Flutter in Fintech: Building a Secure Banking App with Biometrics, Encryption, and Real-Time Notifications

This article explores building a secure fintech app using Flutter, focusing on biometric authentication, local data encryption, and real-time push notifications, essential for a modern mobile banking experience.

Introduction

Flutter has emerged as a leading choice for fintech developers, thanks to its cross-platform capabilities, native-like performance, and secure integration features. This guide provides a detailed walkthrough on developing a secure Flutter banking app, incorporating essential security measures to protect user data and enhance the overall user experience.

We will cover the implementation of biometric authentication for secure login, local encryption for sensitive data storage, and real-time push notifications for immediate transaction alerts. These features are crucial for establishing a robust and trustworthy mobile banking application.

By following this comprehensive guide, developers can create a foundational framework for a modern mobile banking app that prioritizes security and user convenience.

Biometric Authentication

Biometric authentication enhances security by allowing users to log in using fingerprint or facial recognition, relying on device-level trust for secure access.

Use Case: Securely log in users using biometric data (fingerprint or face unlock) with device-level trust.

Dependencies:

• local_auth: ^2.1.6

Implementation:

import 'package:local_auth/local_auth.dart';

class BiometricService {
  final _auth = LocalAuthentication();

  Future<bool> authenticateUser() async {
    final isAvailable = await _auth.canCheckBiometrics;
    final isDeviceSupported = await _auth.isDeviceSupported();

    if (!isAvailable || !isDeviceSupported) return false;

    final didAuthenticate = await _auth.authenticate(
      localizedReason: 'Please authenticate to log in to your account',
      options: const AuthenticationOptions(biometricOnly: true),
    );

    return didAuthenticate;
  }
}

Usage:

ElevatedButton(
  onPressed: () async {
    bool isVerified = await BiometricService().authenticateUser();
    if (isVerified) {
      // Navigate to Home
    } else {
      // Show failed auth dialog
    }
  },
  child: Text('Login with Biometrics'),
)

Data Encryption

Data encryption is essential for protecting sensitive information like user tokens and account numbers stored locally.

Use Case: Encrypt user tokens, account numbers, or session data in local storage.

Dependencies:

• flutter_secure_storage: ^9.0.0
• encrypt: ^5.0.1

Encrypt and Store:

import 'package:flutter_secure_storage/flutter_secure_storage.dart';
import 'package:encrypt/encrypt.dart' as encrypt;

class SecureStorageService {
  final _storage = const FlutterSecureStorage();
  final _key = encrypt.Key.fromLength(32); // Replace with a secure key
  final _iv = encrypt.IV.fromLength(16);

  String _encryptData(String plainText) {
    final encrypter = encrypt.Encrypter(encrypt.AES(_key));
    final encrypted = encrypter.encrypt(plainText, iv: _iv);
    return encrypted.base64;
  }

  String _decryptData(String encryptedText) {
    final encrypter = encrypt.Encrypter(encrypt.AES(_key));
    final decrypted = encrypter.decrypt64(encryptedText, iv: _iv);
    return decrypted;
  }

  Future<void> saveData(String key, String value) async {
    final encryptedValue = _encryptData(value);
    await _storage.write(key: key, value: encryptedValue);
  }

  Future<String?> readData(String key) async {
    final value = await _storage.read(key: key);
    return value != null ? _decryptData(value) : null;
  }
}

Usage:

await SecureStorageService().saveData('account_no', '123456789');
final account = await SecureStorageService().readData('account_no');

Real-Time Push Notifications

Real-time push notifications are critical for providing users with immediate alerts about transactions, OTPs, and payment updates.

Use Case: Notify users instantly about transfers, OTPs, or payment updates.

Dependencies:

• firebase_core: ^2.0.0
• firebase_messaging: ^14.6.1

Setup Firebase:

Set up a Firebase project. Configure Android and iOS apps. Add google-services.json or GoogleService-Info.plist as per platform.

Initialize Firebase in your main file:

void main() async {
  WidgetsFlutterBinding.ensureInitialized();
  await Firebase.initializeApp();
  runApp(MyApp());
}

Setup Push Notification Logic:

import 'package:firebase_messaging/firebase_messaging.dart';

class NotificationService {
  final _firebaseMessaging = FirebaseMessaging.instance;

  Future<void> initNotifications() async {
    NotificationSettings settings = await _firebaseMessaging.requestPermission();

    if (settings.authorizationStatus == AuthorizationStatus.authorized) {
      FirebaseMessaging.onMessage.listen((RemoteMessage message) {
        print("🔔 Foreground notification: ${message.notification?.title}");
      });

      FirebaseMessaging.onMessageOpenedApp.listen((RemoteMessage message) {
        // Navigate to transaction detail or page
      });
    }
  }

  Future<void> getToken() async {
    String? token = await _firebaseMessaging.getToken();
    print("📱 FCM Token: $token");
    // Store/send token to backend
  }
}

Usage:

void main() async {
  WidgetsFlutterBinding.ensureInitialized();
  await Firebase.initializeApp();
  await NotificationService().initNotifications();
  await NotificationService().getToken();
  runApp(MyApp());
}

Conclusion

This guide covered the essential aspects of creating a secure fintech app using Flutter, including biometric login, AES-encrypted data storage, and real-time push notifications. These implementations provide a strong foundation for building production-grade mobile banking applications.