{"id":13643697,"url":"https://github.com/cyb3rko/pincredible","last_synced_at":"2025-04-09T07:07:56.175Z","repository":{"id":65639149,"uuid":"559598266","full_name":"cyb3rko/pincredible","owner":"cyb3rko","description":"Modern and secure Android app to help you remember any PIN","archived":false,"fork":false,"pushed_at":"2025-01-01T23:55:30.000Z","size":2315,"stargazers_count":87,"open_issues_count":13,"forks_count":7,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-02T04:09:16.721Z","etag":null,"topics":["andriod-app","android","android-application","encryption","f-droid","fdroid","kotlin","material-3","material-you","modern","offline","pin","secure"],"latest_commit_sha":null,"homepage":"","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyb3rko.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"ko_fi":"cyb3rko","patreon":"cyb3rko","custom":"https://paypal.me/cyb3rko"}},"created_at":"2022-10-30T16:01:02.000Z","updated_at":"2025-03-08T11:33:40.000Z","dependencies_parsed_at":"2023-02-17T11:50:21.874Z","dependency_job_id":"3cf6a096-2949-4de9-ae97-df1e58f46218","html_url":"https://github.com/cyb3rko/pincredible","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyb3rko%2Fpincredible","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyb3rko%2Fpincredible/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyb3rko%2Fpincredible/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyb3rko%2Fpincredible/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyb3rko","download_url":"https://codeload.github.com/cyb3rko/pincredible/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247994121,"owners_count":21030050,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["andriod-app","android","android-application","encryption","f-droid","fdroid","kotlin","material-3","material-you","modern","offline","pin","secure"],"created_at":"2024-08-02T01:01:51.402Z","updated_at":"2025-04-09T07:07:56.158Z","avatar_url":"https://github.com/cyb3rko.png","language":"Kotlin","funding_links":["https://ko-fi.com/cyb3rko","https://patreon.com/cyb3rko","https://paypal.me/cyb3rko"],"categories":["๐Ÿ” Security \u0026 Privacy"],"sub_categories":["๐Ÿ”‘ Password Manager"],"readme":"## โš ๏ธImportant Note - Breaking Changes in Final Releaseโš ๏ธ \nIf you have never used PINcredible, you can skip this section. \nIf you have already used this app, please note that:\n- The stable release 1.0.0 will use a different app signature, so you most likely have to uninstall the currently installed version and install the new version.\n- Your data from app versions older than 1.0.0a will not work anymore beginning with version 1.0.0a. \n That is because of an internal rehaul of the persisting features. I will switch from whole class serialization to custom serialization methods.\n\nBefore upgrading save your PINs outside of PINcredible to be able to reenter them in version 1.0.0a. \nThank you for your understanding!\n\n---\n\n\u003cp align=\"center\"\u003e\n \u003cimg alt=\"PINcredible\" src=\"https://i.imgur.com/hwfoyYb.png\" width=\"150\"/\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003ePINcredible (Beta)\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n \u003cfont size=\"+1\"\u003ePart of \u003c/font\u003e\u003ca href=\"https://github.com/cyb3rko/backpack-apps\"\u003e\u003cfont size=\"+1\"\u003eBackPack\u003c/font\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n[![API](https://img.shields.io/badge/API-23%2B-brightgreen.svg?style=flat)](https://apilevels.com)\n[![release](https://img.shields.io/github/release/cyb3rko/pincredible.svg)](https://github.com/cyb3rko/pincredible/releases/latest)\n[![fdroid](https://img.shields.io/f-droid/v/com.cyb3rko.pincredible.svg)](https://f-droid.org/packages/com.cyb3rko.pincredible)\n[![license](https://img.shields.io/github/license/cyb3rko/pincredible)](https://www.apache.org/licenses/LICENSE-2.0)\n[![last commit](https://img.shields.io/github/last-commit/cyb3rko/pincredible?color=F34C9F)](https://github.com/cyb3rko/pincredible/commits/main)\n\n[![FOSSA Status](https://app.fossa.com/api/projects/custom%2B35689%2Fgithub.com%2Fcyb3rko%2Fpincredible.svg?type=small)](https://fossa.com/)\n\n- [About this project](#about-this-project) \n- [Beta Phase - Breaking Changes](#beta-phase---%EF%B8%8Fbreaking-changes%EF%B8%8F) \n- [Feature Overview](#feature-overview) \n - [Accessible color palette](#accessible-color-palette) \n- [Legal Liability](#legal-liability) \n- [Download](#download) \n - [Verification](#verification) \n- [Supported devices](#supported-devices) \n- [Screenshots](#screenshots) \n- [Security Aspects](#security-aspects) \n- [Contribute](#contribute) \n- [Used Icons](#used-icons) \n- [License](#license)\n\n---\n\n## About this project\nOver time I've used several apps to store my PINs, unfortunately none of them really convinced me. \nSo here we are now, this is my own implementation of a secure PIN manager.\n\n## Beta phase - โš ๏ธBreaking Changesโš ๏ธ\n\nWhile the app is still in pre-release phase please expect a few breaking changes. \nSome newer updates do not work with the previous app versions. \nTherefore you may have to readd your saved PINs and recreate your backups in newer versions.\n\n## Feature Overview\n| | PINcredible | Others |\n| --- | --- | --- |\n| ๐Ÿ”ข PIN obfuscation | โœ… | โœ… |\n| ๐Ÿ“‚ Open Source | โœ… | โŒ |\n| ๐Ÿ” Local Encryption | โœ… | โŒ |\n| ๐ŸŽจ Modern Design | โœ… | โŒ |\n| ๐ŸŒ Internet Connection | โŒ | โœ… |\n| ๐ŸŽž๏ธ Ads | โŒ | โœ… |\n| ๐Ÿ—ฟ Suspicious Permissions | โŒ | โœ… |\n\n---\n\nThe app obfuscates the PIN in a table layout surrounded by secure random numbers. \nThis brings two security benefits:\n1. โ” The app can not know where in the pattern the user given PIN is located at. Attackers can not extract the plaintext PIN.\n2. ๐Ÿ•ต๏ธ This offers protection against [Shoulder Surfing](https://en.wikipedia.org/wiki/Shoulder_surfing_(computer_security)), for example while accessing your PIN in a super market or a bank.\n\n---\n\nFor the input of PIN digits the app uses an in-app keyboard. \nThis brings the following two security benefits:\n1. โŒจ๏ธ (At least some) protection against [keylogging](https://en.wikipedia.org/wiki/Keystroke_logging)\n2. ๐Ÿ“ฑ (Optional) protection against touch location logging (by shuffling digit keyboard buttons)\n\n### Accessible color palette\n\nIn addition to the default color palette PINcredible offers an accessible color palette (following the [IBM Color Blindness Palette](https://davidmathlogic.com/colorblind/#%23648FFF-%23785EF0-%23DC267F-%23FE6100-%23FFB000)). \n\n## Legal Liability\n\nIn no way do I accept liability for lost PINs and the resulting consequences or other consequences of using the app. \nEspecially in the beta phase, but also afterwards, I do not guarantee that the app will always work properly and PINs will never be lost.\n\nIf you don't agree please don't use this app.\n\n## Download\n\nGoogle Play download link available after beta phase\n\n[\u003cimg height=\"80\" alt=\"Get it on F-Droid\"\nsrc=\"https://fdroid.gitlab.io/artwork/badge/get-it-on.png\"\n/\u003e](https://f-droid.org/packages/com.cyb3rko.pincredible/)\n[\u003cimg height=\"80\" src=\"https://raw.githubusercontent.com/gotify/android/master/download-badge.png\"/\u003e](https://github.com/cyb3rko/pincredible/releases/latest)\n\n### Verification\n\nAPK releases on F-Droid and GitHub are signed using the same key. They can be verified using [apksigner](https://developer.android.com/studio/command-line/apksigner.html#options-verify):\n\n```\napksigner verify --print-certs -v example.apk\n```\n\nThe output should look like:\n\n```\nVerifies\nVerified using v1 scheme (JAR signing): true\nVerified using v2 scheme (APK Signature Scheme v2): true\n```\n\nThe certificate content and digests should look like this:\n\n```\nDN: C=DE, CN=Niko Diamadis\nCertificate Digests:\n SHA-256: 7b:d9:79:cd:5f:f9:29:e0:72:90:e8:8d:67:b2:d8:1f:22:8e:a2:64:e4:33:f7:84:e4:c6:63:73:e3:16:bc:ad\n SHA-1: c7:52:14:9f:4d:c3:e4:02:26:92:0b:68:20:94:6e:da:99:01:69:29\n MD5: 8d:15:71:36:6e:30:7c:23:c9:2c:e8:9d:f2:38:5f:e1\n```\n\n## Supported Devices\nThe minimum supported Android version is API level 23, Android 6 (Marshmallow). \nAdditionally this app takes advantage of the Android KeyStore system. At the moment I'm assuming every Android device with Android 6 upwards has this built-in. \nIf you have any problems, maybe even because your device seems to be incompatible, please leave a message [here](https://github.com/cyb3rko/pincredible/issues).\n\n## Screenshots\n|\u003cimg src=\"https://i.imgur.com/APgDeAl.png\" width=\"270\"\u003e|\u003cimg src=\"https://i.imgur.com/WHCXpG3.png\" width=\"270\"\u003e|\u003cimg src=\"https://i.imgur.com/zPESUDi.png\" width=\"270\"\u003e|\n|:---:|:---:|:---:|\n\n## Security Aspects\nLet's take a look at the technical details.\n\nAt first here are the algorithms used:\n- AES/GCM/NoPadding (Advanced Encryption Standard in Galois/Counter Mode)\n- XXH128 (XXHash3-128) [[xxHash Repo](https://github.com/Cyan4973/xxHash), thanks to [Matthew Dolan](https://github.com/mattmook) for the [Kotlin implementation](https://github.com/appmattus/crypto/tree/main/cryptohash/src/commonMain/kotlin/com/appmattus/crypto/internal/core/xxh3)]\n- Argon2id (used for backup password inputs)\n\nFor easier understanding how the app works internally I've created the following diagram. \nFind the detailed explanation below.\n\n\u003cimg src=\"https://i.imgur.com/ifWt3Vc.png\"\u003e\n\n---\n\n**So what's happening here?**\n\n### 1. App Start \n- retrieval of symmetric AES key and encrypted file containing available PIN names\n- decryption of the file contents\n- presenting available PIN names on screen\n\n### 2. Clicking on a PIN \n- handing over PIN name to next screen and hashing it (XXHash)\n- find corresponding file containing encrypted PIN pattern (including colors)\n- retrieval of symmetric AES key and encrypted file containing PIN pattern\n- presenting decrypted PIN pattern in table view\n\n### 3. Clicking on 'add' button (PIN creation)\n- decide rather you want to use the initial color pattern or generate a new one (using standard random numbers, no SecureRandom here as it's not cryptographically relevant)\n- fill in your PIN somewhere and fill the remaining empty cells (using SecureRandom provided by your device)\n- type in a custom name, it will be hashed and used as the file name\n- retrieval of symmetric AES key\n- encrypt and save PIN pattern to file, append chosen PIN name to PIN name file (for the home screen)\n\nThat's the whole magic behind PINcredible, if you have questions or if you are a Security Expert and you have recommendations for improving the overall security, please tell me [via the issues](https://github.com/cyb3rko/pincredible/issues) or via e-mail: niko @ cyb3rko.de.\n\n## Contribute\nOf course I'm happy about any kind of contribution.\n\nFor creating [issues](https://github.com/cyb3rko/pincredible/issues) there's no real guideline you should follow.\nIf you create [pull requests](https://github.com/cyb3rko/pincredible/pulls) please try to use the syntax I use.\nUsing a unified code format makes it much easier for me and for everyone else.\n\n## Used Icons\n\n| ๐Ÿ’› |\n| --- | \n| \u003ca href=\"https://www.flaticon.com/free-icons/color-blindness-test\" title=\"color-blindness-test icons\"\u003eColor-blindness-test icons created by Freepik - Flaticon\u003c/a\u003e |\n| \u003ca href=\"https://www.flaticon.com/free-icons/grid\" title=\"grid icons\"\u003eGrid icons created by prettycons - Flaticon\u003c/a\u003e |\n| \u003ca href=\"https://www.flaticon.com/free-icons/random\" title=\"random icons\"\u003eRandom icons created by Uniconlabs - Flaticon\u003c/a\u003e |\n\n## License\n\n Copyright 2023-2024, Cyb3rKo\n\n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n \n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyb3rko%2Fpincredible","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyb3rko%2Fpincredible","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyb3rko%2Fpincredible/lists"}