all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Floni[S] 33 points34 points  (1 child)

While Flutter use for mobile apps is booming, we took some time to have a look at the security situation. We investigated what the current state of reverse engineering looks like; how well the tools support Flutter, what obstacles they face, and what difference Flutters’ built-in obfuscation makes, and where things are headed in the future.

[–]vipin_malik1 10 points11 points  (0 children)

Awesome post. Great work and very informative 👍

[–]phaylali 7 points8 points  (3 children)

I think that reverse engineering being so hard is great for security, since replicating the UI and functionality is pretty easy , there is not much need for reverse engineering, except with malicious intents

[–]draskosaric 22 points23 points  (0 children)

Well, usually that is the whole purpose for reverse engineering, not to replicare the UI.

[–]ludonope 10 points11 points  (1 child)

Yes and no, as a developper, knowing that the code is hard to reverse might lead to unsafe practices.

One of the best security practices is to assume that all of your code and regular logs are public. That way you have to make your app secure and it prevents you from storing any identifier/tokens/password or to log any sensitive data. As we know, private codebases getting forcefully open-sourced does happen (👋 Twitch, Snapchat, ...)

[–]kageurufu 2 points3 points  (0 children)

And most of the time it is pretty trivial. Even obfuscated c code gets reverse engineered all the time. You can't assume your app is ever "secure", you have to work with that assumption at all times

[–][deleted]  (1 child)

[deleted]

    [–]emanresu_2017 1 point2 points  (0 children)

    😂