You are free to use your own Widget/Workflow to allow user to see their content once locked (cf SecureApplication widget argument onNeedUnlock)

Therefore you can use any method you like:

  • Your own Widget for code Authentication
  • biometrics with the local_auth package
  • ...

Android #

On Android as soon as you secure the application the user will not be able to capture the screen in the app (even if unlocked) We might give an option to allow screenshot as an option if need arise

iOS #

Contrary to Android we create a native frosted view over your app content so that content is not visible in the app switcher. When the user gets back to the app we wait for ~500ms to remove this view to allow time for the app to woke and flutter gate to draw

Widgets #

SecureApplication #

Api Doc this widget is required and need to be a parent of any Gate it provides to its descendant a SecureApplicationProvider that allow you to secure or open the application

You can pass you own initialized SecureApplicationController if you want to set default values

SecureGate #

Api Doc The child of this widget will be below a blurry barrier (control the amount of blurr and opacity with its arguments) if the provided SecureApplicationController is locked

Native workings #

Android #

When locked we set the secure flag to true

activity?.window?.addFlags(LayoutParams.FLAG_SECURE)

When opened we remove the secure flag

activity?.window?.clearFlags(LayoutParams.FLAG_SECURE)

iOS #

When app will become inactive we add a top view with a blurr filter We remove this app 500ms after the app become active to avoid your content form being breifly visible

Because we all want to see code in a Readme #

Widget build(BuildContext context) {
    var width = MediaQuery.of(context).size.width * 0.8;
    return MaterialApp(
      home: SecureApplication(
        onNeedUnlock: (secure) async {
          print(
              'need unlock maybe use biometric to confirm and then sercure.unlock() or you can use the lockedBuilder');
          // var authResult = authMyUser();
          // if (authResul) {
          //  secure.unlock();
          //  return SecureApplicationAuthenticationStatus.SUCCESS;
          //}
          // else {
          //  return SecureApplicationAuthenticationStatus.FAILED;
          //}
          return null;
        },
        onAuthenticationFailed: () async {
          // clean you data
          setState(() {
            failedAuth = true;
          });
          print('auth failed');
        },
        onAuthenticationSucceed: () async {
          // clean you data

          setState(() {
            failedAuth = false;
          });
          print('auth success');
        },
        child: SecureGate(
          blurr: blurr,
          opacity: opacity,
          lockedBuilder: (context, secureNotifier) => Center(
              child: Column(
            mainAxisAlignment: MainAxisAlignment.center,
            children: <Widget>[
              RaisedButton(
                child: Text('UNLOCK'),
                onPressed: () => secureNotifier.authSuccess(unlock: true),
              ),
              RaisedButton(
                child: Text('FAIL AUTHENTICATION'),
                onPressed: () => secureNotifier.authFailed(unlock: true),
              ),
            ],
          )),
          child: Scaffold(
            appBar: AppBar(
              title: const Text('Secure Window Example'),
            ),
            body: Center(
              child: Builder(builder: (context) {
                var valueNotifier = SecureApplicationProvider.of(context);
                return ListView(
                  children: <Widget>[
                    Text('This is secure content'),
                    RaisedButton(
                      onPressed: () => valueNotifier.secure(),
                      child: Text('secure'),
                    ),
                    RaisedButton(
                      onPressed: () => valueNotifier.open(),
                      child: Text('open'),
                    ),
                    if (failedAuth == null)
                      Text(
                          'Lock the app then switch to another app and come back'),
                    if (failedAuth != null)
                      failedAuth
                          ? Text(
                              'Auth failed we cleaned sensitive data',
                              style: TextStyle(color: Colors.red),
                            )
                          : Text(
                              'Auth success',
                              style: TextStyle(color: Colors.green),
                            ),
                    FlutterLogo(
                      size: width,
                    ),
                    RaisedButton(
                      onPressed: () => valueNotifier.lock(),
                      child: Text('manually lock'),
                    ),
                    Padding(
                      padding: const EdgeInsets.all(8.0),
                      child: Row(
                        children: <Widget>[
                          Text('Blurr:'),
                          Expanded(
                            child: Slider(
                                value: blurr,
                                min: 0,
                                max: 100,
                                onChanged: (v) => setState(() => blurr = v)),
                          ),
                          Text(blurr.floor().toString()),
                        ],
                      ),
                    ),
                    Padding(
                      padding: const EdgeInsets.all(8.0),
                      child: Row(
                        children: <Widget>[
                          Text('opacity:'),
                          Expanded(
                            child: Slider(
                                value: opacity,
                                min: 0,
                                max: 1,
                                onChanged: (v) => setState(() => opacity = v)),
                          ),
                          Text((opacity * 100).floor().toString() + "%"),
                        ],
                      ),
                    ),
                  ],
                );
              }),
            ),
          ),
        ),
      ),
    );
  }

3.3.0 #

  • New behavior stream for lock/unlock event so you can react to them in your application

3.2.0 #

  • iOS works on iPad when you rotate after closing

3.1.2 #

  • iOS fix

3.1.1 #

  • require swift 4.2+

3.0.7 #

  • allow to configure nativeRemoveDelay in secure_gate to let longer app time to start especially on iOS

3.0.6 #

  • iOS new bringSubview(toFront:) instead of deprecated metho
  • pause during needunlock to prevent ios unlock loop when using faceid

3.0.3 #

  • new authenticated information
  • autenticationEvents is now a BehaviorSubject stream

3.0.0 #

  • Rename package

1.0.0 #

  • Working on iOS and Android

0.0.1 #

  • Initial release

example/lib/main.dart

import 'dart:async';

import 'package:flutter/material.dart';
import 'package:secure_application/secure_application.dart';

void main() => runApp(MaterialApp(home: MyApp()));

class MyApp extends StatefulWidget {
  @override
  _MyAppState createState() => _MyAppState();
}

class _MyAppState extends State<MyApp> {
  bool failedAuth;
  double blurr = 20;
  double opacity = 0.6;
  StreamSubscription<bool> subLock;
  List<String> history = List<String>();

  @override
  void initState() {
    super.initState();
  }

  @override
  void dispose() {
    subLock.cancel();
    super.dispose();
  }

  @override
  Widget build(BuildContext context) {
    var width = MediaQuery.of(context).size.width * 0.8;
    return MaterialApp(
      home: SecureApplication(
        nativeRemoveDelay: 1000,
        onNeedUnlock: (secure) async {
          print(
              'need unlock maybe use biometric to confirm and then sercure.unlock() or you can use the lockedBuilder');
          // var authResult = authMyUser();
          // if (authResul) {
          //  secure.unlock();
          //  return SecureApplicationAuthenticationStatus.SUCCESS;
          //}
          // else {
          //  return SecureApplicationAuthenticationStatus.FAILED;
          //}
          return null;
        },
        onAuthenticationFailed: () async {
          // clean you data
          setState(() {
            failedAuth = true;
          });
          print('auth failed');
        },
        onAuthenticationSucceed: () async {
          // clean you data

          setState(() {
            failedAuth = false;
          });
          print('auth success');
        },
        child: Builder(builder: (context) {
          if (subLock == null)
            subLock = SecureApplicationProvider.of(context, listen: false)
                .lockEvents
                .listen((s) => history.add(
                    '${DateTime.now().toIso8601String()} - ${s ? 'locked' : 'unlocked'}'));
          return SecureGate(
            blurr: blurr,
            opacity: opacity,
            lockedBuilder: (context, secureNotifier) => Center(
                child: Column(
              mainAxisAlignment: MainAxisAlignment.center,
              children: <Widget>[
                RaisedButton(
                  child: Text('UNLOCK'),
                  onPressed: () => secureNotifier.authSuccess(unlock: true),
                ),
                RaisedButton(
                  child: Text('FAIL AUTHENTICATION'),
                  onPressed: () => secureNotifier.authFailed(unlock: true),
                ),
              ],
            )),
            child: Scaffold(
              appBar: AppBar(
                title: const Text('Secure Window Example'),
              ),
              body: Center(
                child: Builder(builder: (context) {
                  var valueNotifier = SecureApplicationProvider.of(context);
                  return ListView(
                    children: <Widget>[
                      Text('This is secure content'),
                      ValueListenableBuilder<SecureApplicationState>(
                        valueListenable: valueNotifier,
                        builder: (context, state, _) => state.secured
                            ? Column(
                                children: <Widget>[
                                  RaisedButton(
                                    onPressed: () => valueNotifier.open(),
                                    child: Text('Open app'),
                                  ),
                                  state.paused
                                      ? RaisedButton(
                                          onPressed: () =>
                                              valueNotifier.unpause(),
                                          child: Text('resume security'),
                                        )
                                      : RaisedButton(
                                          onPressed: () =>
                                              valueNotifier.pause(),
                                          child: Text('pause security'),
                                        ),
                                ],
                              )
                            : RaisedButton(
                                onPressed: () => valueNotifier.secure(),
                                child: Text('Secure app'),
                              ),
                      ),
                      if (failedAuth == null)
                        Text(
                            'Lock the app then switch to another app and come back'),
                      if (failedAuth != null)
                        failedAuth
                            ? Text(
                                'Auth failed we cleaned sensitive data',
                                style: TextStyle(color: Colors.red),
                              )
                            : Text(
                                'Auth success',
                                style: TextStyle(color: Colors.green),
                              ),
                      FlutterLogo(
                        size: width,
                      ),
                      StreamBuilder(
                        stream: valueNotifier.authenticationEvents,
                        builder: (context, snapshot) =>
                            Text('Last auth status is: ${snapshot.data}'),
                      ),
                      RaisedButton(
                        onPressed: () => valueNotifier.lock(),
                        child: Text('manually lock'),
                      ),
                      Padding(
                        padding: const EdgeInsets.all(8.0),
                        child: Row(
                          children: <Widget>[
                            Text('Blurr:'),
                            Expanded(
                              child: Slider(
                                  value: blurr,
                                  min: 0,
                                  max: 100,
                                  onChanged: (v) => setState(() => blurr = v)),
                            ),
                            Text(blurr.floor().toString()),
                          ],
                        ),
                      ),
                      Padding(
                        padding: const EdgeInsets.all(8.0),
                        child: Row(
                          children: <Widget>[
                            Text('opacity:'),
                            Expanded(
                              child: Slider(
                                  value: opacity,
                                  min: 0,
                                  max: 1,
                                  onChanged: (v) =>
                                      setState(() => opacity = v)),
                            ),
                            Text((opacity * 100).floor().toString() + "%"),
                          ],
                        ),
                      ),
                      ...history.map<Widget>((h) => Text(h)).toList(),
                    ],
                  );
                }),
              ),
            ),
          );
        }),
      ),
    );
  }
}

Use this package as a library

1. Depend on it

Add this to your package's pubspec.yaml file:


dependencies:
  secure_application: ^3.3.0

2. Install it

You can install packages from the command line:

with Flutter:


$ flutter pub get

Alternatively, your editor might support flutter pub get. Check the docs for your editor to learn more.

3. Import it

Now in your Dart code, you can use:


import 'package:secure_application/secure_application.dart';
  
Popularity:
Describes how popular the package is relative to other packages. [more]
55
Health:
Code health derived from static analysis. [more]
99
Maintenance:
Reflects how tidy and up-to-date the package is. [more]
100
Overall:
Weighted score of the above. [more]
77
Learn more about scoring.

We analyzed this package on Mar 31, 2020, and provided a score, details, and suggestions below. Analysis was completed with status completed using:

  • Dart: 2.7.1
  • pana: 0.13.6
  • Flutter: 1.12.13+hotfix.8

Health suggestions

Fix lib/secure_application.dart. (-0.50 points)

Analysis of lib/secure_application.dart reported 1 hint:

line 32 col 35: Name non-constant identifiers using lowerCamelCase.

Fix lib/secure_gate.dart. (-0.50 points)

Analysis of lib/secure_gate.dart reported 1 hint:

line 4 col 8: Unused import: 'package:secure_application/secure_application_native.dart'.

Dependencies

Package Constraint Resolved Available
Direct dependencies
Dart SDK >=2.3.0 <3.0.0
flutter 0.0.0
flutter_plugin_android_lifecycle ^1.0.5 1.0.6
rxdart ^0.23.1 0.23.1 0.24.0-dev.1
Transitive dependencies
collection 1.14.11 1.14.12
meta 1.1.8
sky_engine 0.0.99
typed_data 1.1.6
vector_math 2.0.8
Dev dependencies
flutter_test