Warning
This is a fork of the original (and discontinued) app from DivestOS.
Hypatia is the world's first FOSS malware scanner for Android. It is powered by ClamAV style signature databases.
- Near zero battery impact: you'll never notice any impact on battery at all
- Extremely fast: it can scan small files (1MB) in <20ms, and even large files (40MB) in 1000ms.
- Memory efficient: with the default databases enabled it uses under 120MB.
- Regular scan: allowing selection of /system, internal storage, external storage, and installed apps
- Realtime scanner: can detect malware in realtime on write/rename in internal storage
- Completely offline: Internet is only used to download signature databases, files will never ever leave your device
- Persistence: will automatically restart on boot/update
- Tiny codebase: coming in at under 1000 sloc, it can be audited by even someone with basic programming experience
- Minimal dependencies: the app only uses libraries when necessary
- Signature databases can be enabled/disabled at the users demand
- The app crashes and is very buggy: The first thing to check is if you have extended databases enabled. Extended databases require more RAM (8 GB), and can occasionally cause the app to be very buggy.
- Unable to download databases:
If this occurs, try tapping the ellipsis in the top right of the main screen and tap
Database server override. This uses a mirror database in case the main database is down. - There are false positives: This occasionally occurs due to the nature of bloom filters. If you believe there is a false positive, first, rescan. This will sometimes fix the false positive. And if this still returns a false positive, scan the file to VirusTotal, and this will tell you if you truly have a false positive or rather some malware.
Both debug, release and nightly versions built by GitHub Actions. You can check checksum notice in Release Actions or/and checksum.txt in releases to compare with Application's
This is the SHA fingerprint of Hypatia's signing key to verify downloaded APKs which are signed by us.
1B:00:8D:64:BB:95:AB:47:74:D6:8B:87:F2:2B:8B:E9:A2:72:F4:92:4D:F5:20:29:D7:E6:18:38:35:D9:18:CC
- Signature databases are serialized Guava BloomFilter object format
- Signature databases will not be redownloaded if the file hasn't changed on the server (304 not modified)
- Signatures are stored using BloomFilters for O(k) lookup
- Files have their MD5/SHA-1/SHA-256 hashes calculated in one pass
- Realtime scanner is multithreaded and will use half of the device's core count for scanning multiple files asynchronously
- Realtime scanning powered by a recursive FileObserver
ACCESS_NETWORK_STATEFOREGROUND_SERVICEandFOREGROUND_SERVICE_SPECIAL_USE: Used for realtime scanning.INTERNET: Download and update databases.MANAGE_EXTERNAL_STORAGE: Used for reading malicous files for scanning, and deleting infected files.QUERY_ALL_PACKAGES: Used for scanning malicous apps.READ_EXTERNAL_STORAGE: Scanning external storage.RECIEVE_BOOT_COMPLETED: Restart the app on reboot.REQUEST_DELETE_PACKAGES: Used for removing infected apps.POST_NOTIFICATIONS: Notifications.WAKE_LOCKWRITE_EXTERNAL_STORAGE: Used for removing infected files.ACCESIBILITY_SERVICE: Used to allow the link scanner to read the screen and check for malicious domains.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
In order to view the immediate roadmap, please check out the milestones. From here, you can gauge the time untill the next release. 😀
- Option to scan on access
- Scan newly installed/updated apps
- Option to let 3rd-party apps invoke scans
- Automatic database updates
- Database sanity checks
- Testing
- Better GUI
- Translations
- Scanning entire system using root (low priority)
- Be fast
- Don't eat batteries
- Use minimal permissions
- Use libraries only when necessary
- ClamAV for the databases (GPLv2)
- ESET for extra databases (BSD 2-Clause)
- Nex (@botherder) for extra databases (CC BY-SA 4.0)
- Amnesty International for extra databases (CC BY 2.0)
- Echap for extra databases (CC BY 4.0)
- MalwareBazaar for extra databases (CC0)
- RecursiveFileObserver.java (GPL-3.0-or-later): Daniel Gultsch, ownCloud Inc., Bartek Przybylski
- GPGDetachedSignatureVerifier.java (GPL-2.0-or-later): Federico Fissore, Arduino LLC
- Petra Mirelli for the app banner/feature graphic and various tweaks.
- @eloitor: Translations work
- Icons: Google/Android/AOSP, License: Apache 2.0, https://google.github.io/material-design-icons/
- Afrikaans: Oswald van Ginkel
- Arabic: abdelbasset jabrane, ABDO GM
- Chinese (Simplified): Sdarfeesh, Crit, 大王叫我来巡山
- Chinese (Traditional Han script): 張可揚
- Croatian: lukapiplica
- Czech: Fjuro
- Estonian: Priit Jõerüüt
- Finnish: huuhaa, Ricky Tigg
- French: cardpuncher, Jean-Luc Tibaux, Petra Mirelli, thraex
- Hebrew: elid34
- Galician: ghose, josé m
- German: thereisnoanderson, Balthazar1234, Petra Mirelli, Ettore Atalan
- Greek: Dimitris Vagiakakos
- Indonesian: Adrien N
- Italian: Tommaso Fonda, srccrow, Petra Mirelli, Dark Space
- Japanese: honyaku
- Polish: Marcin Mikołajczak
- Portuguese (Brazil): lucasmz
- Portuguese: jontaix, inkhorn, ssantos
- Romanian: Renko
- Russian: yurtpage, q1011, Andrey
- Slovak: Pa Di
- Spanish: gallegonovato, Manuel-Senpai, Petra Mirelli
- Turkish: cardpuncher
- Ukrainian: Fqwe1
- Divested Computing Group is not affiliated with Cisco or ESET
- MaintainTeam is not affiliated with Cisco or ESET
- Hypatia is not sponsored or endorsed by Cisco or ESET