Does Flutter remove debug-mode code when compiling for release?

Question

I'm wondering whether it is safe to place passwords directly in the Dart code like below. Does Flutter remove the code when compiling it for release? Of course I want to make sure that the code cannot be decompiled such that the username and password can be extracted.

bool get isInDebugMode {
  bool inDebugMode = false;
  assert(inDebugMode = true);
  return inDebugMode;
}

if(inDebugMode){
  emailController.text = 'random@email.com';
  passwordController.text = 'secret';
}

score 5 · Answer 1 · answered Nov 09 '18 at 12:06

5

The code you provided won't be tree-shaked. As isInDebugMode isn't a constant.

Instead you can use an assert this way:

assert(() {
  emailController.text = 'random@email.com';
  passwordController.text = 'secret';
  return true;
}());

answered Nov 09 '18 at 12:06

Rémi Rousselet

256,336
79
519
432

Günter Zöchbauer · Answer 2 · 2018-11-09T12:12:19.473

4

Tree-shaking removes that code when inDebugMode is a const value.

"safe" is a strong word for that though even when tree-shaking removes the code.
You could make a mistake that causes tree-shaking to retain the code.
You probably commit the code to a CVS repo.
...

You can use

a const value

const bool isProduction = bool.fromEnvironment('dart.vm.product');
if(isProduction) {
  ...
}

different lib/main.dart files with flutter run -t lib/debug_main.dart
or the assert method as mentioned (see also How to exclude debug code)

edited Nov 09 '18 at 12:12

answered Nov 09 '18 at 12:04

Günter Zöchbauer

623,577
216
2,003
1,567

Which means no here – Rémi Rousselet Nov 09 '18 at 12:04

Does Flutter remove debug-mode code when compiling for release?

2 Answers2

Linked