Flutter

📝 Prerequisites

The freeRASP has the following prerequisites that must be met before starting:

• Minimum SDK level: 23 or higher

• Gradle version: 8.12.1 or higher

• Compile SDK version: 35

• Kotlin version: 2.1.0

Android

Some versions of Flutter projects, by default, support lower levels of minimum SDK or Gradle version.

Update minimum SDK and compile SDK level :

• From the root of your project, go to android > app > build.gradle

• In defaultConfig, update minSdkVersion property to at least 23 (Android 6.0) or higher.

android {
    compileSdk 35
    // ... some other declarations ...
    defaultConfig {
        minSdkVersion 23
        // ... some other declarations ...
    }
}

Update Gradle and Kotlin version:

• From the root of your project, go to android > settings.gradle

• In plugins

  • Update version of com.android.application plugin to 8.8.1

  • Update version of org.jetbrains.kotlin.android plugin to 2.1.0

plugins {
    id "dev.flutter.flutter-plugin-loader" version "1.0.0"
    id "com.android.application" version "8.8.1" apply false
    id "org.jetbrains.kotlin.android" version "2.1.0" apply false
}

In older projects using imperative approach, the paths may be different:

• From the root of your project, go to android > build.gradle

• In dependencies , update version of com.android.tools.build:gradle dependecy to 8.8.1

dependencies {
    classpath 'com.android.tools.build:gradle:8.8.1'    
    classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
}

Then you also need to update gradle wrapper:

• From the root of your project, go to android > gradle> wrapper > gradle-wrapper.properties

• In distributionUrl update version to 8.12.1

distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.12.1-all.zip

Enable Screenshot and Screen Recording Detection

 <uses-permission android:name="android.permission.DETECT_SCREEN_CAPTURE" />
 <uses-permission android:name="android.permission.DETECT_SCREEN_RECORDING" />

To utilize active protection, you can use await Talsec.instance.blockScreenCapture(enabled: true). To receive whether the screen capture is blocked, you can use the await Talsec.instance.isScreenCaptureBlocked(). For more details about all these screen capture methods, see Screen Capture.

iOS

Xcode 15 is required to be able to build the application

📦 Install the plugin

Run the following command inside the project directory to add the freeRASP dependency:

flutter pub add freerasp

⚙️ Setup the Configuration for your App

In the entry point to your app, import freeRASP and add the following code:

import 'package:freerasp/freerasp.dart';

void main() {

  // This line is important!
  WidgetsFlutterBinding.ensureInitialized();

  // create a configuration for freeRASP
  final config = TalsecConfig(
    /// For Android
    androidConfig: AndroidConfig(
      packageName: 'your.package.name',
      signingCertHashes: [
        'mVr/qQLO8DKTwqlL+B1qigl9NoBnbiUs8b4c2Ewcz0k='
      ], // Replace with your release (!) signing certificate hash(es)
      supportedStores: ['com.sec.android.app.samsungapps'],
    ),

    /// For iOS
    iosConfig: IOSConfig(
      bundleIds: ['YOUR_APP_BUNDLE_ID'],
      teamId: 'M8AK35...',
    ),
    watcherMail: 'your_mail@example.com',
    isProd: true,
  );
}

👷 Handle detected threats

freeRASP reacts to threats using ThreatCallback. Internally, each threat has its own callback (of VoidCallback type), which is called when a threat is detected.

import 'package:freerasp/freerasp.dart';

void main() {

  // Setting up callbacks
  final callback = ThreatCallback(
      onAppIntegrity: () => print("App integrity"),
      onObfuscationIssues: () => print("Obfuscation issues"),
      onDebug: () => print("Debugging"),
      onDeviceBinding: () => print("Device binding"),
      onDeviceID: () => print("Device ID"),
      onHooks: () => print("Hooks"),
      onPasscode: () => print("Passcode not set"),
      onPrivilegedAccess: () => print("Privileged access"),
      onSecureHardwareNotAvailable: () => print("Secure hardware not available"),
      onSimulator: () => print("Simulator"),
      onSystemVPN: () => print("System VPN"),
      onDevMode: () => print("Developer mode"),
      onADBEnabled: () => print("USB debugging enabled"),
      onUnofficialStore: () => print("Unofficial store"),
      onScreenshot: () => print("Screenshot"),
      onScreenRecording: () => print("Screen recording"),
  );

  // Attaching listener
  Talsec.instance.attachListener(callback);
}

🛡️ Start freeRASP

Start freeRASP to detect threats just by adding this line below the created config and the callback handler:

void main() async {

  // start freeRASP
  await Talsec.instance.start(config);
}

🌁 Enable source code obfuscation

In order to provide as much protection as possible, freeRASP enhances security measures by implementing ProGuard consumer rules, which obfuscate specific sections of the SDK. However, these rules are applied to your Android app code as well due to inheritance.

In certain cases, you may prefer to exclude this rule.

consumerProguardFiles 'consumer-rules.pro'

☢️ (Optionally) Integrate freeMalwareDetection

freeMalwareDetection is a powerful feature designed to enhance the security of your Android application by quickly and efficiently scanning for malicious or suspicious applications (e.g. Android malware) based on various blacklists and security policies.

It helps to detect apps with suspicious package names, hashes, or potentially dangerous permissions.