Forem: Abdulazeez Oshinowo

Ultimate Guide: How to Secure a Flutter App (OWASP Mobile Top 10 + Checklist)

Abdulazeez Oshinowo — Sat, 14 Feb 2026 16:31:50 +0000

Creating a high-performing Flutter application feels like building a beautiful glass skyscraper in the middle of a digital conflict. Everyone wants to be inside and enjoy the great experience since it's lovely and effective.

However, that "write once, run everywhere" mentality soon turns into "vulnerable once, compromised everywhere" if the foundation isn't strengthened and the locks aren't set appropriately. The truth is that a committed hacker can often expose your app's logic, secrets, and user data.

This guide breaks down the essential strategies for securing Flutter mobile applications by aligning your development workflow (SDLC) with the OWASP Mobile Top 10 standards. Whether you are building for FinTech, healthcare, or e-commerce, these industry-proven best practices will ensure your application remains a fortress in today’s increasingly hostile threat landscape.

4 Ways to Protect Your Flutter Mobile Application

The following steps to secure your Flutter app are categorized into four security domains that the OWASP Mobile Top 10 risks are mapped to:

A. Identity & Access Management (M1, M3):

This section focuses on verifying the user's identity and what they are allowed to do.

1. OAuth or Firebase Authentication: Authentication is the security process of verifying the identity of a user, device, or system before granting access to resources.

It confirms that an entity is who they claim to be, typically using credentials like passwords, biometrics, or tokens.

Use for secure signups/logins instead of custom, error-prone auth logic. The following packages can help with implementing authentication in your app:

2. Biometric Integration: This adds a hardware-backed layer of security for sensitive actions. Use biometrics as an MFA/UX layer, not a replacement for server auth.

The local_auth package helps you to implement biometric authentication in your mobile app.

3. Authorization Checks: Always verify user roles/permissions on the server side; the mobile application is the "requestor," while the backend is the "enforcer".

4. MFA (Multi-Factor Authentication): Don't rely solely on a password or biometric authentication; require an OTP or physical key for high-value transactions.

5. Platform Permissions: Ask the user only for permissions you really need. Avoid over-privileging your app to cut the risk of unauthorized access.

Use the permission_handler package to handle permissions gracefully.

B. Data Protection and Privacy (M6, M9, M10)

This domain focuses on protecting the "crown jewels": user data at rest and local secrets.

6. Never Hardcode Keys: One of the riskiest mistakes is storing authentication tokens or secrets in the source code or .dart files. Store secrets in platform keystores and expose via secure plugin; never leave them in the source.

❌ Avoid this:

const userToken = "YOUR_API_KEY";

Instead, use the native KeyStore (Android)/Keychain (iOS) via platform channels to securely store sensitive tokens in your app. Another way is to leverage the flutter_secure_storage package.

7. Set up Environment Variables: Always keep build-time secrets (API keys, app IDs, base URLs) and other confidential app configurations out of the codebase. The following are ways to ensure your app secret keys are safe:

Injecting Values During Compilation: Many developers use packages like flutter_dotenv and add their .env file to the pubspec.yaml like this:

❌ Don't do this for secrets

flutter:
  assets:
    - .env

-- The Problem: When you add a file to your assets, Flutter copies that file exactly as it is into the app's internal folder. An APK or IPA is just a ZIP file. Anyone can download your app, unzip it, and navigate to the assets folder to read your .env file in plain text.

-- The "Secure" Way: --dart-define-from-file
Instead of shipping a physical file inside the app, you use this flag to tell the Flutter compiler: "Read this file right now, take the values, and bake them directly into the machine code of the app".

-- The Result: The .env file stays on your computer (or CI/CD server) and is never included in the app. The values exist only as hard-to-read constants inside the compiled binary.

For Development:
flutter run --dart-define-from-file=.env

For Production Build:
flutter build apk --dart-define-from-file=.env

CI Secret Variables for Production Keys: Services like Codemagic, Fastlane, and GitHub Actions allow you to store API keys as environment variables to keep them out of your codebase.

8. Secure Storage & Encryption for Local Data: Encrypt local DBs/files at rest and reset on logout or during account deletion.

The encrypt package can be used to generate cryptographically secure random keys and perform AES encryption and decryption.

Hive is also another method to store data securely on your mobile app or for offline use. Hive is a lightweight and blazing-fast key-value database written in pure Dart. Encrypt payloads before saving.

9. Prevent App Screenshots: Critical for fintech apps to prevent data leakage through screen grabs or the task switcher.

When a mobile app goes into the background, the OS will take a screenshot to show in the app switcher. This screenshot gets stored to disk and can reveal things like account numbers in sensitive applications.

The following packages detect, disable screenshots, and block screen recording:

10. Disable 'print' in Production: This is a common vulnerability risk most Flutter developers are prone to.

Using print in production code poses severe security risks by potentially leaking sensitive data like passwords, keys, and personal information into insecure log files, which are easily accessible to unauthorized users.

It causes performance degradation, hinders debugging, and clutters logs, making it hard to identify real issues.

Better alternatives include:

Use Logging Frameworks: Import the dart:developer library, and use the log method to print values as a string.

import 'dart:developer';

log("$networkResponse");

Use Environment Flags: Import the Flutter foundation.dart library, and wrap your print statement to check if it’s in debug mode:

import 'package:flutter/foundation.dart';

    if (kDebugMode) {
      print("Hello world!");
    }

Remove Debug Code: Ensure all print statements are removed before deployment.

11. Secure Deletion: Ensure that when a user logs out or deletes their account, all local encrypted data and keys are wiped immediately.

C. Network & Transport Security (M5)

This only focuses on the "Tunnels" used to move data from the app to the cloud. Also known as data in motion.

12. Use HTTPS and Enforce TLS for All Communications: When an attacker intercepts and perhaps modifies communication between two parties, it's known as a Man-in-the-Middle (MITM) attack.

This is particularly risky when using unsecured HTTP connections since private data, such as API keys and login passwords, can be altered or stolen.

The best way to avoid this risk is to:

Use dio or the http package for network calls.
Make sure that base URLs start with https, as this enforces SSL/TLS for secure communication.

13. Certificate Pinning: Certificate pinning is a high-security measure that locks an application to only trust a specific, pre-defined server certificate or public key, rather than relying on any trusted Certificate Authority (CA). It prevents Man-in-the-Middle (MITM) attacks, ensuring only authorized servers communicate with the app.

Without pinning, your app trusts any valid SSL certificate. With pinnining, it only trusts your specific certificate.

Use http_certificate_pinning or put in place native pinning via platform channels. Consider mTLS(Mutual TLS), where the client also provides a certificate to the server (common in banking and high-security apps).

Although not all apps need certificate pinning. Examples of apps that don't need pinning include:

Apps that need to work with different backend URLs/third-party APIs.
Small apps/projects.

D. App Integrity, Supply Chain & Code/Input Quality (M7, M2, M4, M8)

Focuses on the health of the binary, the safety of the code, and external "inputs".

14. Frontend Validation of Forms & Inputs: Make sure to validate all forms on the frontend for User experience, but sanitize and validate on the server to prevent injection attacks.

15. Build Hardening with Obfuscation, R8/ProGuard, Increase Code Complexity: Code obfuscation is the process of modifying an app's binary to make it harder for humans to understand.

Obfuscation hides function and class names in your compiled Dart code, replacing each symbol with another, making it difficult for an attacker to reverse-engineer your proprietary app.

To enable obfuscation and secure your code from reverse engineering using the --obfuscate flag, your build command should look like this:

flutter build apk --obfuscate --split-debug-info=/<symbols-directory>

Use ProGuard for Android: Configure ProGuard rules in android/app/proguard-rules.pro to obfuscate APKs.

16. Jailbreak/Root Detection: Modified apps often run on rooted or jailbroken devices. Thus, your app should detect these compromised environments at runtime and respond appropriately by shutting down or reporting the issue to the server.

To mitigate this risk and prevent your app from being compromised, you can use flutter_jailbreak_detection, but consider native checks for robustness.

17. Dependency Auditing: Regularly scan your pubspec.yaml for vulnerable packages. Attackers often target the "Supply Chain" (3rd party plugins) rather than your code.

Run flutter pub outdated to find outdated packages in your Flutter project, and update them as appropriate.

18. Deep Link Validation: Only use Android App Links and iOS Universal Links. Standard custom schemes (e.g., myapp://) are easily hijacked by malicious apps on the same device.

Bonus Tips and Ongoing Practices

1. Limit Copying Code You Don’t Understand From the Internet: Try to avoid copying and re-using every code snippet you get from Stack Overflow, Reddit, AI agents, or LLMs without confirming and checking what it's doing and its security impact.

This is because logic flaws in code, vulnerable third-party libraries can cause buffer overflows and memory leaks.

The best solution is to go through and use the Flutter documentation and reliable blogs to find solutions to certain code issues/fixes.

2. Runtime Self-Protection (RASP): Beyond the categories above, you should implement RASP logic. This means the app isn't just "secure", it is aware.

For example, if the app detects that a debugger is attached or the signature doesn't match the original Play Store/App Store signature, the "system" should immediately terminate or "brick" the sensitive parts of the application.

3. Always Use the Latest Flutter Version: Make sure to keep current with the latest Flutter SDK releases. Use the upgrade command to always update your Flutter version to the latest stable release.

flutter upgrade

4. Keep Dependencies Updated: Regularly use flutter pub outdated and flutter pub upgrade to keep your Flutter SDK and all packages updated with the latest security patches.

flutter pub outdated
flutter pub upgrade

5. Scan for Vulnerabilities: Integrate security testing tools (e.g., MobSF, AppSweep) into your CI/CD pipelines to automatically scan code for common vulnerabilities.

Conclusion

As Flutter cements its position as the world’s leading cross-platform framework, the focus has shifted from "how do we build it" to "how do we protect it".

In an era where a single data breach can cost millions in regulatory fines and irreparable brand damage, Flutter security is no longer a luxury; it is a core architectural need.

If you like this article, kindly follow me on LinkedIn to receive more helpful tips about Flutter and mobile app security.

Lastly, don't forget to share on other social platforms. Good luck!

Do you currently use any of these methods? Or do you have other efficient and more secure ways for Flutter developers to secure their mobile apps? Share your experience in the comment section, and I’ll l update this article as appropriate…

Web Hosting in Nigeria: Top 8 Providers for 2026

Abdulazeez Oshinowo — Mon, 19 May 2025 06:39:55 +0000

Choosing the right web hosting service in Nigeria can be tricky. Unlike in other countries where uptime and load speed metrics are readily available, Nigerian hosting companies often don't make this information public. But don't worry, I've done the legwork for you.

Based on personal experience and extensive research, here's an updated list of the best, most affordable, and reliable web hosting providers in Nigeria for 2026:

Gitservers is the overall best web hosting in Nigeria.
QServers has the best quality hosting in Nigeria.
Truehost is best for WordPress hosting in Nigeria.
Smartweb is a reliable web hosting in Nigeria.
DomainKing has a budget-friendly hosting plan for startups.
Hostinger is the best international hosting for Nigerians.
Go54(Whogohost) is the most popular web hosting in Nigeria.
Namecheap is a reliable international web hosting option.

Why Does Your Website Need a Good Host Anyway?

Think of web hosting as your website’s “landlord.” A bad landlord means slow loading speeds, constant downtime (imagine your site crashing during a flash sale!), and security risks.

In a country where internet reliability can be… ahem… unpredictable, picking the right host is everything.

Now, let's dive into a detailed review of each of Nigeria's best web hosting companies.

Top Web Hosting Providers in Nigeria

1. Gitservers — Best Overall Web Hosting in Nigeria

Gitservers has significantly impacted the Nigerian hosting scene. They offer exceptional local support with a team based in Nigeria, ensuring timely help. Their scalable solutions cater to both blogs and large e-commerce sites.

Their standard package would cost you ₦2,500/month, and here are the key features you get:

6GB SSD storage
Unlimited email accounts
Unlimited Bandwidth (No restrictions)
2 Addon Domains
Free .com.ng domain registration
Free SSL certificates
User-friendly control panel
Reliable uptime and performance
Regular backups and strong security measures

Why Choose Gitservers? Their commitment to the Nigerian market and comprehensive features make them a reliable hosting partner.

2. QServers — Quality Nigerian Web Host Company

QServers is known for its reliable hosting services and strong customer support. They offer various hosting options, including shared, VPS, and dedicated servers.

Their starter plan begins at ₦1,850/month, and you get the following quality features from them:

6GB SSD storage
999 Emails
30GB bandwidth
Free .com.ng domain registration
0 Addon domain
Free SSL certificates
Reliable uptime and performance

Why Choose QServers? Their focus on quality service and customer satisfaction makes them a top choice for many Nigerian businesses.

3. Truehost — Best for WordPress and Global Reach

Truehost offers affordable hosting plans with features tailored for WordPress users. With data centres in Lagos and globally, they ensure optimal website performance.

With their WebHosting starter plan commencing from ₦992/month, you are sure to enjoy these features:

30GB SSD storage
Unlimited Email accounts
Unlimited Bandwidth
Free .com.ng domain registration
25,000 monthly visits
LiteSpeed servers for optimized performance

Why Choose Truehost? Their global reach and WordPress-optimised hosting make them ideal for bloggers and businesses targeting both local and international audiences.

4. SmartWeb Nigeria — Reliable Local Hosting Provider

SmartWeb Nigeria has built a reputation for reliability and excellent customer support. They offer a range of hosting services, including shared, cloud, and dedicated servers.

Their starter package will cost you ₦2000 monthly, and here’s what you get:

8GB SSD storage
15GB Bandwidth
Unlimited Email
Free SSL certificates
Reliable infrastructure
Various hosting options to suit different needs

Why Choose SmartWeb Nigeria? Their consistent performance and support make them a dependable choice for Nigerian businesses.

5. DomainKing — Budget-Friendly Hosting for Startups

DomainKing is a popular choice for startups and small businesses due to its affordable pricing and user-friendly interface.

Their basic hosting plan costs ₦805 per month, and you get:

1GB storage
300GB bandwidth
0 Email accounts
Free SSL certificates
DirectAdmin control panel

Why Choose DomainKing? Their budget-friendly plans are perfect for startups looking to establish an online presence without breaking the bank.

6. Hostinger — Best International Hosting Option

Hostinger remains a favourite for those seeking international hosting services. Known for its affordability and performance, it's ideal for beginners and small to medium-sized websites.

Starting at $2.49/month for a 48-month plan, some key features Hostinger provides include:

Shared, VPS, and cloud hosting plans
100–300GB storage options
Free SSL certificates
AI-powered website builder
Global data centres for optimal speed

Why Choose Hostinger? Its user-friendly interface and AI tools make website creation and management a breeze.

7. Go54 (Whogohost) — Popular Large Scale Hosting

Often cited as one of the oldest and most established Nigerian hosts. They offer a range of services, including shared, VPS, and domain registration, with local support and payment options. Known for being beginner-friendly.

Although they have been acquired by HostAfrica, their premium plan starts at ₦2500 monthly. Features included in this plan are:

8GB webspace storage
30GB bandwidth
Free SSL certificates
Unlimited Emails
Drag-and-drop website builders

Why Choose Go54? They are best for: Newbies and small businesses.

8. Namecheap — Reliable International Web Hosting

A budget champ with shared plans from US$1.58/mo (50 GB SSD, unmetered bandwidth, 100% uptime SLA), 24/7 LiveChat and optional Stellar Plus bundles (unlimited sites, auto‑backups).

Their cPanel servers in EU/US give low latency to Nigerian visitors via Cloudflare CDN. Namecheap’s Stellar plan starts at $1.98 per month with the following features:

20GB SSD storage
3 Websites
30 Email Addresses
Free Domain
AI website builder
Free SSL certificate

Why Choose Namecheap? Beginner-friendly web host offering great value for individuals and small businesses.

Picking Your Host: 5 Must-Check Boxes

Server Location: Want to target Nigerians? Choose a host with servers in Nigeria for lightning speed. Global audiences? Go for hosts with servers abroad.
Uptime Guarantee: Aim for 99.9% uptime. Anything less, and your site might ghost your customers during crucial moments.
Customer Support: Does the host offer 24/7 support via WhatsApp or phone? Because midnight domain emergencies will happen.
Scalability: Start small, but pick a host that lets you upgrade easily. Your future viral blog post will thank you.
Payment Flexibility: Naira payments, bank transfers, and crypto? Bonus points for hosts that don’t force you into USD transactions.

Conclusion

Choosing the right web host in Nigeria in 2026 is about more than just finding a cheap option. It's about finding a partner who provides the speed, reliability, security, and support your website needs to succeed in today's digital world.

Start by honestly assessing your needs: What kind of website are you building? How much traffic do you expect? What's your budget? Then, compare providers based on the updated factors we've discussed: look at their performance features (SSD/NVMe, server tech, location!), check their security measures, read reviews about their support, and understand their pricing structure, especially renewal costs.

The Nigerian web hosting scene is vibrant and growing, with excellent local and international options available. By doing your homework and knowing what to look for, you'll be well on your way to finding the perfect home for your website.

If you like this article, kindly follow me on LinkedIn to receive more helpful web development tips.

Lastly, don't forget to share on other social platforms. Good luck!

Simple Guide to Deploy and Test Flutter Apps With Codemagic And Firebase

Abdulazeez Oshinowo — Tue, 02 May 2023 18:08:07 +0000

Have you ever wanted to share your app build with a client or a group of testers, to view the progress of your app on a feature that has been completed?

That is where CI/CD comes in.

CI and CD stand for continuous integration and continuous delivery/continuous deployment. In very simple terms, CI is a modern software development practice in which incremental code changes are made frequently and reliably. Automated build-and-test steps triggered by CI ensure that code changes being merged into the repository are reliable. The code is then delivered quickly and seamlessly as a part of the CD process.

Instead of manually bundling and building your app every time you need to share a working APK file, you can automatically send updates to your testers with a one-time setup on Codemagic and Google Firebase app distribution.

In this post, I will guide you on how to deploy and test your Flutter apps on a physical device with Codemagic and Firebase app distribution. The steps include:

Add a project to Firebase.
Add Firebase to your Android app.
Enable Firebase app distribution and add testers.
Host your Flutter project on GitHub or Bitbucket.
Connect the project repository and add an application to Codemagic.
Setup Codemagic workflow and connect Firebase.

6 Simple Steps to Deploy Flutter Apps With Codemagic and Firebase App Distribution

Step #1: Add Project to Firebase

Use your Google account to sign in to the Firebase Console.

Click on "Add Project"

Give a name to your project. And click continue

Disable "Google Analytics for this project". And click "Create project".

Once finished setting up, click on "Continue".

You'll be redirected to your Firebase project dashboard, where you can add any platform-specific app to your project.

In this article, we will focus on testing with only a physical Android device.

Click on the Android icon, to add an Android app.

Step #2: Add Firebase to Your Android App

To register your app on Firebase, you need to add your Android app package name (Your package name is generally the applicationId in your app-level build.gradle file).

This can be found in your Flutter project folder > android > app > build.gradle

Click on the "Register App" button after adding it.

Next, click on the download button, to download the "google-services.json" config file. Make sure there is no mistake when saving the name of this file.

Once download is complete, move the config file into the Flutter project folder > android > app

Then click "Next".

To make the google-services.json config values accessible to Firebase SDKs, you need the Google Services Gradle plugin.

Add the plugin as a buildscript dependency to your project-level build.gradle file: Flutter project folder > android > build.gradle

classpath 'com.google.gms:google-services:4.3.15'

Then, in your module (app-level) build.gradle file, add both the google-services plugin and any Firebase SDKs that you want to use in your app: Flutter project folder > android > app > build.gradle

Add the Google services gradle plugin.

apply plugin: 'com.google.gms.google-services'

Import the Firebase BoM.

implementation platform('com.google.firebase:firebase-bom:31.5.0')

And finally, click Next.

You're all set. Click the "Continue to console" button.

Step #3: Enable Firebase App Distribution and Add Testers

To distribute your apps to users/testers for them to install on their mobile phones, you need to set up the app distribution feature in Firebase.

Select "All products" in the sidebar menu of your Firebase console. Under the "Release & Monitor" section, click on the "App Distribution" card.

Click on the "Get Started" button.

Switch to the "Testers & Groups" tab.

Create a group for your testers to add to Codemagic. Click the "Add group" button to create a new group.

Enter the group name as "android_testers", and click save.

Then click the "Add tester" button to add a new tester's email. This email should be an accessible email, where they can receive updates and notifications of any new version release of your app.

And you're done setting up App Distribution on Firebase.

Step #4: Host Your Flutter Project on GitHub

You need to host your project, to an online repository. This would make it easier to trigger an app build when you push your changes from your local workspace to the online repository or when you merge with a specific branch automatically in Codemagic.

Click here to learn how you can push a Flutter project to your GitHub repository.

Step #5: Connect the Repository and Add an Application to Codemagic

On the dashboard, click on the "Add application" button.

On the new pop-up dialog shown, select GitHub (if GitHub is where your Flutter project is hosted). Click "Next" to select a repository.

A list of your repositories in your connected GitHub account would be displayed in the dropdown bar. Select the repository in which the app you want to test is in.

Select The "Flutter App" workflow option. And Click "Finish" to add an application.

N.B: If you can't find your repository, or find it difficult to connect your GitHub account, check here to view your integration settings, or if Codemagic is installed in your GitHub account.

Step #6: Setup Codemagic Workflow and Connect Firebase

Double-click the workflow name to edit. Rename the workflow to "Firebase App Distribution".

Select only the Android platform under the "Build for platforms" section.

Scroll down, and click on the "Build triggers" bar to set up which triggers should run a new app build.

Select the checkbox: "Trigger on push".

Enter the name of the branch you want to be watched, and click "Add Pattern".

After that, scroll down to the "Build" bar section.

All you need to do here is select "Android app bundle and universal APK" as your Android build format.

Switch the Mode to "Release".

Then, navigate to the "Distribution" bar section.

Inside, open the "Android code signing" section.

Check the box to enable Android code signing.

Choose or drop your keystore.jks file to the Keystore input section. Provide your Keystore password, Key alias and Key password details in the appropriate input fields.

Once done, Click on "Save changes" at the top navigation bar.

If you don't have the above keystore details, follow these steps to generate a keystore.jks file for your developing device:

A. Create a file called key.properties in the Android directory, at the same level as local.properties. Inside, copy and paste the following four lines of code and adjust according to your wants.
storePassword and keyPassword are usually the same. the value for storeFile can change to wherever you put your keystore in the next step.

storePassword=pw
keyPassword=pw
keyAlias=upload
storeFile=../app/upload-keystore.jks

B. Generate the key.

This section is divided into two, depending on whether your developing device is Windows or Mac.

Windows
Copy and adjust the following code to your appropriate directories. Run it on cmd. The first address is where your java keytool lies, and the second address after -keystore is where you want to download the key, as well as its name.

C:\\"Program Files"\Android\\"Android Studio"\jre\bin\keytool -genkeypair -v -keystore C:\Users\Administrator\upload-keystore.jks -storetype JKS -keyalg RSA -keysize 2048 -validity 10000 -alias upload

Mac
It's easier for Mac users since you can simply just copy and paste the following code to the terminal and you're set.

keytool -genkey -v -keystore ~/upload-keystore.jks -keyalg RSA -keysize 2048 -validity 10000 -alias upload

The next thing I would suggest you do is to move the key to where your app resides: inside android > app.

N.B: You don't need to repeat these steps for every app you want to connect to Codemagic. You can always use the same keystore.jks file and password details in the Android code signing section.

Next, navigate to the "Firebase App Distribution" bar section:

Check the box to enable publishing to Firebase App Distribution. Select "Firebase token" as the authentication method.

Provide your Firebase token:

To generate a Firebase token for your developing device, follow the following steps:

If you don't have Firebase CLI already installed, follow this guide. Else continue with the next steps.

Open your terminal or CMD(for Windows user)

Start the sign-in process by running the following command:

firebase login:ci

This will redirect you to your browser, to authenticate your Google account or Visit the URL provided in the terminal, then log in using a Google account.

Click "Allow" to grant Firebase the necessary permissions needed.

Now, go back to your terminal. You should see a success notification with your Firebase Token. (You can save this token in a safe place to be used for other apps. Instead of re-generating a new one).

Provide your Android Firebase app ID:

This can be gotten from your Firebase console dashboard.

Select the added Android app on the Firebase console to view the app details.

Here is where you would find your Firebase App ID. Copy and paste it into the appropriate input field in Codemagic.

In the "Tester groups for Android app" input field, enter "android_testers" (Same as the group name created in Firebase App Distribution).

Once done, Click on "Save changes" at the top navigation bar.

And now, the setup is complete!!

Finally, click the "Start build" button to start your first app build. You won't need to do this later on, as when you make a push to your repository on Github, it triggers this process automatically.

With all set up properly, your testers would get an email notification instructing them to accept and install the app on their Android mobile device.

Conclusion

Deploying flutter apps to test on a physical mobile device with Codemagic is a very straightforward process.

Your workflow is set and all the triggers are in place when you push code from your local workspace or code editor.

This starts building your app. Then when done delivers and deploys to all added testers or clients through the preset channels.

If you like this article, kindly follow me on Linkedin to receive more helpful tips about Flutter.

Lastly, don't forget to share on other social platforms. Good luck!