Stop failing App Store reviews: Meet Flutter Permission Scanner

If you’ve ever built a Flutter app, you know the drill. You need a feature, you head to pub.dev , you run flutter pub add , and you move on with your life. We love the Dart ecosystem because it abstracts away the native code. But there is a massive blind spot here: what native permissions did that package just sneak into your AndroidManifest.xml or Info.plist ? In my last article about building the Damn Vulnerable Flutter App (DVFA), I mentioned how insanely easy it is to misconfigure native manifests when you spend 99% of your time writing Dart. If a random analytics package secretly drags in ACCESS_FINE_LOCATION or RECORD_AUDIO , two things happen: Apple and Google will reject your app during review for missing privacy descriptions. Your users will get a creepy system popup asking to track them, and they will immediately uninstall your app. I wanted a quick way to audit exactly what my dependencies were asking for without manually digging through the .dart_tool cache. It didn't exist