Why Flutter mobile apps are at risk
Despite the fact that Flutter mobile apps are compiled into native code, they still have similar attack surfaces, and the same inherent risks, as with other mobile technologies. Failure to implement app hardening measures, therefore, opens the door to intellectual property theft, credential harvesting, tampering and cloning.
A couple Flutter-specific risks include:
The Flutter engine - which takes care of GUI rendering, I/O, and more - is embedded in the same way with every published Flutter app. This opens the door for malicious actors to swap the Flutter engine out or modify it to target multiple apps with the same attack. In order to avoid this, you will need to protect your Flutter app from static analysis, and implement runtime detections which detect modifications or tampering.
Dart, being an emerging and dynamic programming language, exposes a lot of metadata. As a result, compiled Flutter apps leak a lot of information with their generated metadata; preventing the leaking of sensitive data requires additional app protection.