Hey XDA community!
I'm an independent software developer who's made an encrypted notepad as a small side project. Every note goes through NSA approved AES 256 encryption, the same standard used by the United States government to protect top-secret level files.
I also made use of Android's biometric technologies to both enhance the lock screen proctection and enforce the user's privacy keeping a great practical-reliable value.
Notable features you'll find: instant & secure Android biometrics fingerprint login, fully customizable RGB UI, NSA approved AES 256 encryption, dark mode, autosave, autolock, anti brute-force and more.
Feel free to check it out on Google Play!
------------------------------------------------------------------
Additionally, I made a fully documented, open source example project file that showcase all the core systems that involve an encrypted multiple note-taking program.
This is incredibly useful for beginners looking forward deepening their CF2.5 programming knowledge, or just advanced Fusion developers looking for related systems to the matter or contributing to it.
Here you'll learn the AESFusion object, complex ini file structures and data management, ForEach loops, spread values to assign identifiers to an active, the use of loops and timers, GoE's flow, and applying mathematical functions to the fusion scripting language within the expression editor to pull off more complex programming.
The only thing missing is the lock screen, just because I don't consider it strictly related to the core systems. However, it's quite simple to do and you can add it if you want.
I hope you find it useful! No credits are needed. Feel free to contribute
.mfa example file on GitHub
Related
Executive Summary
The future is here, and ahead of schedule. Come join us, the weather's nice.
This blog post describes the installation and configuration of a prototype of a secure, full-featured, Android telecommunications device with full Tor support, individual application firewalling, true cell network baseband isolation, and optional ZRTP encrypted voice and video support (ZRTP does run over UDP which is not yet possible to send over Tor, but we are able to send SIP account login and call setup over Tor independently).
Aside from a handful of binary blobs to manage the device firmware and graphics acceleration, the entire system can be assembled (and recompiled) using only FOSS components. However, as an added bonus, we will describe how to handle the Google Play store as well, to mitigate the two infamous Google Play Backdoors.
Introduction
Android is the most popular mobile platform in the world, with a wide variety of applications, including many applications that aid in communications security, censorship circumvention, and activist organization. Moreover, the core of the Android platform is Open Source, auditable, and modifiable by anyone.
Unfortunately though, mobile devices in general and Android devices in particular have not been designed with privacy in mind. In fact, they've seemingly been designed with nearly the opposite goal: to make it easy for third parties, telecommunications companies, sophisticated state-sized adversaries, and even random hackers to extract all manner of personal information from the user. This includes the full content of personal communications with business partners and loved ones. Worse still, by default, the user is given very little in the way of control or even informed consent about what information is being collected and how.
This post aims to address this, but we must first admit we stand on the shoulders of giants. Organizations like Cyanogen, F-Droid, the Guardian Project, and many others have done a great deal of work to try to improve this situation by restoring control of Android devices to the user, and to ensure the integrity of our personal communications. However, all of these projects have shortcomings and often leave gaps in what they provide and protect. Even in cases where proper security and privacy features exist, they typically require extensive configuration to use safely, securely, and correctly.
This blog post enumerates and documents these gaps, describes workarounds for serious shortcomings, and provides suggestions for future work.
It is also meant to serve as a HOWTO to walk interested, technically capable people through the end-to-end installation and configuration of a prototype of a secure and private Android device, where access to the network is restricted to an approved list of applications, and all traffic is routed through the Tor network.
It is our hope that this work can be replicated and eventually fully automated, given a good UI, and rolled into a single ROM or ROM addon package for ease of use. Ultimately, there is no reason why this system could not become a full fledged off the shelf product, given proper hardware support and good UI for the more technical bits.
Click to expand...
Click to collapse
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
Pretty much what Guardian ROM is doing. I look forward to all the new builds
Truth. Transparency. Technology
What is Kaqaz?
Kaqaz is a modern note manager published by Sialan Lab.
It's using C++, Qt5 framework and Qml technology. It's open source and released under the GPLv3 License.
Kaqaz designed for tablets and large phones (>5 inch). But it works on other devices.
This is important for us to know your feedbacks. If it's good or not good, please tell us why?
The focus of Kaqaz is on a better user interface so that the user can feel a different experience with it. Kaqaz has tried to provide faster access bars and present a convenient interface for the users to have an enjoyable time while working on it. Kaqaz is a free and open source software written under GPLv3 license.
Note: To synchronize your notes with your other devices such as your laptop, you can download the desktop version. This application supports Windows, Linux, Mac and Android at the moment. iOS , ubuntu touch and Windows phone versions of this application will be published soon.
Kaqaz Theory
Kaqaz is not just an application. It is more like a theory; a theory on which much time has been spent in Sialan Lab to be designed and implemented.
Theory of Kaqaz states that imagine you have a lot of blank papers before you. You can write anything on them you would like without any concerns about how it is going to be kept or what will happen to them. You stick a label on them and then attach as many files as you’d like to them.
Do not worry about where or how it is going to be put and kept and clear your mind from all such concerns. Turn over the present paper and go to next one and only think about writing. Write on and on and fill in thousands of papers with a distress-free mind. A thousand is a small number for Kaqaz.
During all this time Kaqaz saves and keeps all your writings in its storage (cache).
Say goodbye to crowded lists of hundreds of writings. You can read and edit your writings whenever you want. Just ask Kaqaz what you want.
If you are looking for a specific word, say it to Kaqaz via the search tool. If you are looking for a specific label, choose the label from the sidebar and if you are looking for some writings modified on a specific date, type the date on the history tool.
Surely many more new, smart and advanced tools will be published for expressing your demands to Kaqaz. But for now we are at the beginning and only these tools are presented.
Kaqaz tries to sugar-coat writing for you through its simple theory and simplicity of user interface. It tries to make you concentrate only on writing so as to motivate you to write more.
The goal of Kaqaz is to inspire people to write diaries, short stories, daily notes, purchase lists, information, etc. as easily and best as possible and more importantly to enjoy writing.
Kaqaz attempts to support the habit of writing and motivate the users to write in today’s mechanized world.
We hope to develop and strengthen the theory of Kaqaz by relying on your support in order to satisfy you even more, leading to a development in the field of Note Manager Applications.
Features:
Notes management by means of labels and categories
Sorting notes by day
A user-interface different from other applications
Advance and Smart searching in notes
To-Do papers
Backing up notes
Encrypted synchronization via Dropbox among all your devices
Supporting left-to-right and right-to-left languages
Sharing papers with other applications
Assigning password for protecting notes
Attach map and weather to note informations automatically
Attaching photos, audio files and folders to any note
Search on papers by location
Capability of running and sync data on all operating systems (Android, Windows, Linux, Mac and soon other operating systems)
Kaqaz is a free software.
You can find kaqaz source code on Github
Rotary Pipes
I recently wrote a simple game that is about a twisted structure of pipes. These seek to get back in shape by rotating them accordingly, such they they form a connected network again.
My main reason for posting this in here is the crossplatform development background. This being said, I converted the Android app to a desktop application for Windows within an hour as described below.
Download
Windows
As already mentioned, the crossplatform development background is my main reason for posting this here. The app for Android has been developed in a way, that makes it easy to convert it to other platforms. The graphical user interface has for this reason been developed with HTML, CSS and JavaScript and can therefore simply be rendered in any common webview. Regarding the core mechanics, basic C / C++ has been used in combination with some preprocessor quirks in order to easily compile it for arbitrary targets. The remaining parts like persistent preference containers have eventually been implemented by utilizing a custom domain specific language in Xtext, which again makes crossplatform development feasible by utilizing code generation.
Feedback
I highly appreciate any feedback, so please do not hesitate with any advices or suggestions.
I posted this to /r/Android before, but they suck, so I'll try my hand at posting it here.
-----
I'd like to announce KeepShare Lite for KeePass
Well, it's not really a new app. KeepShare has been under development and available on the Play Store since 2013. The FREE Lite version is available now.
What is it?
KeepShare is a KeePass database reading and writing app for Android.
What makes it special?
It is built from the ground up to be completely different from any other solution available on Android. This application is the only implementation of KeePass for Android that allows one to securely unlock the database with a 4+ digit PIN. It also looks good because it's fully Material Design.
KeepShare is one of the first apps to have a custom keyboard for password entry, in addition to searching for database entries using a "Share" mechanism (hence the name KeepShare). In addition to this, it is also among the first password managers on Android to provide complete auto-fill support across all apps, including Chrome (requires Android 5.0+ for Chrome).
In addition to this, KeepShare supports Android 4.4+ Storage Access Framework, this means you can automatically connect and synchronize to your choice of cloud storage provider, including Google Drive, Box.net, OneDrive, etc.
It is also fully compatible with KeePass because it uses a 100% direct port of KeePassLib from C# to Java
How is KeepShare Lite different from KeepShare?
KeepShare Lite provides read-only support for KeePass databases. I recently completed write support for KeepShare, and as a result, I feel that it's enough of a feature delineation where I can give KeepShare Lite to everyone for free! Why do I want to give it away? Because everyone should be improving their security situation by making better use of strong passwords, and security should be easy.
Great, where can I get it?
https://play.google.com/store/apps/details?id=com.hanhuy.android.keepshare.lite
Help! I'm stuck
Yes, it's open source: issue tracker on github https://github.com/pfn/keepshare
I suppose posting here works, too!
What's this KeePassLib port?
Find it on github https://github.com/pfn/keepassj
How can a 4 digit PIN possibly be safe!?
The security is implemented by using a 2-part encryption key for your master passphrase. Your PIN is only one part of the key. The other part of the key is uploaded into app-private data in your Google Drive account. Information stored on your phone cannot be accessed without the key from Google Drive and vice versa. (Also a first, no other app does this to enhance your security).
Can I create databases using KeepShare?
Not yet, for now, you will need to create it from any other app that allows database creation.
What if I don't like it?!
Queue up the 1* reviews!
Trivia
I'm also the developer of keepasshttp, chromeipass and passifox, trusted by over 100k users. Although it's been mostly sidelined and I haven't actively developed it in forever. Any volunteers?
Hi experts,
I am an reasonably good php scripter, but know just the very very basics of mobile app development (Java/Smali/Android Studio).
I really have no interest in trying to learn enough to build a decent app as time is a big limiting factor for me.
I have an idea for an app, and I know I could do the whole thing in php quite easily, but I would like it to be a downloadable app, is it possible to write my software in php, and then have a very basic android/IOS app that basically just loads the website, the only thing the app needs to do, is run the webpages in fullscreen and hide any browser elements (url bar, scroll bar etc). The only thing that may be challenging is enabling "swipe" abilities, but I can live without that and just use hyperlinks for moving around, I would also look at preloading content so the app runs smooth. At some point if the app gets any interest I would pay to get ti developed properly.
Keen to hear your thoughts - maybe there are other apps already doing this I can copy, and I know some may say why not just make it browser based, but I believe the app store itself its the critical part of advertising and exposure of this service, also means I can release a real app version in the future and have it pushed to all devices.
Conceivable assaults ¶
Utilizing PHP as a CGI paired is a possibility for setups that for reasons unknown don't wish to incorporate PHP as a module into server programming (like Apache), or will utilize PHP with various types of CGI wrappers to make safe chroot and setuid situations for scripts. This setup typically includes introducing executable PHP paired to the web server cgi-receptacle catalog. CERT consultative » CA-96.11 prescribes against setting any mediators into cgi-canister. Regardless of the possibility that the PHP double can be utilized as a standalone mediator, PHP is intended to keep the assaults this setup makes conceivable:
Getting to framework documents: http://my.host/cgi-container/php?/and so forth/passwd The inquiry data in a URL after the question mark (?) is passed as summon line contentions to the mediator by the CGI interface. Generally translators open and execute the document indicated as the primary contention on the order line. At the point when summoned as a CGI paired, PHP declines to decipher the charge line contentions.
Getting to any web record on server: http://my.host/cgi-receptacle/php/mystery/doc.html The way data part of the URL after the PHP twofold name,/mystery/doc.html is traditionally used to indicate the name of the document to be opened and deciphered by the CGI program. Typically some web server setup orders (Apache: Action) are utilized to divert solicitations to archives like http://my.host/mystery/script.php to the PHP translator. With this setup, the web server first checks the get to authorizations to the registry/mystery, and after that makes the diverted demand http://my.host/cgi-canister/php/mystery/script.php. Sadly, if the demand is initially given in this shape, no get to checks are made by web server for record/mystery/script.php, yet just for the/cgi-container/php document. Thusly any client ready to get to/cgi-canister/php can get to any secured archive on the web server. In PHP, runtime design orders cgi.force_redirect, doc_root and user_dir can be utilized to keep this assault, if the server record tree has any indexes with get to confinements.