Fordel StudiosThis case study describes a real engagement. Client identity, proprietary details, and specific metrics are anonymized or approximated under NDA.
Enterprise Digital Signature Mobile Application
An established digital trust services provider needed a cross-platform mobile application for their enterprise electronic signature platform. The existing native apps had diverged in feature parity, and the company needed a unified codebase that could handle PDF rendering, cryptographic signing operations, biometric authentication, and offline document queuing — all while meeting compliance requirements for qualified electronic signatures across multiple jurisdictions.
Built a production Flutter application supporting the full electronic signature lifecycle — document viewing, multi-type signing (draw, type, biometric), certificate management, Aadhaar eKYC integration, and offline signing with sync-on-reconnect. The app interfaces with PKI infrastructure for cryptographic operations and maintains tamper-evident audit trails.
The engagement covered the complete mobile application layer for an enterprise eSignature platform serving banking, insurance, government, and corporate clients. The existing platform had web and native mobile apps, but the native apps had accumulated technical debt and feature divergence across iOS and Android. The goal was a single Flutter codebase that achieved full feature parity with the web application while handling the unique constraints of mobile — intermittent connectivity, secure key storage, and biometric hardware variation across devices. The app was delivered incrementally over multiple sprints, integrating with the existing backend APIs and PKI infrastructure.
The Challenge
The core technical challenge was cryptographic signing on mobile devices. Private keys needed to be stored in hardware-backed keystores (Secure Enclave on iOS, StrongBox on Android) and never exposed to the application layer. PDF rendering with precise signature field placement had to work across documents of varying complexity — some contracts exceeded 200 pages with embedded form fields. Offline signing required local document encryption, signature queuing, and conflict-free sync when connectivity returned. Aadhaar eKYC integration added another layer — both OTP-based and offline XML-based verification flows had to work within the signing workflow. The app also needed to meet compliance requirements for multiple jurisdictions (India IT Act, eIDAS) simultaneously.
How We Built It
Discovery phase mapped the complete feature surface of the existing native apps and identified gaps against the web platform. We documented every signing flow — individual, bulk, serial, parallel, and hybrid — along with the certificate management lifecycle and authentication requirements. This produced a feature matrix that guided sprint planning.
Architecture centered on a clean separation between the UI layer, a signing service abstraction (handling both local and server-side cryptographic operations), and a sync engine for offline capability. Platform channels bridged Flutter to native keystore APIs (Keychain Services on iOS, Android Keystore) for all cryptographic operations. PDF rendering used a native bridge to platform PDF engines rather than a pure Dart solution, which was necessary for performance on large documents.
Implementation proceeded feature-by-feature: document viewing and annotation first, then single-document signing flows, then bulk operations, then offline queuing. Each feature was integration-tested against the production backend in a staging environment. Aadhaar integration was developed against the provider sandbox environment and promoted to production only after compliance sign-off.
Deployment used a phased rollout — internal QA build, then beta to a subset of enterprise clients, then general availability on both app stores. Post-launch support included monitoring crash analytics, addressing device-specific keystore issues (Samsung Knox vs stock Android variations), and performance tuning for PDF rendering on older devices.
What We Delivered
The Flutter application achieved full feature parity with the existing native apps in a single codebase, eliminating the iOS/Android divergence problem. Build and release cycles dropped from separate native pipelines to a single CI/CD flow, reducing release overhead significantly.
Offline signing with sync-on-reconnect worked reliably across field conditions — tested with enterprise banking clients operating in areas with intermittent connectivity. The local document queue handled up to 50 pending signatures without performance degradation.
PDF rendering performance met the target of sub-2-second load time for documents up to 100 pages on mid-range devices (Snapdragon 600 series). Cryptographic signing operations completed in under 800ms including biometric authorization.
Ready to build something like this?
Tell us what you are building. We will scope it, price it honestly, and give you a clear plan.
Start a ConversationFree 30-minute scoping call. No obligation.