borneo_security 1.2.0 copy "borneo_security: ^1.2.0" to clipboard
borneo_security: ^1.2.0 copied to clipboard

Published 29 days agoverified publishernizwar.devDart 3 compatible
SDKFlutter
PlatformAndroid

Metadata

Security plugin for mocked location, root detection, and emulator detection

More...

Borneo Security #

Borneo Security is a library designed to help secure your Flutter app from mocker apps, ensure the device's integrity using the Play Integrity API, and manage installed app packages. This library provides methods to detect mocked apps, verify the device's authenticity, and retrieve app package information.

Note: This package only supports Android.

Features #

  • Detect mocked apps installed on the device.
  • Check if mock detection is enabled.
  • Integrate with the Play Integrity API to verify device integrity.
  • Retrieve installed app packages and their details.

Installation #

Add the following dependency to your pubspec.yaml file:

dependencies:
  borneo_security: latest

Usage #

Detecting Mocked Apps #

To detect mocked apps, use the BorneoMockLocationSecurity class:

import 'package:borneo_security/borneo_security.dart';

final mockAppDetector = BorneoMockLocationSecurity();

Future<void> checkMockedApps() async {
  List<String> mockedApps = await mockAppDetector.getMockedApps(); //deprecated
  bool hasMockedApps = await mockAppDetector.hasMockedApps(); //deprecated
  bool isMockEnabled = await mockAppDetector.isMockEnabled();

  print('Mocked apps: $mockedApps');
  print('Has mocked apps: $hasMockedApps');
  print('Is mock enabled: $isMockEnabled');
}

Using Play Integrity API #

To use the Play Integrity API, use the BorneoPlayIntegrity class:

import 'package:borneo_security/borneo_security.dart';

final playIntegrity = BorneoPlayIntegrity();

@override
void initState(){
  playIntegrity.initialize(12345);
  super.initState();
}

Future<void> checkPlayIntegrity() async {
  var integrityToken = await playIntegrity.getIntegrityToken();
  print('Integrity token: $integrityToken');
}

Server-side Integration

Add this package

sh composer require google/apiclient:^2.12.1

Here is fast way to do it Click here for reference

use Google\Client;
use Google\Service\PlayIntegrity;
use Google\Service\PlayIntegrity\DecodeIntegrityTokenRequest;

public function performCheck(Request $request) {
    $client = new Client();
    $client->setAuthConfig(path/to/your/credentials/json/file.json);
    $client->addScope(PlayIntegrity::PLAYINTEGRITY);
    $service = new PlayIntegrity($client);
    $tokenRequest = new DecodeIntegrityTokenRequest();
    $tokenRequest->setIntegrityToken("TOKEN_HERE");
    $result = $service->v1->decodeIntegrityToken('PACKGE_NAME_HERE', $tokenRequest);
    
    if ($oldNonce !== $resultNonce) {
       echo "bad nonce";
       exit(1);
    }

    $deviceVerdict = $result->deviceIntegrity->deviceRecognitionVerdict;
    $appVerdict = $result->appIntegrity->appRecognitionVerdict;
    $accountVerdict = $result->accountDetails->appLicensingVerdict;

    //Possible values of $deviceVerdict[0] : MEETS_BASIC_INTEGRITY, MEETS_DEVICE_INTEGRITY, MEETS_STRONG_INTEGRITY
    if (!isset($deviceVerdict) || $deviceVerdict[0] !== 'MEETS_DEVICE_INTEGRITY') {
        echo "device doesn't meet requirement";
        exit(1);
    }
   //Possible values of $appVerdict: PLAY_RECOGNIZED, UNRECOGNIZED_VERSION, UNEVALUATED
    if ($appVerdict !== 'PLAY_RECOGNIZED') {
        echo "App not recognized";
        exit(1);
    }
    
   //Possible values of $accountVerdict: LICENSED, UNLICENSED, UNEVALUATED
   if ($accountVerdict !== 'LICENSED') {
       echo "User is not licensed to use app";
       exit(1);
   }
}

Managing Installed App Packages #

BorneoPackages provides a comprehensive API to interact with installed applications on a device. Beyond fetching app names, package names, and icons, BorneoPackages also allows you to retrieve additional details such as application permissions, signing certificates, and more.

To retrieve installed app packages and their icons, use the BorneoPackages class:

import 'package:borneo_security/borneo_security.dart';

final packageManager = BorneoPackages();

Future<void> fetchInstalledApps() async {
  List<AppPackage> apps = await packageManager.getInstalledApps(true);
  for (var app in apps) {
    print('App: ${app.name}, Package: ${app.packageName}');
  }

  Uint8List icon = await packageManager.getIcon('com.example.app');
  print('Icon data: $icon');

  AppPackage appInfo = await packageManager.getPackageInfo('com.example.app');
  print('App Info: ${appInfo.name}, Version: ${appInfo.version}');
}

License #

This project is licensed under the MIT License.

Metadata

0
likes
160
points
187
downloads

Publisher

verified publishernizwar.dev

Weekly Downloads

Metadata

Security plugin for mocked location, root detection, and emulator detection

Repository (GitHub)
View/report issues

Documentation

API reference

License

MIT (license)

Dependencies

flutter

More

Packages that depend on borneo_security

Back