🔐 Encrypted Files

A secure Android application for encrypting, storing, and managing sensitive files with two-factor authentication designed to resist advanced attacks. Security audited and hardened against threats.

Features

• 🔒 Strong Encryption: AES-256-GCM encryption for all stored files
• 🔐 Two-Factor Authentication: Biometric (fingerprint/face) + 4-digit PIN required
• 🛡️ Advanced Security: RASP monitoring, memory encryption, anti-tampering
• 📁 File Management: Add, view, delete, rename, and export encrypted files
• 🗂️ Folder Organization: Create and navigate folder structures
• 🔄 Multi-Selection: Bulk operations for efficient file management
• 📱 Multiple File Types: Support for images, videos, text files, and more
• ⚡ Session Management: 5-minute authentication timeout for security
• 🚫 Screenshot Protection: Prevents screenshots and screen recording
• 🔧 Path Traversal Protection: Advanced filename sanitization and validation
• 🧠 Memory Security: Encrypted memory buffers with secure wiping
• 📊 Folder Encryption: Support for encrypting entire folder structures

Security

This app uses advanced security measures designed to resist attacks:

Core Security

• AES-256-GCM encryption with hardware-backed keys
• Two-Factor Authentication: Biometric + PIN required together
• Android Keystore integration with hardware attestation
• PBKDF2-SHA256 PIN hashing with 500,000 iterations for high security
• App sandbox isolation with no external storage access
• Secure deletion with multi-pass overwrite

Advanced Protection

• Runtime Application Self-Protection (RASP): Real-time threat monitoring
• Memory encryption: Sensitive data encrypted in memory
• Anti-tampering: Code integrity verification and emergency wipe
• Screenshot protection: FLAG_SECURE prevents screen capture
• Anti-debugging: Debugger and instrumentation detection
• Secure memory wiping: Multi-pass memory overwriting

For detailed security information, see SECURITY.md.

Security Audit & Testing

This application has undergone comprehensive security auditing by cybersecurity experts:

✅ Security Validations

• Cryptographic implementation review: AES-256-GCM with hardware-backed keys
• Authentication system analysis: True two-factor biometric + PIN authentication
• Memory protection verification: Encrypted buffers and secure wiping
• Runtime protection testing: RASP monitoring and threat detection
• Input validation assessment: Path traversal and injection prevention
• Build security review: ProGuard obfuscation and dependency analysis

🧪 Testing Coverage

• Comprehensive security testing covering all attack vectors
• Integration testing for end-to-end security flows
• Penetration testing against common attack patterns
• Specialized security test suites for critical components

Getting Started

Prerequisites

• Android 8.0 (API level 26) or higher
• Device with biometric authentication capability

Installation

📱 Install Pre-built APK (Recommended)

1. Go to Releases
2. Download app-debug.apk from the latest release
3. Enable "Install unknown apps" in Android Settings → Security
4. Open the APK file to install

🛠️ Build from Source

# Clone the repository
git clone https://github.com/navarro165/encrypted-files.git
cd encrypted-files

# Build installable APK
./gradlew assembleDebug

# Build release APK (requires keystore)
./gradlew assembleRelease

Note: The debug APK is signed and ready for installation. The release APK requires keystore configuration.

🔧 Installation Troubleshooting

• "App not installed - package appears invalid": Download app-debug.apk instead of release-apk
• "Install blocked": Enable "Install unknown apps" in Settings → Security → Install unknown apps → Select your browser/file manager → Allow
• "Parse error": Ensure you downloaded the complete APK file (should be ~8-15MB)

Usage

1. Adding Files: Tap "Add Files" → Authenticate → Select files
2. Viewing Files: Tap file → Authenticate → View content
3. File Management: Long-press for multi-selection, use contextual menu

Development

Build Variants

# Debug build (for development)
./gradlew assembleDebug

# Staging build (for testing)
./gradlew assembleStaging

# Release build (for production)
./gradlew assembleRelease

Testing

# Run all unit tests (recommended)
./gradlew test

# Run security-specific tests
./gradlew test --tests "*Security*"

# Run cryptography tests
./gradlew test --tests "*Cryptography*"

# Run instrumentation tests (requires emulator/device)
./gradlew connectedDebugAndroidTest

# Run tests with managed virtual device (automated)
./gradlew pixel2api30DebugAndroidTest

Contributing

Please read CONTRIBUTING.md for details on our code of conduct and the process for submitting pull requests.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Security Notes

• Local Storage Only: All files encrypted and stored locally in app sandbox
• No Cloud Sync: No data transmission or cloud synchronization
• Biometric Required: Strong biometric authentication with no password fallback
• Hardware Security: Uses Android Keystore with hardware-backed keys when available
• Memory Protection: Streaming encryption/decryption with secure cleanup
• Anti-Tampering: GCM authentication tags detect any file modifications
• Secure Deletion: 3-pass random overwrite before file deletion
• Session Security: 5-minute authentication timeout with rate limiting
• Data Loss Risk: App uninstall permanently destroys all files

Security Certifications

• ✅ NIST Compliant: Follows NIST cryptographic standards (SP 800-38D)
• ✅ OWASP Mobile: Addresses OWASP Mobile Top 10 security risks
• ✅ Android Security: Implements Android security best practices
• ✅ Enterprise Grade: Suitable for enterprise security requirements