Open Source Android Security Apps - Page 2
Sort By:
Security Apps for Android
View 843 business solutions-
AI-powered service management for IT and enterprise teamsGive your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.
-
Try Google Cloud Risk-Free With $300 in CreditUse your credit across every product. Compute, storage, AI, analytics. When it runs out, 20+ products stay free. You only pay when you choose to.
-
1
Xteam
All-in-one command-line toolkit for security testing and OSINT tools
Xteam is a command-line security toolkit designed to provide multiple penetration testing and information-gathering utilities in a single interface. It combines several modules and external tools to help users perform security research tasks related to mobile devices, wireless networks, and online services. It acts as a centralized launcher that integrates scripts and third-party tools, allowing users to access different testing functions through a menu-based command line workflow. Xteam includes features such as Instagram information gathering, phishing utilities, wireless attack tools, and Android security testing capabilities. Xteam’s architecture uses a main bash script that serves as the hub for running internal modules or downloading and executing external projects when needed. It can operate on Linux systems as well as Android devices using Termux, making it accessible in both desktop and mobile environments. -
2
PyLoris
A protocol agnostic application layer denial of service attack.
PyLoris is a scriptable tool for testing a server's vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet. -
3
Open eID Fraunhofer
Implementation of the protocols PACE, Terminal and Chip Authentication
This project provides a pure Java implementation of the protocols PACE, Terminal Authentication and Chip Authentication for the german eID infrastructure as specified by BSI TR-03110 and BSI TR-03112. Furthermore this project contains an Android eID client based on this implementation. -
4
Flipper Android App
Android Mobile app to rule all Flipper's family
Flipper Android App is the official Android-based companion application that provides full control and management capabilities for the Flipper Zero device through a modular and scalable mobile architecture. Built primarily in Kotlin, the app is structured into multiple components that separate core logic, communication layers, and feature modules, enabling maintainability and extensibility for future development. It establishes a communication bridge between Android devices and Flipper Zero, allowing users to interact with hardware features such as infrared remotes, RFID/NFC tools, and Sub-GHz radio functionalities directly from their smartphone. The app supports file browsing, data transfer, and device configuration, making it a comprehensive control center for managing the Flipper ecosystem. Its modular design allows developers to introduce new features independently without disrupting the overall application structure. -
AI-generated apps that pass security reviewRetool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.
-
5
libsodium
A modern, portable, easy to use crypto library
libsodium is a modern, portable, and easy-to-use cryptographic library that serves as an API-compatible fork of NaCl. Consistent behavior and formats across supported platforms. It enhances the original design with build and portability improvements, making it widely deployable across platforms for secure encryption, signatures, hashing, and key derivation. Digital signature creation and verification support. Adds extended cryptographic primitives like BLAKE2 and ChaCha20-Poly1305 beyond NaCl. -
6
StrongKey FIDO Server (SKFS)
FIDO® Certified StrongKey FIDO Server (SKFS)
An open source implementation of the FIDO2 protocol to support passwordless strong authentication using public-key cryptography. Supports registration, authentication (all platforms), and transaction authorization (for native Android apps). -
7
shadowsocks-libev
Bug-fix-only libev port of shadowsocks
Shadowsocks-libev is a lightweight secured SOCKS5 proxy for embedded devices and low-end boxes. Shadowsocks-libev is written in pure C and depends on libev. It's designed to be a lightweight implementation of shadowsocks protocol, in order to keep the resource usage as low as possible. Snap is the recommended way to install the latest binaries. You can build shadowsocks-libev and all its dependencies by script. The latest shadowsocks-libev has provided a redir mode. You can configure your Linux-based box or router to proxy all TCP traffic transparently, which is handy if you use an OpenWRT-powered router. Although shadowsocks-libev can handle thousands of concurrent connections nicely, we still recommend setting up your server's firewall rules to limit connections from each user. We strongly encourage you to install shadowsocks-libev from jessie-backports-sloppy. -
8
santoku
Mobile Forensics, Malware Analysis, and App Security Testing
Santoku is an easy to use, Open Source platform, dedicated to mobile forensics, analysis, and security. Version 0.5: md5: c2dcab27e6444730acc9bc351f34e543 sha1: 4d39adc01c443ac24a53a33f0ac077980d77c1fe sha256: ed72a014033c621c0da632b7e9853920b834a4bceae4427513737f7cf5ff0f55 -
9
Zynix-Fusion
zynix-Fusion is a framework for hacking
zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else. -
Train ML Models With SQL You Already KnowBuild and deploy ML models using familiar SQL. Automate data prep with built-in Gemini. Query 1 TB and store 10 GB free monthly.
-
10
ANDRAX Hacker's Platform
Advanced Ethical Hacking and Penetration Testing Platform
The most complete and Advanced Penetration Testing and Ethical Hacking Platform dedicated to Advanced Professionals. Developed to bring the power of Offensive Security in the anyone's pocket 100% OPEN SOURCE - ANDRAX is a independent solution for Security professionals who loves Linux -
11
Google Authenticator Android
Open source fork of the Google Authenticator Android app
Google Authenticator for Android is the open-source two-factor authentication app that generates time-based (TOTP) and counter-based (HOTP) one-time codes entirely on the device. It’s designed to be simple, offline, and standards-compliant, so any service that supports OATH OTP can interoperate with it. The app streamlines enrollment via QR codes or manual key entry, then displays rotating numeric codes with clear account labels to reduce mistakes during login. Because secrets are stored on the device and codes are computed locally, it works even without a data connection and avoids server-side dependencies. The UI focuses on clarity and safety cues—timers, account naming, and basic management—to make 2FA adoption accessible to non-experts. For developers, the project doubles as a reference implementation of OTP enrollment, storage, and code generation on Android. -
12
Horusec
Open source tool that improves identification of vulnerabilities
Horusec is an open source tool that performs a static code analysis to identify security flaws during the development process. Currently, the languages for analysis are C#, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart, Elixir, Shell, Nginx. The tool has options to search for key leaks and security flaws in all your project's files, as well as in Git history. Horusec can be used by the developer through the CLI and by the DevSecOps team on CI /CD mats. -
13
V3SP3R
AI Flipper control
V3SP3R is an experimental open-source project focused on integrating artificial intelligence with Flipper Zero control, aiming to create a more autonomous and intelligent interaction layer for hardware-based security tools. The project explores the concept of AI-assisted device control, where an intelligent system can interpret commands, automate workflows, and potentially orchestrate complex sequences of actions across Flipper functionalities. It is part of a broader ecosystem of projects by the same author that investigate prompt engineering, agent-based systems, and unconventional AI interaction paradigms. V3SP3R appears to emphasize automation and abstraction, reducing the need for manual device interaction by allowing higher-level instructions to drive hardware behavior. The project aligns with emerging trends in combining AI agents with physical tools, effectively bridging software intelligence and hardware execution. -
14
Vigilante
Android security (camera/microphone dots indicators) app using Hilt
Know when a third-party app uses your device's camera/microphone. An app that focuses on your privacy and alerts you when a third-party app uses your device camera or mic, plus few other goodies. -
15
Wi-PWN
ESP8266 firmware for performing deauthentication attacks
ESP8266 firmware for performing deauthentication attacks, with ease. Wi-PWN is a firmware that performs death attacks on cheap Arduino boards. The ESP8266 is a cheap microcontroller with built-in Wi-Fi. It contains a powerful 160 MHz processor and it can be programmed using Arduino. A deauthentication attack is often confused with Wi-Fi jamming, as they both block users from accessing Wi-Fi networks. The 802.11 Wi-Fi protocol contains a so-called deauthentication frame. It is used to disconnect clients safely from a wireless network. Because these management packets are unencrypted, you just need the MAC to address of the Wi-Fi router and of the client device which you want to disconnect from the network. You don’t need to be in the network or know the password, it’s enough to be in its range. With the 802.11w-2009 updated standards, management frames are encrypted by default. -
16
Accrescent
A novel Android app store focused on security, privacy, and usability
Accrescent is a private and secure Android app store built with modern features in mind. It aims to provide a developer-friendly platform and pleasant user experience while enforcing modern security and privacy practices and offering robust validity guarantees for installed apps. A novel Android app store focused on security, privacy, and usability. Open-source forever. -
17
DNS-Based Host Blocking for Android
DNS-based Host Blocker (and lightweight ad blocker) for Android
This is a DNS-based host blocker for Android. In the default configuration, several widely-respected host files are used to block ads, malware, and other weird stuff. On the first start, you must manually update the hosts files (using the refresh button) before the service can work correctly (issue #1); and you must also update the hosts files yourself regularly for now. Items in the hosts and DNS servers lists can be moved around and removed) of the list using standard RecyclerView interactions (long press makes the entry movable, swipe to either side removes it). For hosts, a later entry overrides a previous entry; for DNS servers, the first server is preferred. There's also no validation of input, so DNS servers that are not valid IPv4 addresses are not rejected, neither are URLs for DNS server entries (we intend to support URLs in the future, so you can point the app to a remote list of servers). -
18
Proton Pass for Android
Android code for the Proton Pass application
Proton Pass for Android is the official Android client for Proton’s secure password manager and digital credentials vault, designed to help users safely store, autofill, and organize passwords, secure notes, payment details, and other sensitive information directly on their Android devices. Built as a fully native Android application, it provides a polished user experience with Material Design patterns and makes encryption and decryption seamless by handling all sensitive data locally on the device, ensuring that plain text never leaves user control. The app integrates with Android’s autofill system so users can quickly fill login forms across apps and browsers with a tap while maintaining strong password hygiene and avoiding reused or weak passwords. It also supports biometric unlock (fingerprint or face) for convenience and strong session security, along with multi-device sync when users log into their Proton account, keeping vault data consistent across platforms. -
19
ThumbmarkJS
World's best free browser fingerprinting library
ThumbmarkJS is an MIT-licensed browser fingerprinting library that produces stable fingerprints with 90% uniqueness. It works with normal and private browsing. ThumbmarkJS is a free, open‑source browser fingerprinting JavaScript library, designed as an alternative to FingerprintJS. It generates distinct, persistent device fingerprints using web APIs like canvas, audio, fonts, WebGL, and more, enabling identification of browsers across sessions, even in incognito or cleared-cache scenarios. It supports both client-side-only installs via CDN and npm, with optional API integration for improved uniqueness. -
20
zynix-fusion
zynix-Fusion is a framework for hacking
zynix-Fusion is a framework that aims to centralize, standardizeand simplify the use of various security tools for pentest professionals.zynix-Fusion (old name: Linux evil toolkit) has few simple commands, one of which is theinit function that allows you to define a target, and thus use all the toolswithout typing anything else. -
21
encrypt
cross-platform, encryption application
encrypt is a multi-platform, file encryption application. Binary packages are currently provided for Arch, Debian, Fedora, MS Windows, Android and OS X. For further details, including the latest source code, visit https://albinoloverats.net/projects/encrypt -
22
Port of the Password Safe application to Android
-
23
Droid Pentest help you to find all android apps for penetration testing and hacking so you can make complete penetration test platform .
-
24
2FAS Pass Android
Source code for 2FAS Pass Android app
2FAS Pass Android is the open-source Android implementation of the 2FAS password-protected authenticator and secure vault project, which blends two-factor authentication (2FA) token generation with a secure vault for managing verification codes and potentially other sensitive credentials. While specific repo details vary by the community project, in the broader 2FAS ecosystem the Android clients are designed to generate TOTP (time-based one-time passwords) and HOTP codes for users’ accounts, helping them meet modern multi-factor authentication needs through a simple, private user interface that works offline and without needing an account. The app supports scanning QR codes to add new authentication tokens, allows local encrypted storage of secrets, and can restore tokens from backups or synced devices. 2FAS focuses on privacy and simplicity—tokens aren’t sent to third parties, metadata isn’t stored externally, and users can secure the app with biometrics or passcodes. -
25
BoringSSL
Mirror of BoringSSL
BoringSSL is a Google-maintained fork of OpenSSL, designed specifically to meet the security, performance, and maintainability needs of Google’s infrastructure and products. While fully open source, BoringSSL is not intended for general public use — it serves as a streamlined, heavily modified SSL/TLS and cryptography library optimized for Google’s internal ecosystem, including Chrome/Chromium, Android, and other Google services. The project prioritizes security, simplicity, and maintainability over backward compatibility. Unlike OpenSSL, BoringSSL provides no guarantee of stable APIs or ABIs, meaning third-party projects depending on it may frequently break. Google products that use BoringSSL ship their own copies and update them as needed, enabling faster iteration without legacy constraints. BoringSSL includes comprehensive API documentation, build instructions, and guidance for porting code from OpenSSL.
