Open Source Mobile Operating Systems Security Software - Page 2
Sort By:
Security Software for Mobile Operating Systems
-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Full-stack observability with actually useful AI | Grafana CloudBuilt on open standards like Prometheus and OpenTelemetry, Grafana Cloud includes Kubernetes Monitoring, Application Observability, Incident Response, plus the AI-powered Grafana Assistant. Get started with our generous free tier today.
-
1
Universal Password Manager
Store all your passwords in one secure encrypted database.
Universal Password Manager allows you to store all your passwords in one highly secure encrypted database. Its strengths are simplicity, portability and security (uses 128bit AES encryption). UPM is available on Android, Windows, OS X & Linux. -
2
Ente
End-to-end encrypted cloud for photos, videos and 2FA secrets
Ente is a fully open-source, end‑to‑end encrypted cloud platform designed for securely storing and managing your photos, videos, and 2FA secrets — without needing to trust the service provider. It includes cross‑platform clients and a CLI for self‑hosting needs. Ente is a service that provides a fully open source, end-to-end encrypted platform for you to store your data in the cloud without needing to trust the service provider. On top of this platform, we have built two apps so far: Ente Photos (an alternative to Apple and Google Photos) and Ente Auth (a 2FA alternative to the deprecated Authy). This monorepo contains all our source code - the client apps (iOS / Android / F-Droid / Web / Linux / macOS / Windows) for both the products (and more planned future ones!), and the server that powers them. -
3
Haven
Protect personal spaces and possessions without compromising privacy
Haven is for people who need a way to protect their personal spaces and possessions without compromising their own privacy, through an Android app and on-device sensors. Haven is for people who need a way to protect their personal areas and possessions without compromising their privacy. It is an Android application that leverages on-device sensors to provide monitoring and protection of physical areas. Haven turns any Android phone into a motion, sound, vibration and light detector, watching for unexpected guests and unwanted intruders. We designed Haven for investigative journalists, human rights defenders and people at risk of forced disappearance to create a new kind of herd immunity. By combining the array of sensors found in any smartphone, with the world’s most secure communications technologies, like Signal and Tor, Haven prevents the worst kind of people from silencing citizens without getting caught in the act. -
4
V3SP3R
AI Flipper control
V3SP3R is an experimental open-source project focused on integrating artificial intelligence with Flipper Zero control, aiming to create a more autonomous and intelligent interaction layer for hardware-based security tools. The project explores the concept of AI-assisted device control, where an intelligent system can interpret commands, automate workflows, and potentially orchestrate complex sequences of actions across Flipper functionalities. It is part of a broader ecosystem of projects by the same author that investigate prompt engineering, agent-based systems, and unconventional AI interaction paradigms. V3SP3R appears to emphasize automation and abstraction, reducing the need for manual device interaction by allowing higher-level instructions to drive hardware behavior. The project aligns with emerging trends in combining AI agents with physical tools, effectively bridging software intelligence and hardware execution. -
AI-generated apps that pass security reviewRetool lets you generate dashboards, admin panels, and workflows directly on your data. Type something like “Build me a revenue dashboard on my Stripe data” and get a working app with security, permissions, and compliance built in from day one. Whether on our cloud or self-hosted, create the internal software your team needs without compromising enterprise standards or control.
-
5
PyLoris
A protocol agnostic application layer denial of service attack.
PyLoris is a scriptable tool for testing a server's vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet. -
6
IOS6 and recent iTunes updates have broken a few features. We have made some partial fixes, but they are not complete. If you'd like to help support our development, or take over the development please let us know. Explore the internal file structure of your iphone (or of a seized phone in the case of forensic teams) using either the iphone's own backup files or (for jail broken iphones) ssh. Viewing of plist, sqlite, and hex are supported. IOS 5 is now supported iOS 6 only partially works at the moment (some features fail or are missing). Unfortunately paid work means we can't fix this right now, but would welcome anyone else submitting patches.
-
7
Open eID Fraunhofer
Implementation of the protocols PACE, Terminal and Chip Authentication
This project provides a pure Java implementation of the protocols PACE, Terminal Authentication and Chip Authentication for the german eID infrastructure as specified by BSI TR-03110 and BSI TR-03112. Furthermore this project contains an Android eID client based on this implementation. -
8
Proton Pass for Android
Android code for the Proton Pass application
Proton Pass for Android is the official Android client for Proton’s secure password manager and digital credentials vault, designed to help users safely store, autofill, and organize passwords, secure notes, payment details, and other sensitive information directly on their Android devices. Built as a fully native Android application, it provides a polished user experience with Material Design patterns and makes encryption and decryption seamless by handling all sensitive data locally on the device, ensuring that plain text never leaves user control. The app integrates with Android’s autofill system so users can quickly fill login forms across apps and browsers with a tap while maintaining strong password hygiene and avoiding reused or weak passwords. It also supports biometric unlock (fingerprint or face) for convenience and strong session security, along with multi-device sync when users log into their Proton account, keeping vault data consistent across platforms. -
9
Xteam
All-in-one command-line toolkit for security testing and OSINT tools
Xteam is a command-line security toolkit designed to provide multiple penetration testing and information-gathering utilities in a single interface. It combines several modules and external tools to help users perform security research tasks related to mobile devices, wireless networks, and online services. It acts as a centralized launcher that integrates scripts and third-party tools, allowing users to access different testing functions through a menu-based command line workflow. Xteam includes features such as Instagram information gathering, phishing utilities, wireless attack tools, and Android security testing capabilities. Xteam’s architecture uses a main bash script that serves as the hub for running internal modules or downloading and executing external projects when needed. It can operate on Linux systems as well as Android devices using Termux, making it accessible in both desktop and mobile environments. -
Enterprise-grade ITSM, for every businessFreshservice is an intuitive, AI-powered platform that helps IT, operations, and business teams deliver exceptional service without the usual complexity. Automate repetitive tasks, resolve issues faster, and provide seamless support across the organization. From managing incidents and assets to driving smarter decisions, Freshservice makes it easy to stay efficient and scale with confidence.
-
10
SSL Kill Switch 2
Blackbox tool to disable SSL certificate validation
Blackbox tool to disable SSL/TLS certificate validation - including certificate pinning - within iOS and macOS applications. Once loaded into an iOS or macOS application, SSL Kill Switch 2 will patch low-level functions responsible for handling SSL/TLS connections in order to override and disable the system's default certificate validation, as well as any kind of custom certificate validation (such as certificate pinning). It was successfully tested against various applications implementing certificate pinning including the Apple App Store. The first version of SSL Kill Switch was released at Black Hat Vegas 2012. Installing SSL Kill Switch 2 allows anyone on the same network as the device to easily perform man-in-the-middle attacks against any SSL or HTTPS connection. This means that it is trivial to get access to emails, websites viewed in Safari and any other data downloaded by any App running on the device. -
11
shadowsocks-libev
Bug-fix-only libev port of shadowsocks
Shadowsocks-libev is a lightweight secured SOCKS5 proxy for embedded devices and low-end boxes. Shadowsocks-libev is written in pure C and depends on libev. It's designed to be a lightweight implementation of shadowsocks protocol, in order to keep the resource usage as low as possible. Snap is the recommended way to install the latest binaries. You can build shadowsocks-libev and all its dependencies by script. The latest shadowsocks-libev has provided a redir mode. You can configure your Linux-based box or router to proxy all TCP traffic transparently, which is handy if you use an OpenWRT-powered router. Although shadowsocks-libev can handle thousands of concurrent connections nicely, we still recommend setting up your server's firewall rules to limit connections from each user. We strongly encourage you to install shadowsocks-libev from jessie-backports-sloppy. -
12
StrongKey FIDO Server (SKFS)
FIDO® Certified StrongKey FIDO Server (SKFS)
An open source implementation of the FIDO2 protocol to support passwordless strong authentication using public-key cryptography. Supports registration, authentication (all platforms), and transaction authorization (for native Android apps). -
13
CryptoSwift
Collection of standard and secure cryptographic algorithms
The master branch follows the latest currently released version of Swift. If you need an earlier version for an older version of Swift, you can specify its version in your Podfile or use the code on the branch for that version. Older branches are unsupported. Swift Package Manager uses debug configuration for debug Xcode build, that may result in significant (up to x10000) worse performance. Performance characteristic is different in Release build. XCFrameworks require Xcode 11 or later and they can be integrated similarly to how we’re used to integrating the .framework format. Embedded frameworks require a minimum deployment target of iOS 9 or macOS Sierra (10.12). CryptoSwift uses array of bytes aka Array<UInt8> as a base type for all operations. Every data may be converted to a stream of bytes. You will find convenience functions that accept String or Data, and it will be internally converted to the array of bytes. -
14
Vigilante
Android security (camera/microphone dots indicators) app using Hilt
Know when a third-party app uses your device's camera/microphone. An app that focuses on your privacy and alerts you when a third-party app uses your device camera or mic, plus few other goodies. -
15
-
16
santoku
Mobile Forensics, Malware Analysis, and App Security Testing
Santoku is an easy to use, Open Source platform, dedicated to mobile forensics, analysis, and security. Version 0.5: md5: c2dcab27e6444730acc9bc351f34e543 sha1: 4d39adc01c443ac24a53a33f0ac077980d77c1fe sha256: ed72a014033c621c0da632b7e9853920b834a4bceae4427513737f7cf5ff0f55 -
17
ANDRAX Hacker's Platform
Advanced Ethical Hacking and Penetration Testing Platform
The most complete and Advanced Penetration Testing and Ethical Hacking Platform dedicated to Advanced Professionals. Developed to bring the power of Offensive Security in the anyone's pocket 100% OPEN SOURCE - ANDRAX is a independent solution for Security professionals who loves Linux -
18
Flipper Android App
Android Mobile app to rule all Flipper's family
Flipper Android App is the official Android-based companion application that provides full control and management capabilities for the Flipper Zero device through a modular and scalable mobile architecture. Built primarily in Kotlin, the app is structured into multiple components that separate core logic, communication layers, and feature modules, enabling maintainability and extensibility for future development. It establishes a communication bridge between Android devices and Flipper Zero, allowing users to interact with hardware features such as infrared remotes, RFID/NFC tools, and Sub-GHz radio functionalities directly from their smartphone. The app supports file browsing, data transfer, and device configuration, making it a comprehensive control center for managing the Flipper ecosystem. Its modular design allows developers to introduce new features independently without disrupting the overall application structure. -
19
Flipper iOS App
iOS Mobile App to rule all Flipper's family
Flipper iOS App is the official mobile companion application designed to interface with the Flipper Zero device, providing users with a portable and intuitive way to manage, control, and extend the functionality of the hardware ecosystem. It acts as a centralized hub where users can organize data such as RFID keys, NFC dumps, infrared signals, and other captured assets directly from their iPhone. The app facilitates wireless communication between the mobile device and Flipper Zero through Bluetooth, enabling real-time interaction and synchronization without requiring a desktop computer. It is also used for firmware updates, file management, and browsing available applications from the Flipper ecosystem, effectively bridging the gap between hardware and user workflows. The interface is designed to simplify complex operations, making advanced capabilities like signal capture and replay more accessible to non-expert users. -
20
Wi-PWN
ESP8266 firmware for performing deauthentication attacks
ESP8266 firmware for performing deauthentication attacks, with ease. Wi-PWN is a firmware that performs death attacks on cheap Arduino boards. The ESP8266 is a cheap microcontroller with built-in Wi-Fi. It contains a powerful 160 MHz processor and it can be programmed using Arduino. A deauthentication attack is often confused with Wi-Fi jamming, as they both block users from accessing Wi-Fi networks. The 802.11 Wi-Fi protocol contains a so-called deauthentication frame. It is used to disconnect clients safely from a wireless network. Because these management packets are unencrypted, you just need the MAC to address of the Wi-Fi router and of the client device which you want to disconnect from the network. You don’t need to be in the network or know the password, it’s enough to be in its range. With the 802.11w-2009 updated standards, management frames are encrypted by default. -
21
Accrescent
A novel Android app store focused on security, privacy, and usability
Accrescent is a private and secure Android app store built with modern features in mind. It aims to provide a developer-friendly platform and pleasant user experience while enforcing modern security and privacy practices and offering robust validity guarantees for installed apps. A novel Android app store focused on security, privacy, and usability. Open-source forever. -
22
Adblock Fast
Adblock Fast is a new, faster ad blocker for Android, iOS, Chrome
Just as webpages grew bloated with ads, so too have ad blockers grown bloated with little-used filtering rules and features that sap their speed and hog your computer or device’s disk space, CPU cycles, and memory. Adblock Fast executes a mere 7 optimized filtering rules to accelerate pages 8x more but consume 6x less system resources than other ad blockers do. Adblock Fast was created and is maintained by Rocketship, an award-winning app studio whose mission is to design and develop the finest desktop and mobile experiences in the universe. Adblock Fast is a new, faster ad blocker for desktop computers and mobile browsers. Adblock Fast’s ruleset is derived from EasyList and that of Bluhell Firewall. Adblock Fast is available for Windows 7 and up, Android 5.0 and up with Samsung Internet 4.0 and up, and iOS 9 and up on 64-bit devices (iPhone 5s and up and iPad mini 2 and up). -
23
DNS-Based Host Blocking for Android
DNS-based Host Blocker (and lightweight ad blocker) for Android
This is a DNS-based host blocker for Android. In the default configuration, several widely-respected host files are used to block ads, malware, and other weird stuff. On the first start, you must manually update the hosts files (using the refresh button) before the service can work correctly (issue #1); and you must also update the hosts files yourself regularly for now. Items in the hosts and DNS servers lists can be moved around and removed) of the list using standard RecyclerView interactions (long press makes the entry movable, swipe to either side removes it). For hosts, a later entry overrides a previous entry; for DNS servers, the first server is preferred. There's also no validation of input, so DNS servers that are not valid IPv4 addresses are not rejected, neither are URLs for DNS server entries (we intend to support URLs in the future, so you can point the app to a remote list of servers). -
24
Google Authenticator Android
Open source fork of the Google Authenticator Android app
Google Authenticator for Android is the open-source two-factor authentication app that generates time-based (TOTP) and counter-based (HOTP) one-time codes entirely on the device. It’s designed to be simple, offline, and standards-compliant, so any service that supports OATH OTP can interoperate with it. The app streamlines enrollment via QR codes or manual key entry, then displays rotating numeric codes with clear account labels to reduce mistakes during login. Because secrets are stored on the device and codes are computed locally, it works even without a data connection and avoids server-side dependencies. The UI focuses on clarity and safety cues—timers, account naming, and basic management—to make 2FA adoption accessible to non-experts. For developers, the project doubles as a reference implementation of OTP enrollment, storage, and code generation on Android. -
25
Horusec
Open source tool that improves identification of vulnerabilities
Horusec is an open source tool that performs a static code analysis to identify security flaws during the development process. Currently, the languages for analysis are C#, Java, Kotlin, Python, Ruby, Golang, Terraform, Javascript, Typescript, Kubernetes, PHP, C, HTML, JSON, Dart, Elixir, Shell, Nginx. The tool has options to search for key leaks and security flaws in all your project's files, as well as in Git history. Horusec can be used by the developer through the CLI and by the DevSecOps team on CI /CD mats.
