Flutter — Secure QR Code Loyalty Redemption Module for PayBack App(iOS & Android)

I am looking for an experienced Flutter developer to build a QR code-based loyalty redemption module for PayBack, a digital customer loyalty and rewards platform. This is a technically involved engagement — it requires implementing offline TOTP generation algorithms (RFC 6238), a dual-QR classification parser, replay-attack prevention logic, and a cross-app secure token handshake, all within an offline-first mobile architecture across two Flutter apps (customer wallet app and business operator app). Customer App — QR Generation - TOTP-secured redemption QR: The app must generate a time-based one-time password (TOTP) QR using the otp package. The QR should encode an otpauth:// URI containing the customer's secret key, a cryptographically random token, and a millisecond-precision timestamp. It must auto-refresh every 60 seconds to prevent replay attacks. - Static identity QR: A separate QR for cashback receipt encoding the customer's ID and display name for in-store scanning. - Offline-first generation: Both QR types must be generated entirely on-device. The TOTP secret should be fetched once at login and persisted in secure local storage so customers can display their redemption QR with zero network dependency — essential for low-connectivity retail environments. Business/Branch App — QR Scanning & Transaction Processing - Real-time camera scanning: Live viewfinder with custom overlay and scan-state feedback using mobile_scanner, optimized for fast reads under varied lighting. - Media library fallback: Operators should also be able to import a QR from the gallery — for cases where a customer's screen is damaged or too bright to scan directly. - Intelligent QR classification: A single scanner must handle both QR types and automatically distinguish between a "give cashback" QR and a "redeem" QR, routing to the correct transaction dialog without any manual mode switching from the operator. - TOTP validation and balance fetch: On scanning a redemption QR, the app should parse the TOTP secret, recalculate the 6-digit code client-side, validate the timestamp window (≤60 seconds), and pass it to the backend as an authorization token to fetch the customer's live wallet balance. - Promotion-aware cashback dialog: After scanning a give QR, the dialog should fetch and apply any active promotions for that customer automatically. - Bundle redemption: The redemption flow should surface the customer's available bundle items alongside their cashback balance, with the ability to redeem individual bundle entries in a single transaction. - Dual-transaction support: A configurable branch setting that allows a cashback collection and a new cashback grant to fire in the same session simultaneously. - Offline indicator: When the device has no connectivity, a visible offline banner should appear and QR detection should continue to work; the transaction should be held until the network is restored. Technical Requirements - Framework: Flutter 3.x (Dart) - TOTP: otp package (RFC 6238 compliant) - Local Storage: shared_preferences - State Management: Riverpod - Backend Integration: REST API - Platforms: Android & iOS Ideal Candidate - Strong Flutter experience with cross-platform delivery (Android + iOS) - Hands-on experience with mobile_scanner and QR/barcode workflows - Familiarity with TOTP / RFC 6238 and secure token handling - Experience integrating REST APIs with real-time UI state - Understanding of offline-first mobile patterns