CODEWITHSUNDEEP
androidflutterapplication-security
Antonycx
Antonycx

Reputation: 269

Flutter: check if Dart Debugger is attached

Security team wants me to use preventive techniques to prevent the debugger from connecting to the application.

For Android, it can be done using the isDebuggerConnected method of the android.os.Debug class.

For iOS, the use of PT_DENY_ATTACH can be implemented, which ensures that no debugger can be attached to the process called ”ptrace”.

The purpose is to terminate the application in case it is detected if there is a debugger attached to the application.

What I have tried, and I'm not really sure if its the right way to do it, is the following:

At least for Android, in the MainActivity file:

import io.flutter.embedding.android.FlutterActivity
import android.os.Debug
import android.util.Log

class MainActivity: FlutterActivity() {
    override fun onResume() {
        super.onResume()
        Log.i("Kotlin lifeCycle", "onResume")
        val isBeingDebugged: Boolean = android.os.Debug.isDebuggerConnected()
        Log.i("Kotlin lifeCycle onResume", "isBeingDebugged: " + isBeingDebugged)
    }
}

however I always get: isBeingDebugged: false

I have tried onCreate, onResume, lifecycle methods but these don't always get executed.

Is there a way to use this "android.os.Debug" class and its methods inside the Dart classes to do this check in a more controlled way?

Upvotes: 2

Views: 626

Answers (1)

Top-Master
Top-Master

Reputation: 8745

Your code checks if a native and/or Java debugger is attached, not if a Dart debugger is attached.

At the time of writting, namely 2024/10, Dart and/or Flutter itself has no way to check if debugger is attached.

However, you can wait for a debugger to attach, like:

import 'dart:developer' as developer;

static void waitForDebugger() {
  developer.debugger(
    message: "waitForDebugger was called at:\n${StackTrace.current}");
}

Upvotes: 0

Related Questions