Trust is good, testing is better: How to pentest Flutter apps
Recently, during a weekend, Daniel and myself stumbled across Flutter-based apps that were not testable out-of-the-box due to Flutter-specific security decisions. Furthermore, we found that, despite the popularity of the framework, there is little information on how to best test such apps. We thus decided to dive deeper into the framework and came up with a blog post that first sheds some light on Flutter from a security perspective and then provides a step-by-step guide on how to test such apps. In total, it will provide four different approaches. With the increasing popularity of the framework and developers relying on Flutter-intrinsic security features, it is especially important to continue challenging them and equip more testers with the required skills to conduct tests. What is Flutter and what makes it important? Flutter is an open-source UI SDK created by Google. Like React Native, it is used to develop cross platform applications for Android, iOS, Linux, macOS, Windows, Googl