Code obfuscation
Flutter code obfuscation
Flutter's code obfuscation is to obfuscate dart code.
Code obfuscation is the process of modifying application binaries to make them harder for humans to understand. Obfuscation hides function and class names in compiled Dart code, making it difficult for an attacker to reverse engineer your proprietary application.
The practice of Flutter code obfuscation
Flutter version is less than 1.16
Android
Add the following lines to <ProjectRoot> /android/gradle.properties:
extra-gen-snapshot-options=--obfuscate
For information on obfuscating the Android host, see Enabling Proguard in " Preparing Android Apps for Publishing " .
iOS
- modify
build aotcall
Add the following flags to the call /packages/flutter_tools/bin/xcode_backend.shin the file build aot:
${extra_gen_snapshot_options_or_none}
Define this flag as follows:
local extra_gen_snapshot_options_or_none=""
if [[ -n "$EXTRA_GEN_SNAPSHOT_OPTIONS" ]]; then
extra_gen_snapshot_options_or_none="--extra-gen-snapshot-options=$EXTRA_GEN_SNAPSHOT_OPTIONS"
fi
xcode_backend.shWhen modifying , remember build aotto add "\" in the previous line.
2. Modify the publish configuration
In <ProjectRoot> /ios/Flutter/Release.xcconfig, add the following line:
EXTRA_GEN_SNAPSHOT_OPTIONS=--obfuscate
Flutter 1.16.2 or later
To obfuscate an application, build a release build with --obfuscateflags and a combination of flags.--split-debug-info
--split-debug-infoFlag specifying a directory where Flutter can output debug files. This command generates symbolic plots. Currently supports apk, appbundle, ios and ios framework targets. (Master and dev channels support macos and aar.) For example:
flutter build apk --obfuscate --split-debug-info=/<project-name>/<directory>
After obfuscating the binary, save the symbol file. This file is required if you want to deobfuscate stack traces later.
Note that --split-debug-infoflags can also be used on their own. In fact, it can drastically reduce code size. For more information on application size, see Measuring Application Size .
Read the obfuscated stack trace
To debug a stack trace created by an obfuscated application, use the following steps to make it human-readable:
- Find a matching symbol file. For example, crashing from an Android arm64 device would be required
app.android-arm64.symbols. - Provide
flutter symbolizethe command with a stack trace (stored in a file) and a symbol file. For example:
flutter symbolize -i <stack trace file> -d /out/android/app.android-arm64.symbols
⚠️Warning
When writing applications that will end up as obfuscated binaries, keep the following in mind.
- Code that depends on matching a specific class, function or library name will fail. For example, the following
Expect()calls to will not work in an obfuscated binary:
expect(foo.runtimeType.toString(), equals('Foo'))
Reference link:
Obfuscating Dart code
flutter wiki