unclouded

ClassyShark3xodus - Scan apps for warnings vs KryptEY

Side-by-side comparison of two open source alternatives

ClassyShark3xodus - Scan apps for warnings

Checks apps for code signatures of known trackers (provided by Exodus). Also can list all classes for launchable (via the app drawer) packages. Can be used against any APK: * installed: via an app manager or built-in ApplicationInfos/PermissionInfos, * downloaded: via any file manager (long press and open with ClassyShark3xodus), * launchable installed: via the first screen list (long press to display dynamic manifest). Note: doesn't work on odexed/system packages (it's a work-in-progress). Finally, the app doesn't sync or connect to the Internet and thus cannot sneak on end users. The app is updated when Exodus updates their list of trackers: https://reports.exodus-privacy.eu.org/api/trackers (Can display any *.xml file stored on the device.) Other features: - Selinux device & per app: appZygote + read_log + shareUser detection, - dynamic & static androidManifest, - full permissions device explorer (via Super#1), - complete apk(s) device explorer (via additional icon) - install & update Date per app, - certificate & fileSum fingerprints details at each scan. ClassyShark3xodus is based on Google's ClassyShark: https://github.com/google/android-classyshark (and apps_Packages Info: https://f-droid.org/en/packages/com.oF2pks.applicationsinfo/).

KryptEY

Communicate securely and independent, regardless of the legal situation or whether messengers use E2EE. No server needed. #ChatKontrolleStoppen Why KryptEY? Breaking of end-to-end encryption (E2EE) by laws such as the planned EU chat control is an ongoing issue. Content in messengers that use E2EE, such as Whatsapp or Signal, could thus be monitored by third parties. E2EE is often, but not always, standard in messengers. There are proven methods for E2EE such as PGP. However, these methods are sometimes cumbersomely integrated and require a lot of effort to use. KryptEY is an Android keyboard that implements the Signal protocol. The keyboard works messenger-independently and both the X3DH Key Agreement Protocol and the Double Ratchet Algorithm work without a server, thus it enables a highly independent use of the protocol. Features Based upon Simple Keyboard ( https://github.com/rkkr/simple-keyboard ), KryptEY adds a view above the Keyboard for the E2EE functionality. * use E2EE through Signal Protocol in any messenger * encryption/decryption of messages * enter message through separate text field in keyboard * use clipboard to read messages * manage contacts in own contact list in keyboard * message log to view sent/received messages * send messages as plain JSON (raw mode) or hidden in a decoy text (fairytale mode) * verification of E2EE functionality via fingerprint * Q&A View for questions * dark & light theme See https://github.com/amnesica/KryptEY/blob/master/KRYPTEY.md for further information on how KryptEY is working. Security The existing security properties for the Signal Protocol are also valid for the keyboard. Limitations The keyboard was designed as a POC and only allows 1-to-1 conversations. However, the application can also be used in a group chat to a limited extent. Here, a message can be directed to a specific chat partner and not to all people. Other participants of the group chat cannot decrypt the message. Text messages in Telegram are getting copied as HTML and not as plain text. When decoding the message with the fairytale mode the copied message is compromised and can't be read properly. Therefore, it can't be decoded at all. However, the raw mode works properly. When using KryptEY with Telegram we recommend the raw mode. Some messengers like Threema only allows up to 3500 bytes per message. Therefore, different character input limitations apply. To stay under the 3500 bytes limit, only 500 characters are allowed for raw and fairytale mode. For convenience these limitation applies for all messengers. Demo For a demonstration on how KryptEY is used see https://github.com/amnesica/KryptEY/tree/master#demo KryptEY was created by mellitopia and amnesica. The code is open source and can be found at https://github.com/amnesica/KryptEY

FeatureClassyShark3xodus - Scan apps for warningsKryptEY
LicenseApache-2.0GPL-3.0-only
Install sources
F-Droid
F-DroidGitHubIzzyOnDroid
Categories
Password ManagerProductivity
Password ManagerProductivityKeyboard
Features
Ad-FreeOpen SourceNo Tracking
Ad-FreeOpen SourceNo Tracking
Platforms
Android
Android
Website
Source code
View ClassyShark3xodus - Scan apps for warnings details·View KryptEY details