Mobile Protect SDK for Flutter
- Alban
- Hugo Djemaa
- Federico Sandri
The Mobile Protect SDK for Flutter supports the iOS and Android platforms. This document will take you through the steps to integrate the SDK into your project. For other guides, check out Mobile Protect Installation Guides
In order for Mobile Protect Flutter to correctly fetch its dependencies a Mobile Protect API key is needed. If you haven’t received an API key for Mobile Protect, please contact us.
Installation
Some steps are done in the pubspec.yaml file while some of them are done in the native iOS and Android configuration files.
Step 1: add MobileProtect as a dependency
Add mobile_protect as a dependency in your pubspec.yaml file.
$ flutter pub add mobile_protect
Step 2: configure for Android
Follow steps 1-4 in Mobile Protect SDK for Android via Maven | Installing Mobile Protect SDK with Maven for v23 and above. Please note:
the version of Mobile Protect for Android can and usually does differ from the version of Mobile Protect for Flutter. Thus the version specified in the
pubspec.yamlmay be different from that specified in the gradle build files. Please use theMaven for v23 and abovesection of the Android installation instructions.the settings.gradle of your flutter project is located at
android/settings.gradle, while the build.gradle of your flutter project is located atandroid/build.gradle, both relative to the flutter project root.
(Optional) To specify the configuration directly in code, remove the xml config file from the android’s
res/xmldirectory, and callinitializeAndroidSdkWithConfigurationwith a dart configuration:void main() { WidgetsFlutterBinding.ensureInitialized(); // Must be called before the SDK init FlutterMobileProtect.initializeAndroidSdkWithConfiguration( androidMobileProtectConfiguration((it) { it.authenticationToken = "authentication_token"; it.rootDetection((config) { config.isEnabled = true; config.exceptionList = ["com.exception.list"]; }); it.clipboard((config) { config.isEnabled = false; }); //... }) ); runApp(const MyApp()); }
Step 3: configure for iOS
The API key is necessary to access the Podfile upon which Mobile Protect depends. This API key should be added to your netrc file, which will be used automatically by CocoaPods,
curlandgitwhen fetching the SDK.Add the following entry to the file at
~/.netrc:machine mobile-protect-repos.securetheorem.com password {MOBILEPROTECT_REPO_API_KEY}Replacing
{MOBILEPROTECT_REPO_API_KEY}with the Mobile Protect API key.
Please note: this entry should be placed as the first entry in.netrc, otherwise CocoaPods may fail to read itIn the iOS project copy the
MobileProtect.plistconfig file into the Flutter project's Xcode project, placing it in the project root, and then add it to your xcode project - see Add Existing Files and Folders to a Project for instructions.
Installation of the SDK is now complete. No initialization of MobileProtect is necessary for flutter as the SDK will be initialized automatically.
Step 4 (Optional): Anti-Fraud
In the iOS project’s Podfile, add a dependency to MobileProtectAntiFraud:
target 'Runner' do
[...]
pod 'MobileProtectAntiFraud'Results
Please visit Data Theorem to see the list of your apps and the state of protection, along with the individual protection item details.
Obfuscate your App
Works only on a release build
When building from command line, you can obfuscate your build using the --obfuscate flag:
$ flutter build <build-target> \
--obfuscate \
--split-debug-info=/<symbols-directory>The build-target is commonly apk or appbundle on Android and ipa on iOS.
--split-debug-info indicates where the output file containing the obfuscation mapping (also called SYMBOLS file in Flutter) will be save.
You’ll find more information on the Flutter documentation.
Setup callbacks
MobileProtect supports 2 types of callbacks: protections and events. Protection callbacks are triggered before closing the app and event callbacks are triggered on security events.
They can be setup using FlutterMobileProtect.onProtectionCallback((reason) async { TODO(); }); and FlutterMobileProtect.onEventsCallback((reason) async { TODO(); });
For example, if you want to listen to emulator and jailbreak protection events only, you can use it this way:
FlutterMobileProtect.onEventsCallback((reason) async {
if(reason == "EmulatorProtection") {
// do something
} else if (reason == "JailbreakDetection") {
// do something (else)
} else {
// do nothing
}
});Upgrading from earlier versions (prior to v23.0.0)
In order to update the Mobile Protect Flutter version from an earlier version to 23.0.0 or later, the following changes must be made:
Update the Flutter plugin version in the project’s
pubspec.yamlfile. For example, we may change:dependencies: //... mobile_protect: ^22.3.14 # OLD VERSION!to:
dependencies: //... mobile_protect: ^24.0.0Remove references to the previous Android installation:
remove the old remove the reference to the old android plugin by removing this line from
android/app/build.gradle:apply plugin: 'com.dtplugin.mobileprotectremove any references to
mobileprotectandaspectjfrom the dependencies section ofandroid/build.gradle
Follow the steps outlined in the section Step 2: configure for Android above. Note that no changes are necessary for iOS configuration.
Common errors during upgrade
If the following error occurs when running on Android
> A problem occurred configuring project ':app'.
> Cannot add task 'aopWeaveDebug' as a task with that name already exists.The cause is likely that the (new) plugin is correctly applied in android/build.gradle, but the (old) plugin apply plugin: 'com.dtplugin.mobileprotect' was not removed from android/app/build.gradle.
If a pod-related error occurs while running on iOS, such as the following:
Error: CocoaPods's specs repository is too out-of-date to satisfy dependencies. To update the CocoaPods specs, run: pod repo updateit may be necessary to remove the file
ios/Podfile.lock, then cleaning the project usingflutter cleanand finally rebuilding for iOS.