Security standards for Flutter applications based on OWASP Mobile. Use when applying OWASP Mobile security standards or securing a Flutter application.
Testing
77 Stars
26 Forks
Updated Jan 18, 2026, 04:24 AM
Why Use This
This skill provides specialized capabilities for HoangNguyen0403's codebase.
Use Cases
Developing new features in the HoangNguyen0403 repository
Refactoring existing code to follow HoangNguyen0403 standards
Understanding and working with HoangNguyen0403's codebase structure
---
name: Flutter Security
description: Security standards for Flutter applications based on OWASP Mobile. Use when applying OWASP Mobile security standards or securing a Flutter application.
metadata:
labels: [security, owasp, pii, encryption]
triggers:
files: ['lib/infrastructure/**', 'pubspec.yaml']
keywords: [secure_storage, obfuscate, jailbreak, pinning, PII, OWASP]
---
# Mobile Security
## **Priority: P0 (CRITICAL)**
Standards for basic mobile security and PII protection.
## Implementation Guidelines
- **Secure Storage**: Use `flutter_secure_storage` for tokens/PII. Never use `shared_preferences`.
- **Hardcoding**: Never store API keys or secrets in Dart code. Use `--dart-define` or `.env`.
- **Obfuscation**: Always release with `--obfuscate` and `--split-debug-info`. Note: This is a deterrent, not cryptographic protection. For sensitive logic, move to backend.
- **SSL Pinning**: For high-security apps, use `dio_certificate_pinning`.
- **Root Detection**: Use `flutter_jailbreak_detection` for financial/sensitive applications.
- **PII Masking**: Mask sensitive data (email, phone) in logs and analytics.
## Reference & Examples
For SSL Pinning and Secure Storage implementation details:
See [references/REFERENCE.md](references/REFERENCE.md).
## Related Topics
common/security-standards | layer-based-clean-architecture | performance
