flutter-security
Security & Data Integrity (Architect Level)
- AES-256-GCM: Use Authenticated Encryption for all sensitive storage.
- Secret Storage: Mandatory use of
flutter_secure_storagefor encryption keys and master-derived keys. - Key Derivation: Mandate NIST-approved hashing (Argon2id) for master password derivation before local storage encryption and export.
- Memory Safety: Strictly clear sensitive variables (passwords, keys) from memory when the operation finishes or the app enters the background.
- Clipboard Safety: Mandate programmatic clearing of sensitive data (OTPs, Passwords) after a short duration (30-60s).
- Biometric Gate: Mandatory local authentication for any view, export, or destructive action.
- Audit Log: All security-sensitive actions should be logged via
AppLogger(excluding raw secrets).
Input & API Security
- Input Validation: Validate and sanitize all user-facing input fields before processing or storage.
- HTTPS Only: All API communication MUST use HTTPS. Consider certificate pinning for sensitive applications.
- Token Storage: STRICTLY prohibit storing tokens, API keys, or credentials in source code or public repositories. Use
flutter_secure_storageor environment-based injection.
More from dhruvanbhalara/skills
flutter-ui
Build performant, accessible UIs with strict design tokens and reusable widget patterns. Use when implementing layouts, responsive breakpoints, theming, widget extraction, or fixing common rendering issues like overflow errors.
177flutter-firebase
Integrate Firebase services including Authentication, Firestore, Cloud Messaging, Crashlytics, and Analytics. Use when adding backend capabilities, push notifications, crash reporting, or remote configuration to a Flutter app.
144flutter-dio
Implement HTTP networking with Dio including interceptors, retry logic, and response caching. Use when building API clients, configuring authentication headers, or handling network errors gracefully.
141flutter-architecture
Enforce Clean Architecture with BLoC pattern for Flutter applications. Use when scaffolding features, structuring data/domain/presentation layers, defining data models, or integrating native platform channels.
137flutter-debugging
Debug and profile Flutter applications using DevTools, structured logging, and memory analysis. Use when diagnosing layout issues, tracking performance bottlenecks, or setting up centralized error reporting with Crashlytics.
133flutter-bloc
Implement state management using the BLoC/Cubit pattern with injectable dependency injection. Use when creating new BLoCs, managing UI state transitions, or configuring navigation with GoRouter.
119