# ultra_secure_flutter_kit
**Repository Path**: code1993/ultra_secure_flutter_kit
## Basic Information
- **Project Name**: ultra_secure_flutter_kit
- **Description**: No description available
- **Primary Language**: Unknown
- **License**: MIT
- **Default Branch**: main
- **Homepage**: None
- **GVP Project**: No
## Statistics
- **Stars**: 0
- **Forks**: 0
- **Created**: 2025-10-22
- **Last Updated**: 2025-10-22
## Categories & Tags
**Categories**: Uncategorized
**Tags**: None
## README
# Ultra Secure Flutter Kit ๐
A comprehensive Flutter security package providing enterprise-grade protection similar to secure_monitor. This plugin offers extensive security features to protect your Flutter applications from various threats and attacks.
[](https://buymeacoffee.com/knhparmar)
[](https://github.com/kanhiya3008/ultra_secure_flutter_kit/stargazers)
[](https://github.com/kanhiya3008/ultra_secure_flutter_kit/network)
[](https://github.com/kanhiya3008/ultra_secure_flutter_kit/issues)
[](https://github.com/kanhiya3008/ultra_secure_flutter_kit/pulls)
[](https://github.com/kanhiya3008/ultra_secure_flutter_kit/blob/main/LICENSE)
[](https://github.com/kanhiya3008/ultra_secure_flutter_kit/commits/main)
[](https://github.com/kanhiya3008/ultra_secure_flutter_kit/releases)
[](https://github.com/kanhiya3008/ultra_secure_flutter_kit/graphs/contributors)
[](https://github.com/kanhiya3008/ultra_secure_flutter_kit)
[](https://github.com/kanhiya3008/ultra_secure_flutter_kit)
[](https://github.com/kanhiya3008/ultra_secure_flutter_kit)
[](https://github.com/kanhiya3008/ultra_secure_flutter_kit)
## ๐ก๏ธ Security Features
### โ
**IMPLEMENTED & AVAILABLE**
#### 1. **Device & Environment Security**
- โ
**Root Detection (Android)** - Detects rooted devices and common root packages
- โ
**Jailbreak Detection (iOS)** - Detects jailbroken devices and Cydia installations
- โ
**Emulator Detection** - Identifies if app is running on emulator/simulator
- โ
**Debugger Detection** - Detects USB debugging and debugger attachment
- โ
**Screen Capture Protection** - Prevents screenshots and screen recording
- โ
**Secure Flag Toggle** - Enables secure window flags
- โ
**Developer Mode Detection** - Detects if developer options are enabled
#### 2. **App Tampering Detection**
- โ
**Signature Verification** - Verifies app signature integrity
- โ
**Integrity Checks** - Validates app checksums and hashes
- โ
**Installation Source Verification** - Ensures app is from official stores
#### 3. **Secure Storage Layer**
- โ
**AES-256 Encrypted Storage** - Secure data storage with encryption
- โ
**Auto Encryption/Decryption** - Automatic handling of sensitive data
- โ
**Biometric-Protected Vault** - Optional biometric authentication
- โ
**Data Expiration** - Automatic data cleanup with TTL
#### 4. **Network Protection**
- โ
**SSL Pinning** - Certificate pinning with fallback options
- โ
**MITM Attack Detection** - Detects man-in-the-middle attacks
- โ
**Proxy Detection** - Identifies network proxies and proxy settings
- โ
**VPN Detection** - **NEW!** Multi-platform VPN connection detection
- โ
**Network Monitoring** - Real-time network security monitoring
- โ
**Network Interface Analysis** - Comprehensive network security analysis
#### 5. **Anti-Reverse Engineering**
- โ
**Frida Detection** - Detects Frida framework usage
- โ
**Xposed Detection** - Identifies Xposed framework
- โ
**Debug Tool Detection** - Detects common reverse engineering tools
- โ
**Code Obfuscation Helper** - Automatic code obfuscation configuration
#### 6. **AI-Enhanced Behavior Monitoring**
- โ
**Abnormal Behavior Detection** - AI-powered threat detection
- โ
**Device Risk Scoring** - Comprehensive risk assessment
- โ
**Real-time Threat Detection** - Continuous security monitoring
- โ
**Automated Response System** - Automatic threat response
#### 7. **Security Logs & Alerts**
- โ
**Real-time Threat Streaming** - Live security event monitoring
- โ
**Security Metrics** - Comprehensive security analytics
- โ
**Threat Classification** - Categorized threat levels
#### 8. **Configurable Security Modes**
- โ
**Strict Mode** - Maximum protection, blocks on any threat
- โ
**Monitor Mode** - Logs threats but doesn't block
- โ
**Custom Rules** - Configurable security policies
#### 9. **Biometric Authentication**
- โ
**Biometric Availability Check** - Check if biometric auth is available
- โ
**Available Biometric Types** - Get list of available biometric methods
- โ
**Biometric Authentication** - Authenticate using biometrics
## ๐ฆ Installation
Add the dependency to your `pubspec.yaml`:
```yaml
dependencies:
ultra_secure_flutter_kit: ^1.0.0
```
## ๐ Quick Start
### Basic Usage
```dart
import 'package:ultra_secure_flutter_kit/ultra_secure_flutter_kit.dart';
void main() async {
// Initialize security
final securityKit = UltraSecureFlutterKit();
final config = SecurityConfig(
mode: SecurityMode.strict,
enableScreenshotBlocking: true,
enableSSLPinning: true,
enableSecureStorage: true,
);
await securityKit.initializeSecureMonitor(config);
runApp(MyApp());
}
```
### Advanced Configuration
```dart
final config = SecurityConfig(
mode: SecurityMode.strict,
blockOnHighRisk: true,
enableScreenshotBlocking: true,
enableSSLPinning: true,
enableSecureStorage: true,
enableNetworkMonitoring: true,
enableBehaviorMonitoring: true,
enableBiometricAuth: true,
enableCodeObfuscation: true,
enableDebugPrintStripping: true,
enablePlatformChannelHardening: true,
enableMITMDetection: true,
enableInstallationSourceVerification: true,
enableDeveloperModeDetection: true,
allowedCertificates: [
'sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=',
'sha256/BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB=',
],
customRules: {
'maxApiCallsPerMinute': 100,
'maxScreenTouchesPerMinute': 200,
'blockedCountries': ['XX', 'YY'],
},
sslPinningConfig: SSLPinningConfig(
mode: SSLPinningMode.strict,
pinnedCertificates: [
'sha256/CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC=',
],
pinnedPublicKeys: [
'sha256/DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD=',
],
certificateExpiryCheck: Duration(days: 30),
enableFallback: false,
),
biometricConfig: BiometricConfig(
preferredType: BiometricType.fingerprint,
allowFallback: true,
sessionTimeout: Duration(minutes: 30),
requireBiometricForSensitiveData: true,
sensitiveOperations: [
'secureStore',
'secureRetrieve',
'encryptData',
'decryptData',
],
),
obfuscationConfig: ObfuscationConfig(
enableDartObfuscation: true,
enableStringObfuscation: true,
enableClassObfuscation: true,
enableMethodObfuscation: true,
enableDebugPrintStripping: true,
enableStackTraceObfuscation: true,
customObfuscationRules: {
'apiKey': 'obfuscated_api_key',
'secretToken': 'obfuscated_secret_token',
},
),
);
```
## ๐ง Usage Examples
### 1. Device Security Checks
```dart
// Check device security status
final deviceStatus = await securityKit.getDeviceSecurityStatus();
print('Device is secure: ${deviceStatus.isSecure}');
print('Risk score: ${deviceStatus.riskScore}');
// Individual security checks
final isRooted = await securityKit.isRooted();
final isJailbroken = await securityKit.isJailbroken();
final isEmulator = await securityKit.isEmulator();
final isDebuggerAttached = await securityKit.isDebuggerAttached();
final hasProxy = await securityKit.hasProxySettings();
final hasVPN = await securityKit.hasVPNConnection(); // NEW! Multi-platform VPN detection
final isDeveloperModeEnabled = await securityKit.isDeveloperModeEnabled();
```
### 2. Secure Storage
```dart
// Store sensitive data securely
await securityKit.secureStore(
'user_token',
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...',
expiresIn: Duration(hours: 24),
);
// Retrieve sensitive data
final token = await securityKit.secureRetrieve('user_token');
// Encrypt/decrypt data
final encrypted = await securityKit.encryptSensitiveData('sensitive_data');
final decrypted = await securityKit.decryptSensitiveData(encrypted);
// Delete secure data
await securityKit.secureDelete('user_token');
// Clear all secure data
await securityKit.clearAllSecureData();
```
### 3. Secure API Calls
```dart
// Make secure API calls with protection
final response = await securityKit.secureApiCall(
'https://api.example.com/secure',
{
'userId': '12345',
'action': 'sensitive_operation',
'timestamp': DateTime.now().millisecondsSinceEpoch,
},
headers: {
'Authorization': 'Bearer ${securityKit.generateSecureRandom()}',
'Content-Type': 'application/json',
},
method: 'POST',
);
```
### 4. Behavior Monitoring
```dart
// Record behavior events
securityKit.recordApiHit();
securityKit.recordScreenTouch();
securityKit.recordAppLaunch();
// Get behavior data
final behaviorData = securityKit.getBehaviorData();
print('API hits: ${behaviorData.apiHits}');
print('Screen touches: ${behaviorData.screenTouches}');
```
### 5. Security Event Listening
```dart
// Listen to security threats
securityKit.threatStream.listen((threat) {
print('Security threat detected: ${threat.description}');
print('Threat level: ${threat.level}');
switch (threat.level) {
case SecurityThreatLevel.critical:
// Handle critical threat
break;
case SecurityThreatLevel.high:
// Handle high threat
break;
default:
// Handle other threats
break;
}
});
// Listen to protection status changes
securityKit.statusStream.listen((status) {
print('Protection status: $status');
});
```
### 6. Data Sanitization
```dart
// Sanitize user input
final maliciousInput = '';
final sanitized = securityKit.sanitizeInput(maliciousInput);
// Result: "alert("XSS")" (script tags removed)
```
### 7. Secure Random Generation
```dart
// Generate secure random data
final random32 = securityKit.generateSecureRandom(length: 32);
final random64 = securityKit.generateSecureRandom(length: 64);
```
### 8. Platform-Specific Security
```dart
// Enable security features
await securityKit.enableScreenCaptureProtection();
await securityKit.enableSecureFlag();
await securityKit.enableNetworkMonitoring();
await securityKit.enableRealTimeMonitoring();
await securityKit.preventReverseEngineering();
await securityKit.applyAntiTampering();
// Get app signature and verify integrity
final signature = await securityKit.getAppSignature();
final isIntegrityValid = await securityKit.verifyAppIntegrity();
final fingerprint = await securityKit.getDeviceFingerprint();
```
### 9. Developer Mode Management
```dart
// Check if developer mode is enabled
final isDeveloperMode = await securityKit.isDeveloperModeEnabled();
// Open developer options settings (Android)
if (isDeveloperMode) {
await securityKit.openDeveloperOptionsSettings();
}
```
### 9. SSL Pinning
```dart
// Configure SSL pinning
await securityKit.configureSSLPinning(
certificates: ['sha256/your-certificate-hash-here'],
publicKeys: ['sha256/your-public-key-hash-here'],
);
// Verify SSL pinning for a URL
final isPinned = await securityKit.verifySSLPinning('https://api.example.com');
print('SSL pinning verification: $isPinned');
```
### 10. VPN Detection (NEW!)
```dart
// Check if VPN is connected
final hasVPN = await securityKit.hasVPNConnection();
print('VPN Connected: $hasVPN');
// Get comprehensive network security status
final deviceStatus = await securityKit.getDeviceSecurityStatus();
print('VPN Status: ${deviceStatus.hasVPN}');
print('Proxy Status: ${deviceStatus.hasProxy}');
// Monitor VPN status continuously
void startVPNMonitoring() {
Future.delayed(const Duration(seconds: 30), () async {
final hasVPN = await securityKit.hasVPNConnection();
if (hasVPN) {
print('โ ๏ธ VPN detected - applying enhanced security measures');
// Handle VPN detection (e.g., show warning, block sensitive operations)
}
// Continue monitoring
startVPNMonitoring();
});
}
// Check VPN before making sensitive API calls
Future makeSecureApiCall(String url, Map data) async {
final hasVPN = await securityKit.hasVPNConnection();
if (hasVPN) {
print('VPN detected during API call - applying additional security');
// Apply enhanced security measures
}
return await securityKit.secureApiCall(url, data);
}
```
### 11. Biometric Authentication
```dart
// Check if biometric authentication is available
final isAvailable = await securityKit.isBiometricAvailable();
print('Biometric available: $isAvailable');
// Get available biometric types
final biometrics = await securityKit.getAvailableBiometrics();
print('Available biometrics: $biometrics');
// Authenticate with biometrics
final isAuthenticated = await securityKit.authenticateWithBiometrics(
localizedReason: 'Please authenticate to access secure data',
stickyAuth: false,
biometricOnly: true,
);
print('Biometric authentication: $isAuthenticated');
```
## ๐ ๏ธ Advanced Features
### SSL Pinning Configuration
```dart
final sslConfig = SSLPinningConfig(
mode: SSLPinningMode.strict,
pinnedCertificates: [
'sha256/your_certificate_hash_here=',
],
pinnedPublicKeys: [
'sha256/your_public_key_hash_here=',
],
certificateExpiryCheck: Duration(days: 30),
enableFallback: false,
);
```
### Biometric Authentication
```dart
final biometricConfig = BiometricConfig(
preferredType: BiometricType.fingerprint,
allowFallback: true,
sessionTimeout: Duration(minutes: 30),
requireBiometricForSensitiveData: true,
sensitiveOperations: [
'secureStore',
'secureRetrieve',
'encryptData',
'decryptData',
],
);
```
### Code Obfuscation
```dart
final obfuscationConfig = ObfuscationConfig(
enableDartObfuscation: true,
enableStringObfuscation: true,
enableClassObfuscation: true,
enableMethodObfuscation: true,
enableDebugPrintStripping: true,
enableStackTraceObfuscation: true,
customObfuscationRules: {
'apiKey': 'obfuscated_api_key',
'secretToken': 'obfuscated_secret_token',
},
);
```
## ๐ Security Metrics
```dart
// Get comprehensive security metrics
final metrics = securityKit.securityMetrics;
print('Threat count: ${metrics['threat_count']}');
print('Blocked attempts: ${metrics['blocked_attempts']}');
print('Active threats: ${metrics['active_threats']}');
print('API hits: ${metrics['api_hits']}');
print('Screen touches: ${metrics['screen_touches']}');
print('App launches: ${metrics['app_launches']}');
```
## ๐ Security Modes
### Strict Mode (Maximum Protection)
```dart
final config = SecurityConfig(
mode: SecurityMode.strict,
blockOnHighRisk: true,
// Blocks app on any high/critical threat
);
```
### Monitor Mode (Logging Only)
```dart
final config = SecurityConfig(
mode: SecurityMode.monitor,
blockOnHighRisk: false,
// Logs threats but doesn't block app
);
```
### Custom Mode (Configurable)
```dart
final config = SecurityConfig(
mode: SecurityMode.custom,
blockOnHighRisk: true,
customRules: {
'allowRootedDevices': false,
'allowEmulators': false,
'maxRiskScore': 0.5,
},
);
```
## ๐จ Threat Handling
```dart
// Listen to threats and handle them
securityKit.threatStream.listen((threat) {
switch (threat.type) {
case SecurityThreatType.rootDetected:
case SecurityThreatType.jailbreakDetected:
// Block app or show warning
_showSecurityWarning('Device compromised');
break;
case SecurityThreatType.emulatorDetected:
// Prevent sensitive operations
_disableSensitiveFeatures();
break;
case SecurityThreatType.networkTamperingDetected:
// Block network operations
_blockNetworkAccess();
break;
case SecurityThreatType.suspiciousBehaviorDetected:
// Increase monitoring
_increaseMonitoring();
break;
default:
// Handle other threats
_logThreat(threat);
break;
}
});
```
## ๐ฑ Platform Support
- โ
**Android** - Full support with native security implementations
- โ
**iOS** - Full support with native security implementations
- โ
**Web** - Full support with browser-adapted security features
- โ
**macOS** - Full support with native macOS security implementations
- โ
**Linux** - Full support with native Linux security implementations
- โ
**Windows** - Full support with native Windows security implementations
### ๐ **NEW: Multi-Platform VPN Detection**
The VPN detection feature is now available across all supported platforms:
- **Android**: NetworkInterface + ConnectivityManager detection
- **iOS**: utun interface detection
- **Windows**: Network adapter detection
- **macOS**: utun interface detection
- **Linux**: Network interface detection
- **Web**: Browser-based network analysis
### Platform-Specific Features
#### Android
- โ
Root detection with comprehensive checks
- โ
Native FLAG_SECURE for screen capture protection
- โ
Developer options integration
- โ
Package manager verification
- โ
SSL pinning with certificate and public key support
- โ
**VPN Detection** - NetworkInterface + ConnectivityManager
- โ
**USB Connection Monitoring** - Real-time USB device detection
#### iOS
- โ
Jailbreak detection with system access checks
- โ
App Store receipt verification
- โ
Code signing validation
- โ
Settings integration
- โ
SSL pinning with certificate and public key support
- โ
**VPN Detection** - utun interface detection
- โ
**Biometric Authentication** - Face ID and Touch ID support
#### Web
- โ
Developer tools detection
- โ
Security bypass detection
- โ
Screen capture protection (CSS + JavaScript)
- โ
Canvas fingerprinting
- โ
Network monitoring
- โ
SSL pinning (browser-based)
- โ
**VPN Detection** - Browser-based network analysis
- โ
**WebRTC Protection** - IP address leakage prevention
#### macOS
- โ
Root access detection
- โ
Virtual machine detection
- โ
Code signing verification
- โ
Hardware UUID fingerprinting
- โ
System Preferences integration
- โ
SSL pinning with certificate and public key support
- โ
**VPN Detection** - utun interface detection
- โ
**Gatekeeper Integration** - App security verification
#### Linux
- โ
Root access detection
- โ
Virtual machine detection
- โ
Debugger attachment detection
- โ
Machine ID fingerprinting
- โ
System settings integration
- โ
SSL pinning with certificate and public key support
- โ
**VPN Detection** - Network interface detection
- โ
**Systemd Integration** - Service security monitoring
#### Windows
- โ
Administrator privileges detection
- โ
Virtual machine detection
- โ
Debugger attachment detection
- โ
Machine GUID fingerprinting
- โ
Windows Settings integration
- โ
SSL pinning with certificate and public key support
- โ
**VPN Detection** - Network adapter detection
- โ
**Windows Defender Integration** - Antivirus status monitoring
## ๐ง Configuration
### Android Configuration
Add to `android/app/src/main/AndroidManifest.xml`:
```xml
```
### iOS Configuration
Add to `ios/Runner/Info.plist`:
```xml
NSFaceIDUsageDescription
This app uses Face ID for secure authentication
```
## ๐งช Testing
### Basic Security Testing
```dart
// Test security features
void testSecurity() async {
final securityKit = UltraSecureFlutterKit();
// Test device security
final isSecure = await securityKit.getDeviceSecurityStatus();
assert(isSecure.isSecure == true);
// Test secure storage
await securityKit.secureStore('test', 'value');
final value = await securityKit.secureRetrieve('test');
assert(value == 'value');
// Test encryption
final encrypted = await securityKit.encryptSensitiveData('test');
final decrypted = await securityKit.decryptSensitiveData(encrypted);
assert(decrypted == 'test');
}
```
### VPN Detection Testing
```dart
// Test VPN detection functionality
void testVPNDetection() async {
final securityKit = UltraSecureFlutterKit();
// Test VPN detection
final hasVPN = await securityKit.hasVPNConnection();
print('VPN Detection Test: ${hasVPN ? "VPN Connected" : "No VPN"}');
// Test device security status (includes VPN info)
final deviceStatus = await securityKit.getDeviceSecurityStatus();
print('Device VPN Status: ${deviceStatus.hasVPN}');
print('Device Proxy Status: ${deviceStatus.hasProxy}');
// Test comprehensive security
final isSecure = deviceStatus.isSecure;
final riskScore = deviceStatus.riskScore;
print('Overall Security: ${isSecure ? "SECURE" : "AT RISK"}');
print('Risk Score: ${(riskScore * 100).toStringAsFixed(1)}%');
}
```
### Run Automated Tests
```bash
# Run all tests
flutter test
# Run VPN detection tests specifically
flutter test test/vpn_detection_test.dart
# Run specific test groups
flutter test test/vpn_detection_test.dart --name="VPN Detection Basic Tests"
flutter test test/vpn_detection_test.dart --name="Integration Tests"
```
### Test with Real VPN
1. **Install a VPN app** (NordVPN, ExpressVPN, etc.)
2. **Run the example app**:
```bash
cd example
flutter run
```
3. **Navigate to VPN Detection Testing** in the app
4. **Connect/disconnect VPN** and observe detection results
## ๐ Performance
The plugin is optimized for performance with minimal overhead:
- **Memory Usage**: < 5MB additional memory
- **CPU Impact**: < 2% CPU usage during normal operation
- **Battery Impact**: < 1% additional battery drain
- **Startup Time**: < 100ms initialization time
- **VPN Detection Time**: < 1 second detection time
- **Network Security Checks**: < 500ms per check
- **Real-time Monitoring**: < 0.1% additional CPU usage
## ๐ Security Best Practices
1. **Always initialize security early** in your app lifecycle
2. **Use strict mode** for production applications
3. **Implement proper threat handling** for detected security issues
4. **Regularly update security configurations** based on new threats
5. **Monitor security metrics** to identify patterns
6. **Use secure storage** for all sensitive data
7. **Implement proper error handling** for security failures
8. **Test on real devices** to ensure security features work correctly
## ๐ค Contributing
Contributions are welcome! Please read our contributing guidelines and submit pull requests for any improvements.
## ๐ License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## ๐ Support
For support and questions:
- ๐ง Email: support@ultrasecureflutterkit.com
- ๐ Documentation: https://docs.ultrasecureflutterkit.com
- ๐ Issues: https://github.com/kanhiya3008/ultra_secure_flutter_kit/issues
- ๐ฌ Discord: https://discord.gg/ultrasecureflutterkit
## ๐ Latest Features & Improvements
### **NEW: Multi-Platform VPN Detection**
- โ
**Complete VPN Detection Implementation** across all platforms
- โ
**Real-time VPN Monitoring** with continuous status checking
- โ
**Comprehensive Testing Suite** with 16 test cases
- โ
**Example Applications** for easy integration
- โ
**Performance Optimized** with < 1 second detection time
### **Enhanced Security Features**
- โ
**Improved Android VPN Detection** with NetworkInterface + ConnectivityManager
- โ
**Enhanced iOS VPN Detection** with utun interface analysis
- โ
**Windows VPN Detection** with network adapter monitoring
- โ
**macOS VPN Detection** with utun interface detection
- โ
**Linux VPN Detection** with network interface analysis
- โ
**Web VPN Detection** with browser-based network analysis
### **Testing & Documentation**
- โ
**Comprehensive Test Suite** for VPN detection
- โ
**Example Applications** for easy testing
- โ
**Complete Documentation** with usage examples
- โ
**Troubleshooting Guides** for common issues
- โ
**Performance Benchmarks** and optimization tips
## ๐ Changelog
See [CHANGELOG.md](CHANGELOG.md) for a complete list of changes and updates.
---
**โ ๏ธ Important**: This plugin provides comprehensive security features, but no security solution is 100% foolproof. Always follow security best practices and keep your app updated with the latest security patches.