AgentSkillsCN

Flutter Security

基于 OWASP Mobile 的 Flutter 应用安全规范。

SKILL.md
--- frontmatter
name: Flutter Security
description: Security standards for Flutter applications based on OWASP Mobile.
metadata:
  labels: [security, owasp, pii, encryption]
  triggers:
    files: ['lib/infrastructure/**', 'pubspec.yaml']
    keywords: [secure_storage, obfuscate, jailbreak, pinning, PII, OWASP]

Mobile Security

Priority: P0 (CRITICAL)

Standards for basic mobile security and PII protection.

Implementation Guidelines

  • Secure Storage: Use flutter_secure_storage for tokens/PII. Never use shared_preferences.
  • Hardcoding: Never store API keys or secrets in Dart code. Use --dart-define or .env.
  • Obfuscation: Always release with --obfuscate and --split-debug-info. Note: This is a deterrent, not cryptographic protection. For sensitive logic, move to backend.
  • SSL Pinning: For high-security apps, use dio_certificate_pinning.
  • Root Detection: Use flutter_jailbreak_detection for financial/sensitive applications.
  • PII Masking: Mask sensitive data (email, phone) in logs and analytics.

Reference & Examples

For SSL Pinning and Secure Storage implementation details: See references/REFERENCE.md.

Related Topics

common/security-standards | layer-based-clean-architecture | performance