1

I’m developing a Flutter application that needs to store sensitive user data, such as API keys and access tokens. I want to ensure that this data is securely stored on the device to prevent unauthorized access.

What are the best practices and recommended approaches for securely storing sensitive data in Flutter? Are there any built-in Flutter APIs or libraries that can help with secure storage (besides flutter_secure_storage)? How should I protect sensitive variables from .env file?

Arithy
  • 11
  • 2
  • Flutter is application client-side don't like server-side, that mean user has full permission with your app. Don't worry about API keys. Example when setup Google API key, you must provide app info or domain website use that key and other apps or websites can't use it. In addition, access token don't need to complete security when it has timeout , you can encrypt it like `flutter_secure_storage`. even it can be read by user but only data was encrypted. Your source code need to protected, because that contain algorithms encrypt. Other way, get sensitive data from server with `https` protocol. – Doan Thai Jul 12 '23 at 15:03

2 Answers2

2

There is a different ways to achieve your goal most of them you can find in this answer, also, check this blog have more details Is your Flutter application Secured,

If my answer helps you don't forget to vote ️.

Faisal Faraj
  • 576
  • 3
  • 9
0

I would recommend using flutter_secure_storage for securely storing access tokens in Flutter. It's a reliable package that encrypts data and stores it in the device's secure storage (keychain on iOS, keystore on Android). It offers benefits like encryption, easy integration with Flutter, and platform-agnostic code. Remember to store only essential data, regularly update dependencies, and implement additional security measures like token expiration and secure communication protocols.

hnxtay
  • 1
  • 1