flutter-security
Installation
SKILL.md
Mobile Security
Priority: P0 (CRITICAL)
Implementation Workflow
- Store secrets securely — Use
flutter_secure_storagefor tokens/PII. Never useshared_preferencesfor sensitive data. - Externalize secrets — Never store API keys in Dart code. Use
--dart-defineor.envfiles. - Obfuscate releases — Build
--obfuscate --split-debug-info=./symbols. Deterrent only — move sensitive logic to backend. - Pin certificates —
dio_certificate_pinningfor high-security apps to prevent MITM. - Root detection —
flutter_jailbreak_detectionfor root/jailbreak checks in financial/sensitive apps. - Mask PII — Redact PII (email, phone) from all logs and analytics.
Secure Storage & Release Build Examples
See implementation examples for secure storage usage and obfuscated release build commands.