Home Articles Community Products Premium Products GitHub Talsec Website

FlutterFlow

Last updated 4 months ago

Was this helpful?

FlutterFlow

This page provides you with all the necessary information about for . Please read it carefully. If you have a question, don't hesitate to .

📦 Install the plugin

In this section, you will implement the imported freeRASP Action.

On your app's initial page, navigate to the UI Builder.
On the right panel, click on Actions.
In the Action Flow Editor box, click Open.
In the newly opened window, click on On Page Load at the top.
Click Add Action (or + and then Add Action, if you already have an Action).
On the right panel, search for the runRASP Custom Action.
Select the runRASP Action.

In the Set Function Arguments section, you will find the configuration-related arguments and several "onX" arguments. More about reactions in the 👷 Handle detected threats.

⚙️ Setup the Configuration for your App

The freeRASP Action requires several arguments to be filled to function. Some data are related to specific platforms.

If you are developing the application exclusively for one platform, you can omit the configuration part related to the other platform. If you don't want to provide configuration to an unrelated platform, provide an empty string:

Click the orange variable icon next to the Value label
Scroll down to Constants
Click Constant to expand the dropdown menu
Select Empty String

Configuration parameters

watcherMail

watcherMail is an email address designated for receiving security reports. Ensure that the email address follows the strict name@domain.com format.

isProd

[Android] packageName

packageName is a unique identifier for your Android application.

You can find the packageName value for your application in FlutterFlow settings:

Navigate to Settings and Integrations.
Locate and select App Details.
In the textbox labelled Package Name, you will find the package name associated with your application.

[Android] signingCertHash

signingCertHash is a hash of the certificate of the key which was used to sign the application. The value of the hash must be encoded in Base64 form.

More about signing hash and how to obtain it in Getting Signing Certificate Hash.

[Android] supportedStore (optional)

supportedStore is a third-party app store to which your application is uploaded. By including this store, freeRASP considers it as trusted source.

To add a store, add the package name of the store to the supportedStore list.

Google Play store and Huawei AppGallery are supported out of the box. You don't need to add them.

[iOS] bundleId

bundleId is a unique identifier for your iOS application.

[iOS] teamId

teamId is a unique identifier assigned to a development team enrolled in the Apple Developer Program.

You can find your teamId on the Apple Developer portal:

Log in using the account that is used to sign and release your app.
Scroll down to the Membership details section.
Look for the line labelled "Team ID" - the value of your team will be displayed there.

👷 Handle detected threats

To implement callback:

Open Action Flow Editor with runRASP action.
Open one of the dropdown menus labelled "onX" on the right panel (X for a given type of reaction, for example, onAppIntegrity)
In the Action Flow Editor box, click on Open.
Implement your reaction.

Visit Threat detection to learn more details about the performed checks and their importance for app security.

Limitations

Limited configuration

freeRASP for Flutter allows you to define multiple values for:

Signing certificate hash
Supported app store
Bundle ID

Due to FlutterFlow's limitations, the current implementation of freeRASP for FlutterFlow only allows you to specify a single value for each of these attributes. If want to provide more values, you can download the code and adjust those parameters manually (see Flutter)

Mobile support only

Currently, freeRASP supports only Android and iOS. When running the application in the FlutterFlow web client, freeRASP will not be initialized.

[Android] Minimal SDK level

The minimum required Android SDK level for freeRASP is 23. FlutterFlow applications have a minimum SDK level of 21 by default.

This creates some restrictions:

Deploying the application from the FlutterFlow web client is not possible.
Downloading the APK from the FlutterFlow web client is not supported.

To overcome these limitations, we recommend following these steps:

Download the code.
Manually raise the SDK level in the build.gradle file to 23.
Deploy the application using Google Play Console.

Raising SDK version

From the root of your project, go to android > app > build.gradle
In defaultConfig update minSdkVersion to at least 23 (Android 6.0) or higher

android {
...
defaultConfig {
    ...
    minSdkVersion 23
    ...
    }
...
}

PreviousFlutter NextAPI

Last updated 4 months ago

Was this helpful?

This page provides you with all the necessary information about for . Please read it carefully. If you have a question, don't hesitate to .

📦 Install the plugin

In this section, you will implement the imported freeRASP Action.

On your app's initial page, navigate to the UI Builder.
On the right panel, click on Actions.
In the Action Flow Editor box, click Open.
In the newly opened window, click on On Page Load at the top.
Click Add Action (or + and then Add Action, if you already have an Action).
On the right panel, search for the runRASP Custom Action.
Select the runRASP Action.

In the Set Function Arguments section, you will find the configuration-related arguments and several "onX" arguments. More about reactions in the 👷 Handle detected threats.

⚙️ Setup the Configuration for your App

The freeRASP Action requires several arguments to be filled to function. Some data are related to specific platforms.

Click the orange variable icon next to the Value label
Scroll down to Constants
Click Constant to expand the dropdown menu
Select Empty String

Configuration parameters

watcherMail

watcherMail is an email address designated for receiving security reports. Ensure that the email address follows the strict name@domain.com format.

isProd

isProd is a boolean flag that determines whether the freeRASP integration is in the Dev or Release version. If you want to learn more about isProd, visit this .

[Android] packageName

packageName is a unique identifier for your Android application.

You can find the packageName value for your application in FlutterFlow settings:

Navigate to Settings and Integrations.
Locate and select App Details.
In the textbox labelled Package Name, you will find the package name associated with your application.

Do NOT use solutions such as to provide the value of the package name! The package name has to be hardcoded.

[Android] signingCertHash

signingCertHash is a hash of the certificate of the key which was used to sign the application. The value of the hash must be encoded in Base64 form.

More about signing hash and how to obtain it in Getting Signing Certificate Hash.

[Android] supportedStore (optional)

supportedStore is a third-party app store to which your application is uploaded. By including this store, freeRASP considers it as trusted source.

To add a store, add the package name of the store to the supportedStore list.

Google Play store and Huawei AppGallery are supported out of the box. You don't need to add them.

[iOS] bundleId

bundleId is a unique identifier for your iOS application.

More about bundle ID and how to obtain one: .

[iOS] teamId

teamId is a unique identifier assigned to a development team enrolled in the Apple Developer Program.

You can find your teamId on the Apple Developer portal:

Go to the website: .
Log in using the account that is used to sign and release your app.
Scroll down to the Membership details section.
Look for the line labelled "Team ID" - the value of your team will be displayed there.

👷 Handle detected threats

The freeRASP Action offers multiple callbacks for handling threats. A callback is an that gets triggered when a threat is detected.

To implement callback:

Open Action Flow Editor with runRASP action.
Open one of the dropdown menus labelled "onX" on the right panel (X for a given type of reaction, for example, onAppIntegrity)
In the Action Flow Editor box, click on Open.
Implement your reaction.

Visit Threat detection to learn more details about the performed checks and their importance for app security.

Limitations

Limited configuration

freeRASP for Flutter allows you to define multiple values for:

Signing certificate hash
Supported app store
Bundle ID

Mobile support only

Currently, freeRASP supports only Android and iOS. When running the application in the FlutterFlow web client, freeRASP will not be initialized.

[Android] Minimal SDK level

The minimum required Android SDK level for freeRASP is 23. FlutterFlow applications have a minimum SDK level of 21 by default.

This creates some restrictions:

Deploying the application from the FlutterFlow web client is not possible.
Downloading the APK from the FlutterFlow web client is not supported.

To overcome these limitations, we recommend following these steps:

Download the code.
Manually raise the SDK level in the build.gradle file to 23.
Deploy the application using Google Play Console.

Raising SDK version

From the root of your project, go to android > app > build.gradle
In defaultConfig update minSdkVersion to at least 23 (Android 6.0) or higher

android {
...
defaultConfig {
    ...
    minSdkVersion 23
    ...
    }
...
}