Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/kauemurakami/flutter_tamper_detector

[Package Flutter] Flutter Tamper Detector is a security plugin for Flutter that detects and prevents tampering. It identifies if the device is rooted, if hooking tools like Frida, Xposed, or Cydia Substrate are present, or if the device is an emulator. It can automatically close the app to protect integrity and security.
https://github.com/kauemurakami/flutter_tamper_detector

cydia dart flutter flutter-hooks flutter-package flutter-platform-channel flutter-root flutter-security frida kotlin platform-channels security security-app xposed

Last synced: 6 months ago
JSON representation

[Package Flutter] Flutter Tamper Detector is a security plugin for Flutter that detects and prevents tampering. It identifies if the device is rooted, if hooking tools like Frida, Xposed, or Cydia Substrate are present, or if the device is an emulator. It can automatically close the app to protect integrity and security.

Awesome Lists containing this project

README 

          
[![Star on GitHub](https://img.shields.io/github/stars/kauemurakami/flutter_tamper_detector.svg?style=flat&logo=github&colorB=deeppink&label=stars)](https://github.com/kauemurakami/flutter_tamper_detector)

# flutter_tamper_detector



flutter_tamper_detector is a Flutter security plugin designed to detect and prevent application tampering. It checks if the device is rooted, if tools like Frida, Xposed, or Cydia Substrate are being used, or if the app is running on an emulator. With this information, you can implement security measures in your Flutter app, such as terminating the application or blocking execution.



## Getting Started



```

$ flutter pub add flutter_tamper_detector

```

or add in your dependencies

```

dependencies:

  flutter_tamper_detector: 

```



## Usage



Simple and easy to use!



```dart

import 'package:flutter_tamper_detector/flutter_tamper_detector.dart';

```

Now just use the functions directly with our main class `FlutterTamperDetector`:



```dart

bool isEmulator = await FlutterTamperDetector.isEmulator();

bool isRooted   = await FlutterTamperDetector.isRooted();

bool isHooked   = await FlutterTamperDetector.isHooked();

bool isDebug    = await FlutterTamperDetector.isDebug();

bool installedFromPlayStore = await FlutterTamperDetector.isInstalledFromPlaystore();

```

Then you can make some decision in your app according to your needs, for example, the app if it is running on a rooted device.


```dart

 Future checkIfRooted() async {

    bool isRooted = await FlutterTamperDetector.isRooted();



    if (isRooted) {

      print('Device is rooted...');

      // TODO: your logic here

    } else {

      print('Device is not rooted.');

    }

  }

```

Or, if you want to automatically terminate the app process when any of the functions are true, you can use the `exitProcessIfTrue: true` parameter.


This way, the application will terminate the process immediately without the need for a decision structure in your Flutter code.


Only for `isInstalledFromPlaystore` we have a different parameter that is similar to the previous one but this time, we want to take action if the return is false, and not true, so we use `exitProcessIfFalse: true` if the app was not installed directly from the store. (in debug this will always return false)

```dart

bool isEmulator = await FlutterTamperDetector.isEmulator(exitProcessIfTrue: true);

bool isRooted   = await FlutterTamperDetector.isRooted(exitProcessIfTrue: true);

bool isHooked   = await FlutterTamperDetector.isHooked(exitProcessIfTrue: true);

bool isDebug    = await FlutterTamperDetector.isDebug(exitProcessIfTrue: true);

bool installedFromPlayStore = await FlutterTamperDetector.isInstalledFromPlaystore(exitProcessIfFalse: true);

```

We also have a new parameter for the `isRooted` and `isHooked` functions `uninstallIfTrue` that can be passed to use the "attacking" phone's own root to uninstall the app with administrator permissions automatically. (This can only be tested on rooted devices)


```dart

bool isRooted   = await FlutterTamperDetector.isRooted(uninstallIfTrue: true);

bool isHooked   = await FlutterTamperDetector.isHooked(uninstallIfTrue: true);

```

If you use both parameters as true, the uninstallation process is called first, if you just want to exit the app just use `exitProcessIfTrue`


See more details in [`/example`](https://github.com/kauemurakami/flutter_tamper_detector/tree/main/example)



Now we also have the functionality to prevent screenshots and not leave the application visible when it is in the app menu (when you minimize it to switch apps for example) resulting in a black screen.


```dart

await FlutterTamperDetector.appSecuritySettings();

```



## Use native

If you want to stop the process before even entering the Flutter engine, I will provide an example using the same classes here in the package for you to implement directly in the `onCreate` of our `MainActivity.kt`, this way we close the application and end the process before even entering the Flutter engine. Suggestion received via Linkedin from: *Adrian Kohls*


Access -> [native_tamper_detector](https://github.com/kauemurakami/native_tamper_detector)



## ProGuard/R8

If your Flutter app is configured to use ProGuard or R8 (code minification enabled), some flutter_tamper_detector classes may be obfuscated or removed.


To avoid this, add the following rules to your proguard-rules.pro file (located in `android/app/proguard-rules.pro` in your project):


```proguard

# Keeps all classes from the native package

-keep class com.deebx.flutter_tamper_detector.** { *; }



# Prevents class names from being changed

-keepnames class com.deebx.flutter_tamper_detector.**

```

See more details in [`/example`](https://github.com/kauemurakami/flutter_tamper_detector/tree/main/example).



## How test

 1 - Run on a emulator


 2 - Run on a device rooted (ex with [magisk](https://github.com/topjohnwu/Magisk))


 3 - Run on a device that has frida on it, for example, you can test this by following the [official frida documentation](https://frida.re/docs/android/), after completing the steps described there, run the application.


 Don't worry, after that you will be able to remove Frida from your device.