Fluttercon 2023. Notes. DAY 1.

Hello there! Well, it was the first big conference in Flutter I’ve had a chance to attend. It inspired me finally to start writing something more or less technical. But for the warm-up — I’m starting my small notes for the Fluttercon 2023 for every day and presentations I’ve been to.

Not to pull this for too long, let’s start!

Plug the Leak: Memory Management in Flutter by Raitis Šaripo

This speech by Raitis Šaripo was as it was imagined. He had opened people’s eyes to how the garbage collector works, how to avoid memory leaks, and how to fix them if it suddenly happens. Summarizing technical nuances:

• Similarly to JVM’s garbage collector, if an object is unreachable and does not have any reference to it — an object is being deallocated from memory.
• Memory leaks can appear when resources are not being disposed (i.e. StreamControllers or StreamSubscriptions). And it leads to the situation when the object which uses the reference to stream was garbage collected, but the reference was not removed. So GC does not deallocate that object, moreover, the parent object is deallocated, because the reference is still present, kinda in a “vacuum environment”.

Fixing the issue of memory leaks stands on different practices:

• Differ object creations with factory constructors, getter methods, or late initialization
• Using const constructors to optimize performance and memory allocation (static memory allocation is compile-time and it allows to have more efficient management)
• Disposing of resources (canceling subscriptions, closing stream sinks)
• Using weak references (if only one reference to the object is a weak reference — the garbage collector is allowed to deallocate that memory)

Recapping the speech: it was a pleasure to listen, Raitis had that patient connection to the audience, some interactions with people, and jokes. The presentation was very easy to listen.

Bringing Android 13 to Tesla vehicles with Flutter Web by Michal Gapinski

A colleague of mine from HappyByte, Michał Gapiński, has presented a very tricky topic related to Tesla and how to bring especially Android with Flutter Web to Tesla computers.

As far as I understood, because the topic is very complex and, I would say, ‘truly geek’, it brings Flutter Web via RaspberryPi to Tesla’s computer browser. You can host your phone’s part via an internal Wi-Fi network and use more functionalities than Tesla even expose to you. It was a very technical speech, an interesting topic, many parts of which were too interesting to understand at first sight (because I’m not the ‘embedded’ person very much).

Nevertheless, I felt myself that moment at the conference, as it, in my opinion, should be — you gain new knowledge, which you probably won’t get daily and it gives you a kickstart to improve yourself widely in the topics you’ve never heard of previously.

More details you definitely could get on Michal’s project official page https://teslaandroid.com/

How to Hack & Protect Flutter Apps by Tomáš Soukal

I would say, that the presentations I’ve chosen, had topics I am not good at, to gain more new knowledge and to fill gaps in some topics I was not thinking about. This appears from the next speech of Tomáš Soukal and his description of how to hack and protect Flutter apps.

Most of the examples were presented on Android OS, with a list of software that commonly can be used by hackers. As it appeared, the more vulnerable phones are the rooted ones, because, with some additional steps, you can get into the application’s directory, read some shared preferences, and get access to sensitive data. Of course, such things lay on the developer’s shoulders to develop the app securely. Additionally, with the root, you get more control of your device and have access where you shouldn’t.

The way an application can be secured is RASP — Runtime Application Self-Protection. It checks whether the app is running from an emulator (which is more insecure), or from a rooted device, etc. It gives protection to the app from dangerous behavior, such as reverse engineering, repackaging the application with malicious code, and installing the app through untrusted methods.

But of course, security is a very fast-going topic regarding the ‘good and evil fight’, because there are communities that make anti-RASP programs and always there will be someone who wants to break in.

Summary

There were some of the speeches I also attended and have not described here, but it was great and very interesting to listen and know about. People here are very inspirational and interesting to talk and to listen to. I’m happy and grateful to be here with our guys from HappyByte :)

See you next day!

You can reach me by mail or on LinkedIn