Stehto on production is out of my view a huge security risk

[rekire]

I was thinking about to use your lib, but I have a lot of concerns. It seems that is has also just an implementation for Android and there is no replacement for iOS, which is fine so far but there should be a hint that you don't support iOS!

My security concern is, that on production you can see session cookies and might be even API or OAuth tokens, which must be protected. While for debug that is fine since that happens typically just on the developer's devices.

I am not sure if in flutter/dart dependencies can be used only for debug, if that is possible I would suggest that you mention that how to setup it correctly.

My suggestion is just to setup stehto just as a debug dependency in gradle, so that it will be never get on production.

[brianegan]

Hey there -- this is a really good call. When I first wrote the plugin I'd tried using it as only a debug dependency, but it was causing issues. It's been a while, so I think it's worth giving it another shot, since it's always been something that's bugged me!

[celiooliveira]

I resolve this issue by starting Stetho, only by debugging:

import 'package:flutter/foundation.dart' as Foundation;
import 'package:flutter/material.dart';
import 'package:flutter_stetho/flutter_stetho.dart';
import 'package:forcavenda/app/app_module.dart';

void main() {
WidgetsFlutterBinding.ensureInitialized();
if (Foundation.kDebugMode) {
Stetho.initialize();
}
runApp(AppModule());
}