Skip to content

Flutter useful resources for learning secure data and testing

Jump to bottom
gsw-codes edited this page Sep 30, 2020 · 2 revisions

Welcome to the Mobile-App-Repo wiki!

So we need to be careful with sensitive data.

Requirements:

  1. Shared preferences with encrypted user data

Encrypted Shared Preferences https://pub.dev/packages/encrypted_shared_preferences

  1. Hashing data in the file: Hashing is simply passing some data through a formula that produces a result, called a hash. That hash is usually a string of characters and the hashes generated by a formula are always the same length, regardless of how much data you feed into it. For example, the MD5 formula always produces 32 character-long hashes. Regardless of whether you feed in the entire text of MOBY DICK or just the letter C, you’ll always get 32 characters back.

https://dataspace.com/big-data-applications/what-does-it-mean-to-hash-data/#:~:text=Hashing%20is%20simply%20passing%20some,produces%2032%20character%2Dlong%20hashes.

Hashing and encryption https://www.solarwindsmsp.com/blog/hashing-vs-encryption%C2%A0#:~:text=Hashing%20is%20a%20method%20of,hashing%20is%20the%20hashing%20algorithm.

https://pub.dev/packages/crypto https://api.flutter.dev/flutter/package-crypto_crypto/Hash-class.html

End to end encryption for firebase - however this should be handled on the server side - AWS or GCloud https://cloud.google.com/kms/docs/encrypt-decrypt-rsa https://virgilsecurity.com/blog/announcing-firebase-sdk

Other useful resources: State management using Bloc https://pub.dev/packages/flutter_bloc https://bloclibrary.dev/#/

Testing: How to automate flutter testing: https://www.youtube.com/watch?v=78e3iN_Sq6o

https://medium.com/@luitelpramish7/flutter-testing-68dafdfd841e

https://flutter.dev/docs/cookbook/testing/unit/introduction

https://developer.android.com/training/testing/fundamentals https://flutter.dev/docs/testing https://developer.android.com/training/testing/unit-testing

Testing criteria:

So its important when considering unit testing that we test the following:

UI and layouts - do they look as per the design? Are all the buttons the same size? Colours consistent Do the navigation elements consistently appear in the same place on the screens each time the user navigates? Screen in horizontal and vertical - do the elements realign? Can the user still use the application? does the layout look odd? Colour contrast - it is good enough for users with poor eyesight? Animations - are they consistent? Text - is it readable and consistent? is everything spelt correctly - if you are working in english and it's not your main language ask someone who is to check.

Code: Is all the code refactored? Frameworks that are not consistently applied need to be removed and refactored and agreed with the team Are the files in a logical manner that is considered "good practise" Have all unit tests been run? have these tests passed? Are all possible errors accounted for? Is there data being passed to the DB which will cause any maintenance issues? How are these documented? Security - have security requirements been met? How are these being tested?

In software development - test cases are written to test for the most likely user journey. This is often called "The Happy Path". Often the other use cases which catch other user scenarios where the user presses something we dont expect and that throws an error. This is often not considered and causes issues in production.

Other good practise Deploy to test environment and do ALL your bug fixing etc in DEV environment before you move to PROD. Make sure you have your environments set up properly.

Clone this wiki locally