flutter 应用_如何使Flutter应用具有高安全性？

flutter 应用

When it comes to developing a mobile application, app security is the biggest concern for the developers.

在开发移动应用程序时，开发人员最关心的是应用程序安全性。

In 2020, people are excessively accessing their smartphones. Right from online banking, chatting, shopping to handling your online businesses, people these days are not only greatly depending on the mobile apps but also keeping sensitive data in mobile phones.

2020年，人们将过度使用智能手机。 从网上银行，聊天，购物到处理您的网上业务，这些天人们不仅在很大程度上取决于移动应用程序，而且还将敏感数据保存在手机中。

According to analytics, 57% of the digital media time is spent on using smartphones and tablets.

根据分析， 数字媒体时间的57％花费在使用智能手机和平板电脑上。

Image Source 图片来源

你知道吗： (Did you know:)

• Mobile apps were downloaded for over 204 billion times in 2019 and with the increasing usage of applications, it is for sure that figures must be jumped to the next level in the coming years.

  2019年 ，移动应用程序的下载量超过2040亿次，并且随着应用程序使用量的增加，可以肯定的是，在未来几年中，这一数字必须跃升到一个新的水平。

• The forecast from Juniper Research report reveals that approx 2 million people that is around 40% of the world’s adult population, are approaching online banking apps.

  Juniper Research报告的预测显示，大约200万人正在使用在线银行应用程序，占全球成年人口的40％。

With the increasing usage of mobile apps these days, app security has become one of the serious issues for developers and users.

如今，随着移动应用程序使用的增加，应用程序安全性已成为开发人员和用户面临的严重问题之一。

No matter whether you are an iOS or an Android user, applications tend to contain critical vulnerabilities on both platforms.

无论您是iOS用户还是Android用户，应用程序都倾向于在两个平台上都包含严重漏洞。

Just have an idea with the below image:

如下图所示：

Image Source 图片来源

So in this post, we will discuss how to increase the security of the Flutter based applications and minimize the risk of vulnerabilities in the application…Why it is important to hire flutter developer and what are the benefits of choosing Flutter for mobile app development.

因此，在本文中，我们将讨论如何提高基于Flutter的应用程序的安全性并最大程度地降低应用程序中的漏洞风险……为什么聘用 Flutter 开发人员很重要，选择Flutter进行移动应用程序开发有什么好处。

However, before jumping on the tips to increase the security of the Flutter based applications, we need to understand “what are the common vulnerabilities and security issues arises in the mobile app?”.

但是，在介绍提高基于Flutter的应用程序的安全性的技巧之前，我们需要了解“移动应用程序中会出现哪些常见漏洞和安全性问题？”。

2020年应用程序所有者应意识到的5大应用程序安全风险和解决方案 (5 Biggest App Security Risks and Solutions That App Owners Should Aware of in 2020)

According to the Gartner Reports, 75% of the mobile apps fail to clear mobile security tests that ultimately put your sensitive data and documents at high risk.

根据Gartner报告 ，有75％的移动应用无法清除移动安全测试，从而最终使您的敏感数据和文档面临高风险。

So here are the common security risks that every app owner should take it seriously:

因此，以下是每个应用程序所有者应认真对待的常见安全风险：

1.未经授权访问您的应用 (1. Unauthorized Access To Your App)

Providing access to the app without verifying the user’s authentication is the biggest security risk. So the app must be ensuring that the user should be a true user and should temporarily lock the access in case of multiple failed login attempts.

最大的安全风险是在未验证用户身份验证的情况下提供对应用程序的访问权限。 因此，应用程序必须确保用户应为真实用户，并在多次登录尝试失败的情况下暂时锁定访问权限。

Solution: Flutter always puts the app security at the top list, therefore, providing developers with the security and authentication plugins. By integrating this sign-in plugin to your app, you can easily add a user authentication verify check to your app. Also, you can ask any app development company for a better solution with the official plugins.

解决方案： Flutter始终将应用程序安全性放在首位，因此，为开发人员提供了安全性和身份验证插件。 通过将此登录插件集成到您的应用中，您可以轻松地将用户身份验证验证检查添加到您的应用中。 此外，您可以要求任何应用开发公司提供使用官方插件的更好解决方案。

Pro Tip: To enhance the security of your app, always integrate official security plugins of Flutter instead of handling app verification yourself. For instance, you can integrate Google sign-in plugin for Google Authentication.

专家提示：为增强应用程序的安全性，请始终集成Flutter的官方安全性插件 ，而不要自己处理应用程序验证。 例如，您可以集成Google登录插件进行Google身份验证。

2.敏感数据泄漏 (2. Leaking of Sensitive Data)

These days, with the excessive usage of the mobile phone, your mobile apps have all the sensitive data right from your user IDs, password, PIN, financial details, personal details, and more. Your sensitive data can be easily compromised if the app security controls fail to be implemented rightly in the app. The weak app security can allow unauthorized parties to access all the information on your app.

如今，随着手机的过度使用，您的移动应用拥有来自用户ID，密码，PIN，财务详细信息，个人详细信息等的所有敏感数据。 如果无法在应用程序中正确实施应用程序安全控制，则很容易危及您的敏感数据。 弱的应用程序安全性可能允许未经授权的各方访问您应用程序上的所有信息。

解： (Solution:)

Flutter provides a secure data storage plugin for both the leading operating systems with the name of NSUserDefault for iOS and SharedPreferences for Android. These plugins provide a secure storage facility but it is recommended to avoid storing your sensitive data including passwords and PIN numbers.

Flutter为两种领先的操作系统提供了一个安全的数据存储插件，iOS的名称为NSUserDefault，Android的名称为SharedPreferences 。 这些插件提供了安全的存储功能，但建议避免存储您的敏感数据，包括密码和PIN码。

Pro Tip: Like most mobile apps, is your mobile app also using in-memory cache to provide quick access by directly fetching the data from the stored memory? If yes, then you need to think twice, that is why you are keeping all the data on the mobile all the time. You should consider the core security principles that ask you to only keep the data that you often need. To keep your data safe, it is worth setting up a periodic time for automatically cleaning the data cache that has been expired.

专家提示：与大多数移动应用程序一样，您的移动应用程序是否还使用内存中缓存通过直接从存储的内存中获取数据来提供快速访问？ 如果是，那么您需要三思，这就是为什么您始终将所有数据保留在移动设备上的原因。 您应该考虑要求您仅保留经常需要的数据的核心安全原则。 为了确保您的数据安全，值得设置一个定期的时间来自动清除已过期的数据缓存。

When using a Flutter based app, it always provides the information when you are about to switch to background mode. You can access the information to set up a timer for regular clean-ups of the cache with the permission of the user.

使用基于Flutter的应用程序时，它将在您要切换到后台模式时始终提供信息。 您可以访问该信息，以在用户许可下为定期清除缓存设置计时器。

Image Source 图片来源

3. 未经授权用户的会话ID攻击 (3. Session ID Attacks by the Unauthorised User)

Either intentionally or unintentionally, sometimes anyone can try to steal the sensitive information of your phone or may even try to steal the identity of the valid user. For example, you lend your phone to your friend for playing games or allow any guest at your home to access your phone, they can try to access the information that you want to keep it private from them.

不管是有意还是无意，有时任何人都可以尝试窃取您手机的敏感信息，甚至可以尝试窃取有效用户的身份。 例如，您将手机借给朋友玩游戏，或允许家里的任何客人访问您的手机，他们可以尝试访问您要保密的信息。

Or sometimes, any colleague can intentionally try to access your corporate email to steal important information. The best way to protect information is to integrate some unpredictable passwords or locks to your phone that can’t be cracked by unauthorized users.

有时，任何同事都可以故意尝试访问您的公司电子邮件以窃取重要信息。 保护信息的最佳方法是将一些无法预测的密码或锁集成到手机中，未经授权的用户无法破解。

解： (Solution:)

Despite using the device-level security (Unlock Screen), it is important to integrate app-level authentication to keep the sensitive data remain private and secure in the app. In fact, app-level authentication can add an additional layer of protection to mobile content. Therefore, Flutter provides special authentication plugins like TouchID for iOS and FP Sensor for Android apps to uplift the app security.

尽管使用了设备级安全性(解锁屏幕)，但集成应用程序级身份验证对于使敏感数据在应用程序中保持私密性和安全性至关重要。 实际上，应用程序级身份验证可以为移动内容添加额外的保护层。 因此，Flutter提供了特殊的身份验证插件，例如iOS的TouchID和Android应用的FP Sensor，以提高应用的安全性。

Image Source: https://pub.dev/packages/local_auth 图片来源： https : //pub.dev/packages/local_auth

Pro Tip: Since numerical or alphabetical passwords are predictable, therefore it is advised to use only officially approved fingerprint or touch ID locks. Moreover, it adds more convenience to access it multiple times and secures your data from malicious users.

专家提示：由于数字或字母密码是可以预测的，因此建议仅使用官方认可的指纹或触摸ID锁。 此外，它为多次访问提供了更多便利，并保护了来自恶意用户的数据。

4.通过恶意用户注入代码 (4. Code Injections Via Malicious User)

Code injections are one of the most common practices by the attackers that access the database of your app and insert the unauthorized codes into the existing coding. Injecting unwanted codes can result in major issues like data loss or corruption, a total takeover of the app, or denial of access as well. The scariest thing about it is, that this type of attack isn’t so hard to execute.

代码注入是攻击者最常见的做法之一，攻击者访问应用程序的数据库并将未经授权的代码插入现有的代码中。 注入不需要的代码可能会导致重大问题，例如数据丢失或损坏，应用程序的全部接管或拒绝访问。 最可怕的是，这种攻击并不难执行。

解： (Solution:)

Developers can easily increase the security of the Flutters apps as all the plugins come up with the required permissions that are already baked into the plugin code. So if you are integrating officially approved plugins in the app, you don’t need to further add additional codes for unauthorized code injection. Moreover, it is advised to hire a software development company for quick assistance.

开发人员可以轻松地提高Flutters应用程序的安全性，因为所有插件都具有已嵌入到插件代码中的必需权限。 因此，如果您在应用程序中集成了官方认可的插件，则无需进一步添加其他代码以进行未经授权的代码注入。 此外，建议您租用软件开发公司以获得快速帮助。

Pro Tip: In case your app has native codes, then it is required to add additional permissions to your app to avoid putting the sensitive data at risk.

专家提示：如果您的应用程序具有本机代码，则需要向您的应用程序添加其他权限，以避免使敏感数据面临风险。

5.保护较小的应用程序窗口 (5. Securing The Smaller App Window)

It’s common to switch to another task by accessing the smaller windows of the app. But unfortunately, the smaller windows of your app can still show the content to the user in the minimized window. The malicious user can easily get the information from this small screen despite having your app protected from the additional measures such as Touch IDs or face scanning. Flutter app development companies can easily understand the pain of the users and implement such strategies to secure your app from malicious users.

通常，通过访问应用程序的较小窗口来切换到另一个任务。 但不幸的是，应用程序的较小窗口仍可以在最小化窗口中向用户显示内容。 尽管保护您的应用不受其他措施(例如触摸ID或面部扫描)的保护，但恶意用户仍可以轻松地从这个小屏幕上获取信息。 Flutter应用程序开发公司可以轻松理解用户的痛苦，并实施此类策略以保护您的应用程序免受恶意用户的侵害。

Image Source 图片来源

解： (Solution:)

Flutter is not providing any official plugin to secure your app window as the implementation process is depending on the native APIs and application life cycles. However, still, there is a hope to enhance its security of your app. Hire a Flutter developer as Flutter provides detailed instructions to secure your app window for both OS.

Flutter不提供任何官方插件来保护您的应用程序窗口，因为实施过程取决于本机API和应用程序生命周期。 但是，仍然有希望增强其应用程序的安全性。 雇用Flutter开发人员，因为Flutter提供了详细的说明来保护两个操作系统的应用程序窗口。

For Android:

对于Android：

While Android natively supports a wide range of window modes, therefore, it is a good way to use the WindowManager flag within the MainAcitiving of the Flutter app to disable the screenshots of the specific screens.

因此，尽管Android本机支持多种窗口模式，但是，这是在Flutter应用程序的MainAcitiving中使用WindowManager标志禁用特定屏幕截图的好方法。

For iOS:

对于iOS：

Image Source 图片来源

Pro Tip: Managing the app screenshots on your Flutter App is not as simple as there are no official plugins to integrate into your app. You need to carefully execute the instructions given by Flutter, so it is worth looking for expert mobile app development solutions to secure your app window.

专家提示：管理Flutter应用程序上的应用程序屏幕截图并不像没有官方插件可以集成到您的应用程序中那样简单。 您需要仔细执行Flutter给出的说明，因此值得寻找专业的移动应用程序开发解决方案来保护您的应用程序窗口。

为什么Flutter已成为应用程序开发的流行选择？ (Why Flutter Has Become a Popular Choice for App Development?)

Despite being a newbie, Flutter has already won the heart of many developers and became a hot topic of the town. Afterall, Flutter is a baby of Google and based on Google’s in-house language that is “DART”. Apart, Google’s Flutter provides you an advanced software development kit (SDK) with a framework, widgets, and tools that ease the app development process and allows developers to expedite the procedure.

尽管是新手，但Flutter已经赢得了许多开发人员的关注，并成为该镇的热门话题。 毕竟，Flutter是Google的婴儿，它基于Google内部的“ DART”语言。 此外，Google的Flutter还为您提供了高级软件开发套件(SDK)，其中包含框架，小部件和工具，可简化应用程序的开发过程并允许开发人员加快该过程。

Here are the reasons why startups are considering Flutter for mobile app development:

这是初创公司考虑Flutter进行移动应用开发的原因：

-两种平台的单一代码库 (- Single Codebase For Both Platforms)

Being a bootstrapper, one of the major concerns for you is the budget. However when hiring a mobile app developer to customize your first app with Flutter framework, then startups can take the benefit to launch their mobile app on both major Operating Systems (Android and iOS) by simply leveraging the single codebase of Flutter.

作为一名引导者，预算是您最担心的问题之一。 但是，当雇用移动应用程序开发人员使用Flutter框架自定义您的第一个应用程序时，初创企业可以利用Flutter的单个代码库，在两个主要操作系统(Android和iOS)上启动其移动应用程序。

Since Flutter doesn’t depend on the platform and has its own design and widgets, therefore, it is possible for developers to build two apps with different designs by using the one codebase. It ultimately saves a great amount of time and cost.

由于Flutter不依赖于平台，而是拥有自己的设计和小部件，因此，开发人员可以使用一个代码库来构建具有不同设计的两个应用程序。 最终节省了大量时间和成本。

-通过热重装实现更快的编码 (- Faster Coding with Hot Reloading)

When you hire a mobile app development company for the Flutter based app development, then you can expect a faster and more dynamic app development solutions.

当您雇用一家移动应用程序开发公司进行基于Flutter的应用程序开发时，您可以期望有更快，更动态的应用程序开发解决方案 。

Flutter is the standalone framework that offers you a hot reload feature, which means a developer can make instant changes in the app coding without even saving the file. Hot Reload feature actually speeds the development process as each change usually takes about milliseconds to fix the error and allow developers to try anything faster in the coding.

Flutter是一个独立的框架，可为您提供热重载功能 ，这意味着开发人员无需更改文件即可立即更改应用程序编码。 Hot Reload功能实际上加快了开发过程，因为每次更改通常需要大约毫秒才能解决错误，并使开发人员可以尝试更快地进行编码。

-使用Flutter可以更快地进行应用测试 (- App Testing Can Be Faster With Flutter)

Developing an app for two platforms means you need to devote a long time for the testing. However, with Futter, the quality assurance process can be faster as both the apps are based on one single code. What’s more, the quality assurance engineer has less work to do as they need to check one app only. But, they check the app on both platforms in case if there is any difference in design or functionality.

为两个平台开发应用程序意味着您需要花费大量时间进行测试。 但是，使用Futter，由于两个应用程序都基于一个代码，因此质量保证过程可以更快。 而且，由于仅需检查一个应用，质量保证工程师的工作量就减少了。 但是，他们会在两个平台上检查应用程序，以防设计或功能上有任何差异。

-无执照费 (- No Licence Fees)

Flutter is free and open-source platforms that allow developers to build highly-interactive applications that give a native feel although in real-time.

Flutter是免费的开放源代码平台，允许开发人员构建高度交互的应用程序，尽管实时，但仍具有原生的感觉。

-以最佳设计自定义应用程序 (- Customize The App With Best Design)

Since Flutter is launched with a highly flexible and scalable library of widgets, therefore, developing and customizing an app with a tailored interface and engaging themes are quite easier with Flutter. Developers can design their Flutter app in a way that their users love to access it.

由于Flutter是使用高度灵活且可扩展的窗口小部件库启动的，因此，使用Flutter可以更轻松地开发和定制具有定制界面并吸引主题的应用程序。 开发人员可以以用户喜欢访问的方式设计Flutter应用程序。

-为旧设备构建相同的UI (- Build the Same UI for the Old Devices)

Your new Flutter app can look the same on old versions of Android and iOS devices. So no matter, whether you are targeting newer versions of devices or older, you can develop a flutter app that supports both newer and older devices with no additional cost.

您的新Flutter应用在旧版本的Android和iOS设备上看起来都一样。 因此，无论您是针对较新版本的设备还是较旧版本的设备，都可以开发一款Flutter应用程序，该版本可同时支持新旧设备，而无需支付额外费用。

Flutter框架的其他值得注意的功能 (Additional Noteworthy Features of Flutter Framework)

• Flutter is known for its productivity as it has a portable GPU rendering UI that provides access to work on multiple up-to-date interfaces.
  Flutter以其生产力着称，因为它具有可移植的GPU渲染UI，可以访问多个最新界面上的工作。
• Flutter apps are easy to localize and businesses to leverage a wider global user base.
  Flutter应用易于本地化，企业可以利用更广泛的全球用户群。
• This framework provides complete support for a wide range of IDEs including Xcode, Android studio, Visual studio code, and more.
  该框架为广泛的IDE提供了完整的支持，包括Xcode，Android Studio，Visual Studio代码等。
• Flutter is well equipped with native ARM code which makes it more compatible with developing enterprise-level apps.
  Flutter配备了本机ARM代码，因此与开发企业级应用程序更加兼容。

简而言之： (In the Nutshell:)

The noticeable features of the Flutter are clearly making it a dominant framework over other cross-platform frameworks and allow more and more startups to opt for mobile app development. The detailed list of features is only making Flutter a more popular and powerful framework over others, but still, you need to integrate appropriate plugins to strengthen the security of the app.

Flutter的引人注目的功能显然使其成为其他跨平台框架的主导框架，并使越来越多的初创公司选择移动应用程序开发。 功能的详细列表仅使Flutter成为一个比其他功能更流行和更强大的框架，但是仍然需要集成适当的插件来增强应用程序的安全性。

Image Source 图片来源

Now the central question is “how to implement all the security plugins to your flutter based app”?

现在的中心问题是“如何对基于flutter的应用程序实现所有安全性插件”？

雇用Flutter移动应用开发公司 (Hire a Flutter Mobile App Development Company)

If you are the one who has been investing in a cross-platform application and choosing a flutter framework for the development and concerned about the security of the app, then it is worth hiring a flutter app development company. The reason being, they are backed by highly specialized developers with the knowledge of the right plugins and understand the importance of integrating officially approved plugins to the app to avoid compromising the security of the DATA.

如果您是一直在投资跨平台应用程序并为开发选择Flutter框架并关注应用程序安全性的人，那么值得雇用Flutter应用程序开发公司。 原因是，它们由具有正确插件知识的高度专业化的开发人员支持，并且了解将正式批准的插件集成到应用程序中的重要性，以免损害DATA的安全性。

The best part about partnering with the best app development company is, they follow the proper hierarchy of the app development process and always ensure you the best product quality by keeping in mind the security of the app.

与最佳应用开发公司合作的最好之处在于，他们遵循应用开发流程的正确层次结构，并始终牢记应用的安全性，从而确保为您提供最佳的产品质量。

结论 (Conclusion)

No matter how complex your app is and what framework you have chosen to develop an application, security is the major concern for any developer. So it is worth to spare some time reading all about common yet major security risks of applications and how you can address it with official flutter plugins.

无论您的应用程序有多复杂，以及您选择了哪种框架来开发应用程序，安全性都是任何开发人员的主要考虑因素。 因此，值得花些时间阅读有关应用程序常见但主要的安全风险以及如何使用官方Flutter插件解决它的所有信息。

Since the usage of the app will continue to increase and threats of the app will also rise, but being a developer- it’s your responsibility to ensure peace of mind to the user by simply increasing the security of the app and making sure that information will remain safe.

由于应用程序的使用量将继续增加，并且应用程序的威胁也将增加，但是作为开发人员，您有责任通过简单地增加应用程序的安全性并确保信息会保留下来来确保用户的安心安全。

Failing to app security tests can impose a negative impact on companies and users will immediately switch to the app of competitors. To avoid such consequences, it is worth collaborating with the flutter app development company to develop your app with tighter security.

不进行应用程序安全测试可能会对公司造成负面影响，用户将立即切换到竞争对手的应用程序。 为避免此类后果，值得与Flutter应用程序开发公司合作，以更严格的安全性来开发您的应用程序。

https://www.twitter.com/FlutterComm

https://www.twitter.com/FlutterComm

翻译自: https://medium.com/flutter-community/how-to-make-a-flutter-app-with-high-security-880ef0aa54da

flutter 应用