Stories by Sumit Kumar on Medium

Part 27: Miscellaneous & Advanced Flutter Exploits — From Stack Trace Leaks to Input Hijacking

Sumit Kumar — Wed, 06 Aug 2025 09:43:40 GMT

Beyond traditional exploits like token theft or WebView injection, there are less obvious, but equally dangerous threats lurking in the…

Sumit Kumar — Wed, 06 Aug 2025 09:43:25 GMT

Even after an app is built and running, attackers can manipulate its runtime behavior and assets loaded in memory. Using dynamic…

Sumit Kumar — Wed, 06 Aug 2025 09:43:08 GMT

Many Flutter apps use assets — images, JSON configs, HTML files, and scripts — to drive parts of their UI or logic. These assets are…

Sumit Kumar — Wed, 06 Aug 2025 09:42:55 GMT

Obfuscation is often mistaken for security — but it’s just a speed bump, not a wall.

Sumit Kumar — Wed, 06 Aug 2025 09:42:37 GMT

When a Flutter app is built in release mode, all Dart code is compiled into a shared library called libapp.so. While this binary gives you…

Sumit Kumar — Wed, 06 Aug 2025 09:42:14 GMT

Even a secure Flutter app can be completely hijacked if attackers modify the APK, inject malicious logic or assets, repack the app, and…

Sumit Kumar — Wed, 06 Aug 2025 09:41:53 GMT

Flutter apps are compiled to native binaries, giving developers a false sense of protection. But in reality, attackers can reverse…

Sumit Kumar — Wed, 06 Aug 2025 09:41:36 GMT

Even the most secure Flutter apps must load sensitive data — like JWT tokens, credentials, feature flags, or session states — into memory…

Sumit Kumar — Wed, 06 Aug 2025 09:35:08 GMT

Most mobile developers assume that once an app is compiled and signed, its internal logic is safe. But attackers with tools like Frida…

Sumit Kumar — Wed, 06 Aug 2025 09:34:04 GMT

Flutter apps bundle critical assets inside the assets/ directory — including: