mirror of https://github.com/MaintainTeam/Hypatia.git synced 2025-12-08 10:27:23 +03:00

A realtime malware scanner

Find a file

Inhishonor b8fd910d5b Some checks failed CI / build (push) Has been cancelled Details Validate Gradle Wrapper / Validation (push) Has been cancelled Details Merge branch 'stable' into dev		2025-11-08 17:45:43 -08:00
.github	release: 3.17	2025-10-23 18:36:31 -07:00
.idea	Update .idea files and gitignore	2025-11-08 17:40:40 -08:00
app	release: 3.17	2025-10-23 18:36:31 -07:00
fastlane/metadata/android	Update full description for Hypatia app	2025-10-24 19:30:07 +03:00
gradle	Merge branch 'dev' into stable	2025-10-23 18:36:31 -07:00
graphics	Add the Cloudflare mirror and bump version	2024-05-17 09:20:56 -04:00
scripts	generator: performance optimization	2024-09-08 03:19:18 -04:00
.gitignore	Update .idea files and gitignore	2025-11-08 17:40:40 -08:00
.gitlab-ci.yml	CI Improvements	2021-09-24 16:04:57 -04:00
android-env.nix	MIX: Share Scan Feature & Other Changes	2025-03-23 06:48:40 +03:00
build.gradle	Merge branch 'dev' into stable	2025-10-23 18:36:31 -07:00
debugkey.pk8	CI Improvements	2021-09-24 16:04:57 -04:00
debugkey.x509.pem	CI Improvements	2021-09-24 16:04:57 -04:00
gradle.properties	MIX: Share Scan Feature & Other Changes	2025-03-23 06:48:40 +03:00
gradlew	MIX: Share Scan Feature & Other Changes	2025-03-23 06:48:40 +03:00
gradlew.bat	MIX: Share Scan Feature & Other Changes	2025-03-23 06:48:40 +03:00
LICENSE	Going the distance... [pt3]	2024-07-27 18:34:19 -04:00
README.de.md	Translate F-droid badges	2024-05-05 15:08:39 +00:00
README.es.md	Translate F-droid badges	2024-05-05 15:08:39 +00:00
README.fr.md	Translate F-droid badges	2024-05-05 15:08:39 +00:00
README.it.md	Translate F-droid badges	2024-05-05 15:08:39 +00:00
README.md	Merge branch 'dev' into stable	2025-10-23 18:36:31 -07:00
README.pl.md	Translate F-droid badges	2024-05-05 15:08:39 +00:00
README.tr.md	Translate F-droid badges	2024-05-05 15:08:39 +00:00
settings.gradle	Bump app version	2017-12-26 18:54:57 -05:00

README.md

Warning

This is a fork of the original (and discontinued) app from DivestOS.

Hypatia

Overview

Hypatia is the world's first FOSS malware scanner for Android. It is powered by ClamAV style signature databases.

Features

Near zero battery impact: you'll never notice any impact on battery at all
Extremely fast: it can scan small files (1MB) in <20ms, and even large files (40MB) in 1000ms.
Memory efficient: with the default databases enabled it uses under 120MB.
Regular scan: allowing selection of /system, internal storage, external storage, and installed apps
Realtime scanner: can detect malware in realtime on write/rename in internal storage
Completely offline: Internet is only used to download signature databases, files will never ever leave your device
Persistence: will automatically restart on boot/update
Tiny codebase: coming in at under 1000 sloc, it can be audited by even someone with basic programming experience
Minimal dependencies: the app only uses libraries when necessary
Signature databases can be enabled/disabled at the users demand

Troubleshooting

The app crashes and is very buggy: The first thing to check is if you have extended databases enabled. Extended databases require more RAM (8 GB), and can occasionally cause the app to be very buggy.
Unable to download databases: If this occurs, try tapping the ellipsis in the top right of the main screen and tap Database server override. This uses a mirror database in case the main database is down.
There are false positives: This occasionally occurs due to the nature of bloom filters. If you believe there is a false positive, first, rescan. This will sometimes fix the false positive. And if this still returns a false positive, scan the file to VirusTotal, and this will tell you if you truly have a false positive or rather some malware.

APK Info & Security

Both debug, release and nightly versions built by GitHub Actions. You can check checksum notice in Release Actions or/and checksum.txt in releases to compare with Application's

This is the SHA fingerprint of Hypatia's signing key to verify downloaded APKs which are signed by us.

1B:00:8D:64:BB:95:AB:47:74:D6:8B:87:F2:2B:8B:E9:A2:72:F4:92:4D:F5:20:29:D7:E6:18:38:35:D9:18:CC

Technical Details

Signature databases are serialized Guava BloomFilter object format
Signature databases will not be redownloaded if the file hasn't changed on the server (304 not modified)
Signatures are stored using BloomFilters for O(k) lookup
Files have their MD5/SHA-1/SHA-256 hashes calculated in one pass
Realtime scanner is multithreaded and will use half of the device's core count for scanning multiple files asynchronously
Realtime scanning powered by a recursive FileObserver

Permissions

ACCESS_NETWORK_STATE: Checks if a network is available before updating databases.
FOREGROUND_SERVICE and FOREGROUND_SERVICE_SPECIAL_USE: Used for realtime scanning.
INTERNET: Download and update databases.
MANAGE_EXTERNAL_STORAGE: Used for reading malicious files for scanning, and deleting infected files.
WRITE_EXTERNAL_STORAGE and READ_EXTERNAL_STORAGE: Used for scanning and removing infected files on older Android versions.
QUERY_ALL_PACKAGES: Used for scanning malicious apps.
RECEIVE_BOOT_COMPLETED: Restart the app on reboot.
REQUEST_DELETE_PACKAGES: Used for removing infected apps.
POST_NOTIFICATIONS: Notifications.
WAKE_LOCK: Keeps phone awake while scanning to prevent the process from being killed.
ACCESIBILITY_SERVICE: Used to allow the link scanner to read the screen and check for malicious domains.
DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION: Required for receiver declarations in Android.

Building

Building the app is simliar to most android apps, but if you would like to sync the app in Android Studio, you might need to add the following to metadata-verification.xml:

      <trusted-artifacts>
         <trust file=".*-javadoc[.]jar" regex="true"/>
         <trust file=".*-sources[.]jar" regex="true"/>
      </trusted-artifacts>

Planned Updates

In order to view the immediate roadmap, please check out the milestones. From here, you can gauge the time untill the next release. 😀

Option to scan on access
Scan newly installed/updated apps
Option to let 3rd-party apps invoke scans
Automatic database updates
Database sanity checks
Testing
Better GUI
Translations
Scanning entire system using root (low priority)

Goals

Be fast
Don't eat batteries
Use minimal permissions
Use libraries only when necessary

Credits

ClamAV for the databases (GPLv2)
ESET for extra databases (BSD 2-Clause)
Nex (@botherder) for extra databases (CC BY-SA 4.0)
Amnesty International for extra databases (CC BY 2.0)
Echap for extra databases (CC BY 4.0)
MalwareBazaar for extra databases (CC0)
RecursiveFileObserver.java (GPL-3.0-or-later): Daniel Gultsch, ownCloud Inc., Bartek Przybylski
GPGDetachedSignatureVerifier.java (GPL-2.0-or-later): Federico Fissore, Arduino LLC
Petra Mirelli for the app banner/feature graphic and various tweaks.
@eloitor: Translations work
Icons: Google/Android/AOSP, License: Apache 2.0, https://google.github.io/material-design-icons/

Translations

Afrikaans: Oswald van Ginkel
Arabic: abdelbasset jabrane, ABDO GM
Chinese (Simplified): Sdarfeesh, Crit, 大王叫我来巡山
Chinese (Traditional Han script): 張可揚
Croatian: lukapiplica
Czech: Fjuro
Estonian: Priit Jõerüüt
Finnish: huuhaa, Ricky Tigg
French: cardpuncher, Jean-Luc Tibaux, Petra Mirelli, thraex
Hebrew: elid34
Galician: ghose, josé m
German: thereisnoanderson, Balthazar1234, Petra Mirelli, Ettore Atalan
Greek: Dimitris Vagiakakos
Indonesian: Adrien N
Italian: Tommaso Fonda, srccrow, Petra Mirelli, Dark Space
Japanese: honyaku
Polish: Marcin Mikołajczak
Portuguese (Brazil): lucasmz
Portuguese: jontaix, inkhorn, ssantos
Romanian: Renko
Russian: yurtpage, q1011, Andrey
Slovak: Pa Di
Spanish: gallegonovato, Manuel-Senpai, Petra Mirelli
Turkish: cardpuncher
Ukrainian: Fqwe1

Notices

Divested Computing Group is not affiliated with Cisco or ESET
MaintainTeam is not affiliated with Cisco or ESET
Hypatia is not sponsored or endorsed by Cisco or ESET