A current workaround is to archive with Xcode, and also run the flutter command.

Once the archive is created with Xcode, simply replace the binary by the flutter binary (it's working because i have released a new version of my MacOS app obfuscated)

We probably need separate instructions for a macOS app on the website.

Aside from the macOS releasing instructions, we should ensure that the Dart obfuscation instructions are accurate and work for macOS. It may be worth noting that platform-specific instructions can be found in the platform-specific releasing guides.

can someone shed some light here? @gspencergoog

I want to obfuscate my macOS app & then notarize it and there doesn't seem to be a way to do that.

@Tom3652 described the problem perfectly. Does the Flutter team need any additional information to provide an answer?

Moreover there are no clear instructions to test that the obfuscation is applied to the binary. I'm using a command line utility used by hackers "rizin" to inspect the binary. I can't notice any difference between a flutter debug build, a flutter release build and a flutter release build with --obfusate flag.

I can see all the strings & function names from native code, but none from dart. I see a lot of "garbage" like this.

CiCiCCCCC
BxBxBLBLB#B#B
AsAsAEAEA
@@@-@-@
?g?g?5?5?

f>f>0>0>
=X=X=!=!=

1. Does flutter obfuscate the dart code by default, no matter the type of build? (i.e. Runner from Xcode, or using flutter build)?
2. If the --obfuscate flag is indeed needed, then how can we test that it works?
3. If the --obfuscate flag is needed and it works, how can one upload the "result" of the flutter build --obfuscate to AppStore ?

p.s. my flutter app (windows version) has already been cracked:
https://audioz.download/software/win/245379-download_hiits-studio-130.html

Please clarify the topic of obfuscation & security for desktop apps (both macOS & Windows), because it is important!

can someone shed some light here? @gspencergoog

I want to obfuscate my macOS app & then notarize it and there doesn't seem to be a way to do that.

@Tom3652 described the problem perfectly. Does the Flutter team need any additional information to provide an answer?

Moreover there are no clear instructions to test that the obfuscation is applied to the binary. I'm using a command line utility used by hackers "rizin" to inspect the binary. I can't notice any difference between a flutter debug build, a flutter release build and a flutter release build with --obfusate flag.

I can see all the strings & function names from native code, but none from dart. I see a lot of "garbage" like this.

CiCiCCCCC BxBxBLBLB#B#B AsAsAEAEA @@@-@-@ ?g?g?5?5?

f>f>0>0>
=X=X=!=!=

1. Does flutter obfuscate the dart code by default, no matter the type of build? (i.e. Runner from Xcode, or using flutter build)?
2. If the --obfuscate flag is indeed needed, then how can we test that it works?
3. If the --obfuscate flag is needed and it works, how can one upload the "result" of the flutter build --obfuscate to AppStore ?

p.s. my flutter app (windows version) has already been cracked: https://audioz.download/software/win/245379-download_hiits-studio-130.html

Please clarify the topic of obfuscation & security for desktop apps (both macOS & Windows), because it is important!

In the meantime I found out i was inspecting the wrong binary. I can see all the strings declared in my dar code, and none of my dart functions, regardless of whether or not I build with --obfuscate flag.

So most of my question remains the same. How to test obfuscation works? Will the strings remain in clear text even if obfuscation is applied?