🔐 Encrypted Files

A secure Android application for encrypting, storing, and managing sensitive files with two-factor authentication designed to resist advanced attacks. Security audited and hardened against threats.

Features

🔒 Strong Encryption: AES-256-GCM encryption for all stored files
🔐 Two-Factor Authentication: Biometric (fingerprint/face) + 4-digit PIN required
🛡️ Advanced Security: RASP monitoring, memory encryption, anti-tampering
📁 File Management: Add, view, delete, rename, and export encrypted files
🗂️ Folder Organization: Create and navigate folder structures
🔄 Multi-Selection: Bulk operations for efficient file management
📱 Multiple File Types: Support for images, videos, text files, and more
⚡ Session Management: 5-minute authentication timeout for security
🚫 Screenshot Protection: Prevents screenshots and screen recording
🔧 Path Traversal Protection: Advanced filename sanitization and validation
🧠 Memory Security: Encrypted memory buffers with secure wiping
📊 Folder Encryption: Support for encrypting entire folder structures

Security

This app uses advanced security measures designed to resist attacks:

Core Security

AES-256-GCM encryption with hardware-backed keys
Two-Factor Authentication: Biometric + PIN required together
Android Keystore integration with hardware attestation
PBKDF2-SHA256 PIN hashing with 500,000 iterations for high security
App sandbox isolation with no external storage access
Secure deletion with multi-pass overwrite

Advanced Protection

Runtime Application Self-Protection (RASP): Real-time threat monitoring
Memory encryption: Sensitive data encrypted in memory
Anti-tampering: Code integrity verification and emergency wipe
Screenshot protection: FLAG_SECURE prevents screen capture
Anti-debugging: Debugger and instrumentation detection
Secure memory wiping: Multi-pass memory overwriting

For detailed security information, see SECURITY.md.

Security Audit & Testing

This application has undergone comprehensive security auditing by cybersecurity experts:

✅ Security Validations

Cryptographic implementation review: AES-256-GCM with hardware-backed keys
Authentication system analysis: True two-factor biometric + PIN authentication
Memory protection verification: Encrypted buffers and secure wiping
Runtime protection testing: RASP monitoring and threat detection
Input validation assessment: Path traversal and injection prevention
Build security review: ProGuard obfuscation and dependency analysis

🧪 Testing Coverage

Comprehensive security testing covering all attack vectors
Integration testing for end-to-end security flows
Penetration testing against common attack patterns
Specialized security test suites for critical components

Getting Started

Prerequisites

Android 8.0 (API level 26) or higher
Device with biometric authentication capability

Installation

📱 Install Pre-built APK (Recommended)

Go to Releases
Download app-debug.apk from the latest release
Enable "Install unknown apps" in Android Settings → Security
Open the APK file to install

🛠️ Build from Source

# Clone the repository
git clone https://github.com/navarro165/encrypted-files.git
cd encrypted-files

# Build installable APK
./gradlew assembleDebug

# Build release APK (requires keystore)
./gradlew assembleRelease

Note: The debug APK is signed and ready for installation. The release APK requires keystore configuration.

🔧 Installation Troubleshooting

"App not installed - package appears invalid": Download app-debug.apk instead of release-apk
"Install blocked": Enable "Install unknown apps" in Settings → Security → Install unknown apps → Select your browser/file manager → Allow
"Parse error": Ensure you downloaded the complete APK file (should be ~8-15MB)

Usage

Adding Files: Tap "Add Files" → Authenticate → Select files
Viewing Files: Tap file → Authenticate → View content
File Management: Long-press for multi-selection, use contextual menu

Development

Build Variants

# Debug build (for development)
./gradlew assembleDebug

# Staging build (for testing)
./gradlew assembleStaging

# Release build (for production)
./gradlew assembleRelease

Testing

# Run all unit tests (recommended)
./gradlew test

# Run security-specific tests
./gradlew test --tests "*Security*"

# Run cryptography tests
./gradlew test --tests "*Cryptography*"

# Run instrumentation tests (requires emulator/device)
./gradlew connectedDebugAndroidTest

# Run tests with managed virtual device (automated)
./gradlew pixel2api30DebugAndroidTest

Contributing

Please read CONTRIBUTING.md for details on our code of conduct and the process for submitting pull requests.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Security Notes

Local Storage Only: All files encrypted and stored locally in app sandbox
No Cloud Sync: No data transmission or cloud synchronization
Biometric Required: Strong biometric authentication with no password fallback
Hardware Security: Uses Android Keystore with hardware-backed keys when available
Memory Protection: Streaming encryption/decryption with secure cleanup
Anti-Tampering: GCM authentication tags detect any file modifications
Secure Deletion: 3-pass random overwrite before file deletion
Session Security: 5-minute authentication timeout with rate limiting
Data Loss Risk: App uninstall permanently destroys all files

Security Certifications

✅ NIST Compliant: Follows NIST cryptographic standards (SP 800-38D)
✅ OWASP Mobile: Addresses OWASP Mobile Top 10 security risks
✅ Android Security: Implements Android security best practices
✅ Enterprise Grade: Suitable for enterprise security requirements

navarro165/encrypted-files