device_security
Flutter plugin for device environment security detection — designed to run before liveness verification to ensure the device is not compromised or spoofed.
Detection Categories
| Category | Android | iOS | Description |
|---|---|---|---|
| Root / Jailbreak | Root detection (su, Magisk, SuperSU) | Jailbreak detection (Cydia, Substrate, fork test) | Checks whether the OS sandbox has been broken |
| Emulator | Build properties, QEMU, emulator files | Simulator env vars, architecture, compile flags | Detects virtual device environments |
| Hooking Framework | Frida, Xposed, LSPosed, Substrate | Frida, Substrate, dylib injection, debugger | Detects dynamic instrumentation tools |
| Virtual Camera | Installed apps, Camera2 API anomalies, /dev/video | AVCaptureDevice anomalies, virtual dylibs | Detects camera feed injection |
Installation
Add to your pubspec.yaml:
dependencies:
device_security:
path: ./path/to/device_security
Quick Start
import 'package:device_security/device_security.dart';
// Run all checks at once
final result = await DeviceSecurityChecker.check();
// Overall assessment
print(result.riskLevel); // RiskLevel.safe / low / medium / high / critical
print(result.overallRiskScore); // 0.0 – 1.0
// Gate liveness verification
if (!result.isSafeForLiveness) {
// Block or warn the user
return;
}
// Individual results
print(result.rootJailbreak); // DetectionDetail
print(result.emulator);
print(result.hookingFramework);
print(result.virtualCamera);
Single-Category Checks
final rootDetail = await DeviceSecurityChecker.checkRoot();
final emulDetail = await DeviceSecurityChecker.checkEmulator();
final hookDetail = await DeviceSecurityChecker.checkHookingFramework();
final vcamDetail = await DeviceSecurityChecker.checkVirtualCamera();
Custom Weights
Adjust how much each category contributes to the overall risk score:
final result = await DeviceSecurityChecker.check(
rootWeight: 0.20,
emulatorWeight: 0.20,
hookWeight: 0.35,
virtualCameraWeight: 0.25,
);
Models
SecurityResult
| Field | Type | Description |
|---|---|---|
overallRiskScore |
double |
0.0 (safe) to 1.0 (critical) |
riskLevel |
RiskLevel |
safe / low / medium / high / critical |
rootJailbreak |
DetectionDetail |
Root / jailbreak results |
emulator |
DetectionDetail |
Emulator / simulator results |
hookingFramework |
DetectionDetail |
Frida / Xposed / etc. results |
virtualCamera |
DetectionDetail |
Virtual camera injection results |
isSafeForLiveness |
bool |
true if risk is safe or low |
isThreatDetected |
bool |
true if any category flagged |
DetectionDetail
| Field | Type | Description |
|---|---|---|
detected |
bool |
Whether the threat was found |
confidence |
double |
0.0 – 1.0 confidence score |
reasons |
List<String> |
Human-readable evidence list |
RiskLevel Thresholds
| Level | Score Range |
|---|---|
safe |
< 0.2 |
low |
0.2 – 0.5 |
medium |
0.5 – 0.7 |
high |
0.7 – 0.9 |
critical |
>= 0.9 |
Android Permissions
The plugin requests CAMERA and QUERY_ALL_PACKAGES permissions. If your app already requests these, no additional configuration is needed. Otherwise, add to your AndroidManifest.xml:
<uses-permission android:name="android.permission.CAMERA" />
<uses-permission android:name="android.permission.QUERY_ALL_PACKAGES" />
Platform Support
| Platform | Minimum Version |
|---|---|
| Android | API 21 (5.0) |
| iOS | 13.0 |
How It Works
Each detector runs multiple independent heuristic checks. Every check that triggers adds to that category's confidence score (capped at 1.0). The overall risk score is a weighted average of the four category scores. A category is marked as "detected" when its confidence reaches 0.3 or above.
All native checks run in parallel on background threads to minimize UI impact.