Advice - Securing My Flutter App from Unauthorized Installation

Question

The Story Behind I recently ran into an issue, where an app that I had removed from the Play Store over a year ago, was still being used, and had a high number of Admob request, which led to my account limitation. My immediate fix for this was to delete the Ad Unit ID, and remove the store link for the App Unit ID.

So for my active apps, I've been looking at how to secure it, and I came up with the following methods:

Using the Store_Checker package (https://pub.dev/packages/store_checker), I intend to show an Error Dialog, if the Source is not Source.IS_INSTALLED_FROM_PLAY_STORE, or Source is not Source.IS_INSTALLED_FROM_PLAY_PACKAGE_INSTALLER
Store a file in my server, with data of the package name, if it's active, and the latest version number. I would than make a request to my server from the app to confirm that the app is active, and that the version is the latest version. If either of this does not match, I will again show an Error Dialog, directing them to download the latest version of the app, or the replacement app.

I'm avoiding using a version checker package, as this is limited to only the Play Store (Android) and App Store (iOS), while I intend to have my app also available on other market stores (eg. Amazon, Samsung, etc)

As I would be limited in my ability to test these methods fully, I wanted to get feedback from those with more experience, if this methods are indeed possible, and if that would be sufficient for securing my app. If not, I'd really appreciate any advice on other steps I could take.

The methods I've described have gotten my the result, but I am worried that there are scenarios, that I have not taken into consideration.

Advice - Securing My Flutter App from Unauthorized Installation

Answers (1)

Related Questions