Open
Description
Steps to reproduce
1.Create a default Flutter demo project.
2.Use commands packaged into IPA:flutter build ipa --release --obfuscate --split-debug-info=build/ios/ipa
3.Analysis the IPA using some static analysis tools,such as MobSF(https://mobsf.live/).
Expected results
We should see that the static analysis tool cannot directly find the string code in the Demo project.
Actual results
There are several dart strings in Flutter's default demo project, such as "Flutter Demo"," Flutter Demo Home Page","You have pushed the button this many times:". If the Dart code is correctly obfuscated, you should not see these strings present in the static analysis tool's report. But unfortunately, it's easy to see them in the IPA package. Oddly enough, the Android APK package doesn't exist, so something is clearly wrong.
Code sample
Flutter‘s default demo project:
Code sample
import 'package:flutter/material.dart';
void main() {
runApp(const MyApp());
}
class MyApp extends StatelessWidget {
const MyApp({super.key});
@override
Widget build(BuildContext context) {
return MaterialApp(
title: 'Flutter Demo',
theme: ThemeData(
colorScheme: ColorScheme.fromSeed(seedColor: Colors.deepPurple),
useMaterial3: true,
),
home: const MyHomePage(title: 'Flutter Demo Home Page'),
);
}
}
class MyHomePage extends StatefulWidget {
const MyHomePage({super.key, required this.title});
final String title;
@override
State<MyHomePage> createState() => _MyHomePageState();
}
class _MyHomePageState extends State<MyHomePage> {
int _counter = 0;
void _incrementCounter() {
setState(() {
_counter++;
});
}
@override
Widget build(BuildContext context) {
return Scaffold(
appBar: AppBar(
backgroundColor: Theme.of(context).colorScheme.inversePrimary,
title: Text(widget.title),
),
body: Center(
child: Column(
mainAxisAlignment: MainAxisAlignment.center,
children: <Widget>[
const Text(
'You have pushed the button this many times:',
),
Text(
'$_counter',
style: Theme.of(context).textTheme.headlineMedium,
),
],
),
),
floatingActionButton: FloatingActionButton(
onPressed: _incrementCounter,
tooltip: 'Increment',
child: const Icon(Icons.add),
),
);
}
}
Screenshots or Video
Screenshots / Video demonstration
[Upload media here]
Logs
Logs
[Paste your logs here]Flutter Doctor output
Doctor output
[✓] Flutter (Channel stable, 3.24.3, on macOS 15.2 24C101 darwin-arm64, locale zh-Hans-CN)
• Flutter version 3.24.3 on channel stable at /Users/xxx/flutter_gitee/FlutterB/flutter
• Upstream repository https://github.com/flutter/flutter.git
• Framework revision 2663184aa7 (6 months ago), 2024-09-11 16:27:48 -0500
• Engine revision 36335019a8
• Dart version 3.5.3
• DevTools version 2.37.3
• Pub download mirror https://pub.dev
• Flutter download mirror https://storage.flutter-io.cn
[✓] Android toolchain - develop for Android devices (Android SDK version 35.0.0)
• Android SDK at /Users/xxx/Library/Android/sdk
• Platform android-35, build-tools 35.0.0
• Java binary at: /Users/xxx/Library/Java/JavaVirtualMachines/jbr-17.0.8/Contents/Home/bin/java
• Java version OpenJDK Runtime Environment JBR-17.0.8+7-1000.22-nomod (build 17.0.8+7-b1000.22)
• All Android licenses accepted.
[✓] Xcode - develop for iOS and macOS (Xcode 16.2)
• Xcode at /Applications/Xcode.app/Contents/Developer
• Build 16C5032a
• CocoaPods version 1.15.2
[✓] Android Studio (version 2023.3)
• Android Studio at /Applications/Android Studio.app/Contents
• Flutter plugin can be installed from:
🔨 https://plugins.jetbrains.com/plugin/9212-flutter
• Dart plugin can be installed from:
🔨 https://plugins.jetbrains.com/plugin/6351-dart
• Java version OpenJDK Runtime Environment (build 17.0.10+0-17.0.10b1087.21-11572160)
[✓] VS Code (version 1.98.0)
• VS Code at /Applications/Visual Studio Code.app/Contents
• Flutter extension version 3.107.20250303
[✓] Connected device (4 available)
• sdk gphone64 arm64 (mobile) • emulator-5554 • android-arm64 • Android 13 (API 33) (emulator)
• iPhone 16 Pro Max (mobile) • 30DCB973-D365-43B3-B794-17B6F87F56B2 • ios • com.apple.CoreSimulator.SimRuntime.iOS-18-2 (simulator)
• iPad Pro 11-inch (M4) (mobile) • 999A5313-166E-4024-A82D-0743B9F4AA90 • ios • com.apple.CoreSimulator.SimRuntime.iOS-18-2 (simulator)
• Mac Designed for iPad (desktop) • mac-designed-for-ipad • darwin • macOS 15.2 24C101 darwin-arm64
! Error: Browsing on the local area network for Eric的iPhone 13 Pro Max. Ensure the device is unlocked and attached with a cable or associated with the same local area network as this Mac.
The device must be opted into Developer Mode to connect wirelessly. (code -27)
[✓] Network resources
• All expected network resources are available.
• No issues found!Additional Information:
Ios/Flutter/Generated. Xcconfig seems to be correct:
// This is a generated file; do not edit or check into version control.
FLUTTER_ROOT=/Users/xxx/flutter_gitee/FlutterB/flutter
FLUTTER_APPLICATION_PATH=/Users/xxx/Documents/flutter/obfuscation_test
COCOAPODS_PARALLEL_CODE_SIGN=true
FLUTTER_TARGET=lib/main.dart
FLUTTER_BUILD_DIR=build
FLUTTER_BUILD_NAME=1.0.0
FLUTTER_BUILD_NUMBER=1
EXCLUDED_ARCHS[sdk=iphonesimulator*]=i386
EXCLUDED_ARCHS[sdk=iphoneos*]=armv7
DART_OBFUSCATION=true
SPLIT_DEBUG_INFO=build/ios/ipa
TRACK_WIDGET_CREATION=false
TREE_SHAKE_ICONS=true
PACKAGE_CONFIG=/Users/xxx/Documents/flutter/obfuscation_test/.dart_tool/package_config.json