{"id":47744096,"url":"https://github.com/yasirhamza/androdr","last_synced_at":"2026-05-25T13:01:46.703Z","repository":{"id":348771111,"uuid":"1190799693","full_name":"yasirhamza/AndroDR","owner":"yasirhamza","description":"Open-source Android security scanner and endpoint detection (EDR). Detects spyware, stalkerware, and malware entirely on-device.","archived":false,"fork":false,"pushed_at":"2026-04-24T14:02:52.000Z","size":13216,"stargazers_count":2,"open_issues_count":18,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-24T15:39:29.659Z","etag":null,"topics":["android","edr","malware-scanner","mobile-security","open-source","privacy","security","sigma-rules","spyware-detection","stalkerware"],"latest_commit_sha":null,"homepage":null,"language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yasirhamza.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"docs/ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-24T16:21:35.000Z","updated_at":"2026-04-24T13:54:37.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/yasirhamza/AndroDR","commit_stats":null,"previous_names":["yasirhamza/androdr"],"tags_count":54,"template":false,"template_full_name":null,"purl":"pkg:github/yasirhamza/AndroDR","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yasirhamza%2FAndroDR","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yasirhamza%2FAndroDR/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yasirhamza%2FAndroDR/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yasirhamza%2FAndroDR/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yasirhamza","download_url":"https://codeload.github.com/yasirhamza/AndroDR/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yasirhamza%2FAndroDR/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32245151,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-24T13:21:15.438Z","status":"ssl_error","status_checked_at":"2026-04-24T13:21:15.005Z","response_time":64,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["android","edr","malware-scanner","mobile-security","open-source","privacy","security","sigma-rules","spyware-detection","stalkerware"],"created_at":"2026-04-03T00:22:18.249Z","updated_at":"2026-04-25T00:01:06.662Z","avatar_url":"https://github.com/yasirhamza.png","language":"Kotlin","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AndroDR\n\n[![License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](LICENSE)\n[![Android](https://img.shields.io/badge/Android-8.0%2B-green.svg)](https://developer.android.com)\n\nOpen-source Android security scanner and endpoint detection (EDR). Detects spyware, stalkerware, and malware entirely on-device — no cloud, no accounts, no tracking.\n\n## Who it's for\n\n- **DV survivors** — check if a partner installed monitoring software\n- **Journalists and activists** — detect state-sponsored spyware (Pegasus, Predator, Graphite)\n- **IT security teams** — lightweight device health checks without commercial MDM\n- **Privacy-conscious users** — verify your phone hasn't been compromised\n\n## What it detects\n\n- **Known malware** — package names, signing certificates, and APK file hashes matched against threat intelligence databases\n- **Stalkerware** — commercial surveillance apps (TheTruthSpy, mSpy, FlexiSPY, and similar)\n- **Mercenary spyware** — Pegasus (NSO), Predator (Intellexa), Graphite (Paragon), NoviSpy, ResidentBat\n- **Sideloaded apps** — apps installed from untrusted sources\n- **Surveillance permission combinations** — apps holding camera + microphone + location + contacts access\n- **Accessibility / Device Admin abuse** — apps misusing privileged services for monitoring\n- **Device posture** — screen lock, USB debugging, bootloader state, security patch level\n- **Unpatched CVEs** — checks against the CISA Known Exploited Vulnerabilities catalog\n- **DNS command-and-control** — connections to known malicious domains (optional local VPN monitor)\n- **Spyware file artifacts** — filesystem checks for known spyware remnants\n- **Bug report analysis** — forensic analysis of user-provided Android bug reports (`.zip`)\n- **Forensic timeline** — notable security events over time (e.g., device admin grants)\n\n## How it works\n\nDetection logic is expressed as [SIGMA](https://github.com/SigmaHQ/sigma)-compatible YAML rules evaluated against telemetry emitted by the scanner. Rules are reviewable as data — not hidden in compiled code.\n\nIndicator data (malicious package names, certificate hashes, C2 domains, APK hashes) lives in the external [`android-sigma-rules`](https://github.com/yasirhamza/android-sigma-rules) repository and refreshes at runtime. New indicators reach users within hours, not release cycles.\n\n## Architecture\n\n```\napp/src/main/java/com/androdr/\n├── scanner/   Telemetry emitters (apps, device, bugreport)\n├── sigma/     SIGMA rule engine\n├── ioc/       IOC resolver + feed ingesters\n├── data/      Room database + models\n├── reporting/ Reports + STIX2 export + timeline\n├── network/   Local DNS VPN monitor\n└── ui/        Jetpack Compose screens\n```\n\n**Key design principles:**\n- Detection logic in YAML rules, not Kotlin code\n- IOC data in the external rules repo, not bundled in the APK\n- All processing on-device — no backend, no accounts, no telemetry\n- Privacy by design — auto-prune, no cloud backup, user-initiated sharing only\n\nSee [`docs/ARCHITECTURE.md`](docs/ARCHITECTURE.md) for the full architecture reference.\n\n## Building\n\n```bash\n# Prerequisites: JDK 21, Android SDK (compile SDK 34)\n# No API keys required.\n\n./gradlew assembleDebug        # Build debug APK\n./gradlew testDebugUnitTest    # Run unit tests\n./gradlew lintDebug detekt     # Lint + SAST\n./gradlew installDebug         # Install on device/emulator\n./gradlew bundleRelease        # Build release AAB\n```\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for the full development workflow (submodules, smoke test, PR process).\n\n## Download\n\nLatest release: https://github.com/yasirhamza/AndroDR/releases/latest\n\nMirror (for regions where GitHub downloads are throttled): https://androdr.yasirhamza.workers.dev\n\n## Privacy\n\nAll scanning and analysis happens entirely on your device. No data is transmitted to any server. See the [privacy policy](https://androdr.yasirhamza.workers.dev/#privacy).\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for how to add detection rules (manual or AI-assisted), contribute IOC data, report false positives, and set up the development environment.\n\n## License\n\nApache License 2.0 — see [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyasirhamza%2Fandrodr","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyasirhamza%2Fandrodr","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyasirhamza%2Fandrodr/lists"}