I am new to flutter development so I am using plugins from pub.dev.. I don't know whether those third party plugins safe or not..can someone hack or access the user data or database transactions through flutter plugins / can a plugin act as a malware? Please help


Solution 1: Magesh 1

You can see information on this Link: [1]: https://medium.com/flutter-community/how-to-make-a-flutter-app-with-high-security-880ef0aa54da#:~:text=Flutter%20provides%20a%20secure%20data,including%20passwords%20and%20PIN%20numbers.


Solution 2: Ujjwal Raijada

I personally see couple of things before using any plugin

  1. Number of likes and Popularity percentage.
  2. Number of open & closed issues.
  3. If the package is from flutter or dart team, you need not to check anything. Just start using it.


Solution 3: D J

Here is something you could do to check how genuine a pub.dev package is :

  1. Visit their Github repository
  2. Check the number of collaborators and the number of stars. Usually popular packages have a considerable number of stars and / or contributors.
  3. Number of issues and if the issues were addressed by any of the contributors or the repo owner.
  4. Usually legitimate package devs spend a considerable amount of time working on the package and making it easy for use by new users thus also adding documentation.

P.S. - Even if a pub package doesn't qualify any of the above checks, it might still be a genuine trustworthy package. If it's not too extensive and you have some time on your hands, you could quickly scour through the code to confirm if its safe to use.

If you do find a package to be malicious, I recommend reporting it to the flutter team so such packages are removed from pub.dev and the portal becomes more safe for other users.