11# freeRASP for Flutter
22
3- freeRASP for Flutter is a part of security SDK for the app shielding and security monitoring. Learn more about provided features on the [ freeRASP's main repository] ( https://github.com/talsec/Free-RASP-Community ) first. You can find freeRASP Flutter plugin on [ pub.dev] ( https://pub.dev/packages/freerasp ) .
3+ freeRASP for Flutter is a part of security SDK for the app shielding and security monitoring.
4+ Learn more about provided features on the [ freeRASP's main repository] ( https://github.com/talsec/Free-RASP-Community ) first.
45
56# Usage
6- We will guide you step-by-step, but you can always check the expected result This is how final implementation should look like:
7-
8- * [ main.dart] ( https://github.com/talsec/Free-RASP-Flutter/blob/master/lib/main.dart )
7+ We will guide you step-by-step, but you can always check the expected result in example.
98
109## Step 1: Prepare Talsec library
1110Add dependency to your ` pubspec.yaml ` file
1211``` yaml
1312dependencies :
14- freerasp : 1.1 .0
13+ freerasp : 2.0 .0
1514` ` `
16- and then run: ` flutter pub get`
15+ and then run: ` pub get`
1716
1817# ## iOS setup
1918After depending on plugin follow with these steps :
@@ -82,10 +81,12 @@ Which version of freeRASP is used is tied to development stage of application -
8281Make (convert or create a new one) your root widget (typically one in `runApp(MyWidget())`) and override its `initState` in `State`
8382` ` ` dart
8483void main() {
85- runApp(MyApp());
84+ runApp(const MyApp());
8685}
8786
8887class MyApp extends StatefulWidget {
88+ const MyApp({Key? key}) : super(key: key);
89+
8990 @override
9091 _MyAppState createState() => _MyAppState();
9192}
@@ -109,27 +110,31 @@ Lastly, pass a mail address to `watcherMail` to be able to get reports. Mail has
109110
110111` ` ` dart
111112@override
112- void initState() {
113+ void initState() {
113114 super.initState();
115+ initSecurityState();
116+ }
114117
115- TalsecConfig config = TalsecConfig(
118+ Future<void> initSecurityState() async {
116119
120+ TalsecConfig config = TalsecConfig(
121+
117122 // For Android
118123 androidConfig: AndroidConfig(
119124 expectedPackageName: 'YOUR_PACKAGE_NAME',
120125 expectedSigningCertificateHash: 'HASH_OF_YOUR_APP',
121126 supportedAlternativeStores: ["com.sec.android.app.samsungapps"],
122127 ),
123-
128+
124129 // For iOS
125- IOSConfig : IOSconfig(
130+ iosConfig : IOSconfig(
126131 appBundleId: 'YOUR_APP_BUNDLE_ID',
127132 appTeamId: 'YOUR_APP_TEAM_ID',
128133 ),
129-
134+
130135 // Common email for Alerts and Reports
131- watcherMail: 'john @example.com',
132- );
136+ watcherMail: 'your_mail @example.com',
137+ );
133138}
134139` ` `
135140
@@ -186,16 +191,226 @@ void initState(){
186191 config: config,
187192 callback: callback,
188193 );
194+
189195 app.start();
190196}
191197` ` `
192-
193- # # Step 5: User Data policy
194- Google Play’s User Data policy and App Store's App Privacy Details indicate that applications should inform users properly of the data that they are collecting and processing, and therefore reject the apps which do not comply with the policy. To comply with the policies, follow the manuals for given platforms : [Android](https://github.com/talsec/Free-RASP-Android#step-4-google-plays-user-data-policy), [iOS](https://github.com/talsec/Free-RASP-iOS/tree/master#step-4-app-store-user-data-policy).
195-
196-
197198And you're done 🎉!
198199
200+ # Enterprise Services
201+ We provide extended services (ie. malware detection, detailed configurable threat reactions, immediate alerts and penetration testing) to our commercial customers with a self-hosted cloud platform as well. To get the most advanced protection compliant with PSD2 RT and eIDAS and support from our experts contact us at https://talsec.app.
202+
203+ **TIP:** You can try freeRASP and then upgrade easily to an enterprise service.
204+
205+ # # Plans Comparison
206+ <table>
207+ <thead>
208+ <tr>
209+ <th></th>
210+ <th>freeRASP</th>
211+ <th>Premium</th>
212+ <th>Business</th>
213+ <th>Enterprise</th>
214+ </tr>
215+ </thead>
216+ <tbody>
217+ <tr>
218+ <td>Number of active devices </td>
219+ <td>unlimitted (monitoring up to 100k)</td>
220+ <td>up to 10 000k </td>
221+ <td>unlimitted</td>
222+ <td>unlimitted</td>
223+ </tr>
224+ <tr>
225+ <td colspan=5><strong>Runtime App Self Protection (RASP, app shielding)</strong></td>
226+ </tr>
227+ <tr>
228+ <td>Advanced root/jailbreak protections</td>
229+ <td>basic</td>
230+ <td>standard</td>
231+ <td>advanced</td>
232+ <td>custom</td>
233+ </tr>
234+ <tr>
235+ <td>Runtime reverse engineering controls</br>
236+ <ul>
237+ <li>Debug</li>
238+ <li>Emulator</li>
239+ <li>Hooking protections</li>
240+ </ul>
241+ </td>
242+ <td>basic</td>
243+ <td>standard</td>
244+ <td>advanced</td>
245+ <td>custom</td>
246+ </tr>
247+ <tr>
248+ <td>Runtime integrity controls</br>
249+ <ul>
250+ <li>Tamper protection</li>
251+ <li>Repackaging / Cloning protection</li>
252+ <li>Device binding protection</li>
253+ </ul>
254+ </td>
255+ <td>basic</td>
256+ <td>standard</td>
257+ <td>advanced</td>
258+ <td>custom</td>
259+ </tr>
260+ <tr>
261+ <td>Device OS security status check</br>
262+ <ul>
263+ <li>HW security module control</li>
264+ <li>Device lock control</li>
265+ <li>Device lock change control</li>
266+ </ul>
267+ </td>
268+ <td>yes</td>
269+ <td>yes</td>
270+ <td>yes</td>
271+ <td>custom</td>
272+ </tr>
273+ <tr>
274+ <td>UI protection</br>
275+ <ul>
276+ <li>Overlay protection</li>
277+ <li>Accessibility services protection</li>
278+ </ul>
279+ </td>
280+ <td>no</td>
281+ <td>yes</td>
282+ <td>yes</td>
283+ <td>custom</td>
284+ </tr>
285+ <tr>
286+ <td colspan=5><strong>Hardening suite</strong></td>
287+ </tr>
288+ <tr>
289+ <td>Security hardening suite</br>
290+ <ul>
291+ <li>Dynamic certificate pinning</li>
292+ <li>Obfuscation</li>
293+ <li>Secure storage hardening</li>
294+ <li>Secure pinpad</li>
295+ </ul>
296+ </td>
297+ <td>no</td>
298+ <td>no</td>
299+ <td>yes</td>
300+ <td>yes</td>
301+ </tr>
302+ <tr>
303+ <td colspan=5><strong>Attestation and API protection</strong></td>
304+ </tr>
305+ <tr>
306+ <td>Device attestation and dynamic API protection</td>
307+ <td>no</td>
308+ <td>no</td>
309+ <td>no</td>
310+ <td>yes</td>
311+ </tr>
312+ <tr>
313+ <td colspan=5><strong>Monitoring</strong></td>
314+ </tr>
315+ <tr>
316+ <td>AppSec regular email reporting</td>
317+ <td>yes (up to 100k devices)</td>
318+ <td>yes</td>
319+ <td>yes</td>
320+ <td>yes</td>
321+ </tr>
322+ <tr>
323+ <td>Data insights and auditing portal</td>
324+ <td>no</td>
325+ <td>yes</td>
326+ <td>yes</td>
327+ <td>yes</td>
328+ </tr>
329+ <tr>
330+ <td>Embed code to integrate with portal</td>
331+ <td>no</td>
332+ <td>no</td>
333+ <td>yes</td>
334+ <td>yes</td>
335+ </tr>
336+ <tr>
337+ <td>API data access</td>
338+ <td>no</td>
339+ <td>no</td>
340+ <td>yes</td>
341+ <td>yes</td>
342+ </tr>
343+ <tr>
344+ <td>Data retention</td>
345+ <td>1 month</td>
346+ <td>1 month</td>
347+ <td>1 year</td>
348+ <td>custom</td>
349+ </tr>
350+ <tr>
351+ <td colspan=5><strong>Malware detection</strong></td>
352+ </tr>
353+ <tr>
354+ <td>SDK for Malware detection and backend monitoring</td>
355+ <td>no</td>
356+ <td>optional</td>
357+ <td>optional</td>
358+ <td>optional</td>
359+ </tr>
360+ <tr>
361+ <td colspan=5><strong>User Safety suite</strong></td>
362+ </tr>
363+ <tr>
364+ <td>SDK API for Safety Dashboard for end-users</td>
365+ <td>min</td>
366+ <td>min</td>
367+ <td>yes</td>
368+ <td>yes</td>
369+ </tr>
370+ <tr>
371+ <td>User Safety Assurance service (Improvement plan report, Top10 tips, hot attacks info)</td>
372+ <td>no</td>
373+ <td>no</td>
374+ <td>basic</td>
375+ <td>custom</td>
376+ </tr>
377+ <tr>
378+ <td colspan=5><strong>Deployment</strong></td>
379+ </tr>
380+ <tr>
381+ <td>Individual unique SDK build</td>
382+ <td>no</td>
383+ <td>yes</td>
384+ <td>yes</td>
385+ <td>yes</td>
386+ </tr>
387+ <tr>
388+ <td>Private cloud cluster</td>
389+ <td>no</td>
390+ <td>no</td>
391+ <td>no</td>
392+ <td>custom</td>
393+ </tr>
394+ <tr>
395+ <td colspan=5><strong>Platforms</strong></td>
396+ </tr>
397+ <tr>
398+ <td>Native (iOS and Android)</td>
399+ <td>yes</td>
400+ <td>yes</td>
401+ <td>yes</td>
402+ <td>yes</td>
403+ </tr>
404+ <tr>
405+ <td>Flutter (multiplatform)</td>
406+ <td>yes</td>
407+ <td>yes</td>
408+ <td>custom</td>
409+ <td>custom</td>
410+ </tr>
411+ </tbody>
412+ </table>
413+
199414# Troubleshooting
200415# ## \[Android] `Cloud not find ... ` dependency issue
201416**Solution:** Add dependency manually (see [issue](https://github.com/talsec/Free-RASP-Flutter/issues/1))
@@ -206,10 +421,10 @@ dependencies {
206421 ... some other dependecies ...
207422
208423 // Talsec Release
209- debugImplementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:3.1.0-dev '
424+ releaseImplementation 'com.aheaditec.talsec.security:TalsecSecurity-Community-Flutter:*-release '
210425
211426 // Talsec Debug
212- releaseImplementation 'com.aheaditec.talsec.security:TalsecSecurity-Community:3.1.0-release '
427+ debugImplementation 'com.aheaditec.talsec.security:TalsecSecurity-Community-Flutter:*-dev '
213428}
214429
215430 ` ` `
0 commit comments