Local-first Android password manager with encrypted vault storage, biometric access, desktop v5 interoperability, passkey workflows, and optional end-to-end encrypted sync.
What is New in 5.1 | Capabilities | Security | Desktop v5 | Build | Docs
Aegis Vault Android 5.1 is an offline-first password manager for Android. It is designed around a simple principle: secrets should remain encrypted, portable, and under the user's control by default.
The app combines SQLCipher-backed local storage, Android biometric access, encrypted backup/restore, local security scoring, passkey-oriented workflows, and optional encrypted relay sync. Version 5.1 keeps the Android app aligned with the Aegis desktop v5 data model while adding a broader bilingual, dark-mode-ready design refresh across the daily-use product surfaces.
-
Security Hardening (v5.1-v5.3):
- HKDF-Expand: Implemented master key domain separation to prevent key reuse across different security contexts.
- Constant-time verification: Switched to constant-time equality checks for sensitive cryptographic operations to eliminate timing side-channel attacks.
- Argon2id Upgrade: Upgraded device secret verification to Argon2id for superior resistance against GPU/ASIC brute-force attacks.
- WebAuthn Attestation: Added attestation verification for passkey workflows to ensure hardware-backed security.
- SQL Injection Defense: Implemented regex-based input validation and whitelisting for dynamic database queries to prevent injection vectors.
- TEE-backed SecureStorage: Migrated device-specific secrets (like salt) to Android Keystore / TEE-backed storage, protecting them even on rooted devices.
- Memory Safety: Implemented proactive buffer wiping (
wipeBytes) and zeroing for all sensitive key material in the JS heap. - Security Audit: Completed a comprehensive professional security scan with a final score of 9.8/10. See the Full Security Report.
-
Cryptographic Bridge Fix: Refined the
Argon2Fnnative bridge to preservethiscontext for Hermes/New Architecture, resolving "undefined is not a function" errors during backup exports. -
Enhanced Test Coverage: Added dedicated unit tests for core security services including Entropy calculation, Tamper detection, and Screen security.
-
Desktop v5 canonical vault format: Android exports and imports a canonical v5 JSON representation for migration, sync validation, and cross-platform compatibility.
-
Encrypted v5 backup envelope: Encrypted exports can include the desktop-compatible canonical payload while preserving Android legacy item compatibility.
-
Crypto wallet and document records: New category mapping keeps wallet and document entries portable across Android and desktop.
-
Desktop/browser pairing workspace: Short-lived pairing records describe bridge capabilities without exposing app secrets.
-
Relay protocol and conflict metadata: Sync envelopes now carry protocol versioning, device metadata, conflict summaries, and desktop-v5 compatibility markers.
-
Security Center improvements: Local Watchtower-style checks cover weak passwords, reused passwords, missing 2FA/passkeys, aging credentials, sensitive sharing, and alias exposure.
-
Release provenance and SBOM: Release metadata can be generated as CycloneDX SBOM plus a provenance manifest for audit-friendly distribution.
-
Bilingual and dark-mode polish: Product surfaces continue to support Turkish/English text and dark-mode-safe UI choices.
-
Security hardening and bridge stability: v5.1 brings HKDF-Expand, constant-time checks, and Argon2id upgrades alongside a robust fix for the native cryptographic bridge.
-
Encrypted backup export/import hardening: Encrypted
.aegisbackups now save to the user-visibleDownloads/AegisVaultlocation on Android and use a byte-safe AES-256-GCM import path. -
Modern product design refresh: Dashboard, lock screen, Settings, Security Center, password health report, backup/import, password generator, entry add/detail, sync, sharing, pairing, trash, donation, and legal screens now share a more consistent card-based visual language.
-
Large-vault usability: The vault header remains fixed while scrolling large collections, and list rendering is tuned for high item counts such as 600+ records. Added triage item pagination and result caching to the Security Center for improved responsiveness.
-
Release QA checklist: A focused 5.1 design/device checklist is included for Turkish/English, light/dark mode, large-vault performance, and critical release flows.
-
Release APK readiness: The current signed release build is produced through
assembleReleasewith the Android release signing flow. -
Coverage and quality gate cleanup: The Jest coverage suite, TypeScript check, and ESLint pass cleanly after the latest security and compatibility fixes.
-
Relay compatibility restored: The self-hosted relay entry point is available again for sync protocol and Play Integrity validation tests.
| Area | Details |
|---|---|
| Current version | 5.1.0 |
| Android package | com.aegisandroid |
| Runtime | React Native 0.84.0, React 19.2.3, Hermes |
| Language | TypeScript |
| State management | Zustand |
| Local database | SQLCipher via @op-engineering/op-sqlite |
| Cryptography | AES-256-GCM, Argon2, Android Keystore integrations |
| Authentication | Biometric unlock and device-bound flows |
| Testing | Jest, TypeScript checks, ESLint, Stryker mutation testing |
| Release trust | SBOM and provenance generation scripts |
- Encrypted local vault records for logins, cards, identities, notes, Wi-Fi, passkeys, crypto wallets, and documents.
- Fast local search and category filtering.
- Favorites, trash/restore flows, attachments, password history, and audit logging.
- Dark-mode-aware and bilingual UI surfaces.
- Biometric-gated vault unlock.
- Auto-lock and clipboard-clear controls.
- Brute-force protection and security audit history.
- Device trust and security policy controls.
- Local password generator with bias-resistant generation logic.
- Local vault health score.
- Weak password and reused password detection.
- Missing 2FA/passkey analysis.
- Aging credential and sensitive sharing review.
- Alias exposure and high-risk account triage.
- Encrypted backup export/import.
- Plain JSON/CSV export paths with explicit risk messaging.
- Desktop v5 canonical JSON export.
- Desktop encrypted import compatibility layer.
- Release-friendly provenance and SBOM generation.
- Optional end-to-end encrypted relay sync.
- Conflict metadata and sync envelope validation.
- Desktop/browser pairing records with capability negotiation.
- Self-hosted relay support with HTTPS and certificate pin expectations.
Aegis Vault Android follows a pragmatic zero-knowledge architecture:
- Vault secrets are encrypted before they are persisted.
- Local database access is protected through SQLCipher.
- Backup and sync payloads are encrypted before leaving the device.
- Relay infrastructure is treated as an untrusted transport layer.
- Security-sensitive activity is recorded in a local audit log.
- Release artifacts can be accompanied by SBOM and provenance files.
graph TD
A["User authentication"] --> B["Android biometric / device security"]
B --> C["Key derivation and session material"]
C --> D["AES-256-GCM encrypted vault payloads"]
D --> E["SQLCipher local storage"]
D --> F["Encrypted backup exports"]
D --> G["Encrypted relay sync envelopes"]
E --> H["Security Center and audit log"]
The project uses layered quality checks:
npx tsc --noEmitfor TypeScript correctness.npm run lintfor static analysis.npm testfor Jest regression coverage.npm run test:mutationfor Stryker mutation testing.- Targeted security modules are maintained with a goal of 70%+ mutation score.
Note: repository-wide mutation score depends on the selected Stryker configuration and included files. Security-critical modules are tracked separately so hardening work remains measurable.
Android 5.1 keeps the shared interoperability layer for Android and desktop:
- Canonical schema version:
5.0.0. - Export kind:
aegis-vault-canonical. - Compatibility marker:
desktop-v5-canonical. - Bridge pairing kind:
aegis-desktop-bridge-pairing. - Supported portable categories include login, card, identity, note, Wi-Fi, passkey, crypto wallet, and document.
Useful tests:
npx jest --no-coverage --runInBand --testTimeout=30000 --runTestsByPath __tests__/CanonicalVaultSchema.test.ts __tests__/BackupModule.test.ts
npx jest --no-coverage --runInBand --testTimeout=30000 --runTestsByPath __tests__/SyncEnvelope.test.ts __tests__/RelayProtocol.test.ts __tests__/BrowserPairingService.test.tsThe 5.1 UI refresh is designed around four release checks:
- Turkish and English text must remain readable without clipping in light and dark mode.
- The 600+ record vault scenario must keep search, category filtering, scroll, and detail open/close interactions responsive.
- Security-critical flows must show clear context before action: unlock, backup/import, sync, sharing, pairing, trash, and delete/restore.
- README/GitHub screenshots should represent the current visual language: Dashboard, Security Center, Backup, Lock Screen, and Settings.
Detailed checklist: Design QA 5.1.0 TR
- Node.js
18+ - JDK
17 - Android Studio and Android SDK tooling
- Android emulator or physical Android device
git clone https://github.com/hafgit99/AegisVaultAndroid_V.4.0.0.git
cd AegisVaultAndroid_V.4.0.0
npm install
npx react-native startIn a second terminal:
npx react-native run-androidUse environment variables for signing secrets. Do not commit passwords, keystores, or generated secret files.
$env:RELEASE_STORE_FILE="F:\path\to\aegis-release.jks"
$env:RELEASE_STORE_PASSWORD="***"
$env:RELEASE_KEY_ALIAS="aegis-release"
$env:RELEASE_KEY_PASSWORD="***"
cd android
.\gradlew.bat assembleReleasenpm run lint
npx tsc --noEmit
npm test
npm run test:mutation
npm run relay
npm run release:provenanceThe repository includes a release metadata generator:
npm run release:provenanceIt writes:
release-artifacts/aegis-android-sbom.cdx.jsonrelease-artifacts/aegis-android-provenance.json
The provenance file records package version, source metadata, build commands, material hashes, and discovered APK/AAB artifacts.
- Security Architecture
- Threat Model
- Release Readiness
- Design QA 5.1.0 TR
- Release Notes 5.1.0
- Release Notes 5.0.0
- Passkey WebAuthn ADR
- Passkey Backend Checklist
- Device Matrix Test Plan
- Complete wider real-device validation for passkey, sync, sharing, pairing, and autofill flows.
- Expand Security Center with stronger breach-intelligence workflows while preserving offline-first behavior.
- Continue desktop/browser bridge hardening.
- Improve reproducible release evidence and external audit readiness.
- Keep mutation testing focused on security-critical modules.
Please report vulnerabilities privately. See SECURITY.md for supported versions and reporting expectations.
This project is distributed under the MIT License.
Your vault. Your device. Your control.
Maintained by hafgit99