parlough
commented
1 year ago @sfshaza2 I've been seeing this misconception often recently, would be a high value piece of information to add.
Closed timsneath closed 1 year ago
parlough
commented
1 year ago @sfshaza2 I've been seeing this misconception often recently, would be a high value piece of information to add.
sfshaza2
commented
1 year ago I've submitted a PR, @timsneath. I hope you don't mind that I used some of your excellent text. :D
Page URL
https://docs.flutter.dev/deployment/obfuscate/
Page source
https://github.com/flutter/website/tree/main/src/deployment/obfuscate.md
Describe the problem
We could do a better job of describing the limitations of code obfuscation. A novice user may expect that this encrypts resources, or provides complete protection against a determined attempt to reverse engineer an app.
Expected fix
We should make it clear that it is a poor security practice to store secrets in an app, and that this command only renames symbols, rather than providing a complete solution to tampering or attempts to manipulate a compiled application.
Additional context
This issue was triggered by a question from a Flutter user to the security@ mailing list.