Flutter Security SDK

MOBILE Security SUITE for flutter apps

Stop any attack in its tracks with extensive Runtime AppSelf-Protection (RASP) controls, app shielding, securestorage, dynamic certificate pinning, and API threatprotection. Compliant with PSD2 and OWASP regulations,Flutter Security provides top-tier protection for any FlutterApp.

Request Demo

Learn More

Supported Platforms

Flutter Apps Are Vulnerable

Mobile applications run in an insecure and untrusted environment. Unless adequately protected, they provide an easy target for attackers. Relying on the basic protection offered by Flutter (such as code obfuscation) is often not enough to deter more experienced attackers. Successful attacks result in:

Loss of revenue

Leaked intellectual property

Exposure of sensitive data

Damage to the brand and reputation

Flutter Security uses a combination of hardening and anti-tampering measures to shield the app and scan its environment for possible threats. Multiple layers of protection aimed at different attack vectors can effectively stop even the most sophisticated attack before it does any damage.

1%

of devices have privileged access allowed

3%

of devices experience at least one security incident

16%

of devices ARE not protected by any form of SCREEN LOCK

40%

of Devices HAVE AN outdated os version

What Makes Flutter Security Essential

With the constant growth of cyber threats, both in their number and complexity, using some protection is necessary. Without it, even a simpleattack can cause widespread damage. Talsec Security SDK offers extensive app protection needed to stop any attack attempts and secure yourapplication. We search for any signs of occurring attacks and can detect hiders and other tools aimed at countering runtime protection.

Tampering

Using freely available tools, every application can be copied, modified and then re-signed. This process is known as application repackaging. Attackers can add custom code, redirect system APIs, or disable the application license and protection. They can also publish a modified application on an unofficial store. A successful attack usually results in sensitive data leak, fraud, and loss of revenue.

Talsec RASP checks the APK signature verification andbinary encryption. It can detect app repackaging, tampering or dynamic attacks, and many more other indications of attack on your application. In case of any violation, suspicious application can shut down with logging to SIEM.

Talsec SDKs: Hardening SDK, Malware Detection SDK, RASP+ SDK, AppiCrypt SDK. Image depicts different layers of security between app and backend gateway.

Overlay Attacks

App Integrity Cryptogram. AppiCrypt is an innovative technology that employs zero-trust principles to enable backend control over the Client App and mobile OS integrity. It calculates an online risk score and filters malicious calls at the API gateway or backend app logic level.Designed to combat API abuse and app impersonation, it also offers fraud prevention through online risk scoring.

Additionally, AppiCrypt provides RASP hardening by ensuring against RASP bypass attempts and is effective against both manual and automated API abuse, including botnets, JSON injections, and session hijacking.

Reverse engineering

An individual attacker can use various techniques to gain intelligence about the application, including source code, libraries, and algorithms used. Those techniques include attaching a debugger, using an emulator with the intention of dynamic behavior analysis, or hooking the application via well-known hooking frameworks like Frida or Xposed. An attacker can use this information to steal intellectual property or as preparation for other attacks.

Flutter security prevents reverse engineering with debugger, emulator, and hooking detection.

Root / Jailbreak

Applications are sandboxed by default, meaning the application is executed in its own isolated environment. Rooting/jailbreaking is a technique of acquirement of privileged access while posing a threat to either applications or the operating system. Jailbreaking is often used to bypass OS restrictions and install unofficial store apps. Many different attack vectors require privileged access to be performed. Tools such as Magisk or Shadow can hide the privileged access and are often used by attackers.

Talsec RASP checks the APK signature verification andFlutter Security SDK detects not only rooted/jailbroken devices but also looks for the presence of their hiders.

Code Injection

The application can be analyzed and modified even though its source code has not been changed through a technique known as hooking. Hooking can be used to intercept system or application calls and then modify them. An attacker can exploit this by inserting new or changing existing code to obtain personal client data or to insert malicious code into an application. Hooking frameworks are easy to use even by inexperienced hackers and can be used to cause extensive damage to targeted apps including data theft and server compromise.

Flutter Security SDK actively searches for any sign of hooking frameworks and can stop them before they cause any damage.

What Makes Flutter Security Exceptional

Cutting-edge incident detection

PSD2, OWASP and eIDAS compliant

No dependency on external web services

Great performance and easy integration

SSL pining and secure storage

Prevent unofficial store installation

Advanced RASP Protection

Protect your app with hundreds of constantly upgraded checks. Prevent it from running in a jailbroken/rooted devices and detect debugging, hooking, tampering or cloning the application. Reaction to each check can be implemented individually, allowing a fine-grained approach.

Real-Time Security Monitoring

If a dangerous incident occurs, real-time alerts are sent by the watcher, enabling you to react swiftly to any threat. Data regarding incidents are visualized in dashboards, with options for auditing and monitoring. All data are accessible through the REST API, so you can work with them as you see fit.

SSL Certificate Pining

Attackers can use fake SSL certificates to perform Man-in-the-Middle attacks and eavesdrop on the traffic between the server and the application. With Talsec Flutter Security, you can use dynamic certificate pining to refuse unknown certificates and prevent potential attacks a data leaks.

PSD2, eIDAS, and OWASP compliant

Flutter Security ensures compliance with the PSD2, OWASP, and eIDAS standards, as well as OWASP's Top 10 mobile recommendations, to establish a high level of confidence in the security of your application. It helps with securing in-app payments and further improves customer safety.

Secure Storage

Hardcoded keys or weak encryption can lead to severe data loss for many users, identity theft, and damage to a business's reputation. Talsec allows storing sensitive data such as private keys or symmetric encryptions in secure storage using the KeyStore for Android and SecureEnclave for iOS devices.

Prevent Unofficial Installation

Many users try to install unofficial copies of apps through various third-party stores. Not only does this lead to the loss of revenue and intellectual property, but it can also be harmful to the users as these copies often contain malicious code. Flutter Security checks whether the app was installed through the official store and can disable any unofficial installation.

Effortless Integration

Designed to be easy to use and with a focus on the developer experience, Talsec RASP will save you a lot of time and headaches. All you need to do is import it, set up the configuration and callbacks, and you're done!

Minimal Performance Impact

Making sure the additional security layer does not negatively impact the app's performance, the Talsec Flutter security suite contains minimal overhead and ensures the lowest possible latency.

Toughen Your Defenses with AppiCrypt

By design, the reverse engineers can find a place in the code where the RASP control resides and disable app defenses if they invest enough time to explore the application.

We provide an additional layer of protection to avoid possible damage from such an attack, and make bypassing RASP ineffective. AppiCrypt® offers API protection and prevents app impersonation using client app and device integrity control. It is a cryptographic proof of the app's functioning with real-time fraud detection and online risk scoring. AppiCrypt® prevents API abuse, token/JWT hijacking, fake botnet registrations, brute force, and DDoS attacks. Together with Flutter Security SDK, it offers a complex, multi-layered defense able to dissuade even the most motivated attackers.