A secure, fully offline, open-source TOTP authenticator for Android.
Not sure which build to choose? Download the Universal version.
- Fully Offline - No internet permission, all data stays on your device
- Hardware-Backed Encryption - Uses Android Keystore with AES-256-GCM
- EncryptedSharedPreferences - Secrets are encrypted at rest
- RFC 6238 Compliant - Proper TOTP implementation with dynamic truncation
- Screenshot Protection - Prevents screenshots and screen recording
- App Lock - PIN and biometric authentication
- Auto-Lock - Automatically locks after 30 seconds in background
- Secure Clipboard - Auto-clears OTP codes after 30 seconds
- Add accounts via QR code scan or manual entry
- Support for SHA-1, SHA-256, SHA-512 algorithms
- Support for 6 and 8 digit codes
- Configurable time periods (default 30s)
- Search accounts
- Reorder accounts
- Encrypted local backups (password-protected)
- Material 3 UI with true black theme (#000000)
- Android 8.0 (API 26) or higher
- Camera permission (for QR code scanning)
- Clone the repository
git clone https://github.com/rishabnotfound/MakimaKey.git
cd MakimaKey- Build with Gradle
./gradlew assembleRelease- Install the APK
adb install app/build/outputs/apk/release/app-release.apk- Tap the QR code button (bottom right)
- Grant camera permission
- Scan the QR code from your service provider
- Account is automatically added
- Tap the + button (bottom right)
- Enter:
- Issuer (optional, e.g., "Google")
- Account name (e.g., "user@example.com")
- Secret key (Base32 encoded)
- Optionally configure advanced settings:
- Algorithm (SHA-1, SHA-256, SHA-512)
- Digits (6 or 8)
- Period (seconds)
- Tap any account to copy the code to clipboard
- The circular timer shows remaining validity
- Codes auto-refresh every period (usually 30s)
- Clipboard is auto-cleared after 30 seconds
- Tap the settings icon (top right)
- Set up PIN (4+ digits)
- Enable biometric unlock (if available)
- App will require authentication after 30 seconds in background
Backups are encrypted with a password you provide:
- Settings → Backup
- Choose export location
- Enter a strong password
- Store backup file securely
To restore:
- Settings → Restore
- Select backup file
- Enter the password
- Android Keystore - Generates and stores AES-256 master key
- AES-GCM Encryption - All TOTP secrets encrypted before storage
- EncryptedSharedPreferences - Additional encryption layer for storage
- PBKDF2 - Password-based encryption for backups (100,000 iterations)
- No network access (internet permission explicitly removed)
- Screenshot protection via FLAG_SECURE
- Clipboard auto-clear
- Secrets never stored in plaintext
- Hardware-backed encryption when available
- Auto-lock on background
app/src/main/java/com/makimakey/
├── crypto/
│ ├── Base32Decoder.kt # RFC 4648 Base32 decoder
│ ├── TotpGenerator.kt # RFC 6238 TOTP generator
│ └── EncryptionManager.kt # Android Keystore encryption
├── storage/
│ └── SecureStorage.kt # EncryptedSharedPreferences wrapper
├── qr/
│ └── OtpAuthParser.kt # otpauth:// URI parser
├── security/
│ └── AppLockManager.kt # PIN and biometric authentication
├── domain/
│ ├── model/
│ │ └── TotpAccount.kt # Account data model
│ └── repository/
│ └── TotpRepository.kt # Account management
├── ui/
│ ├── screens/ # Jetpack Compose screens
│ ├── components/ # Reusable UI components
│ └── theme/ # Material 3 theme (true black)
└── util/
└── BackupManager.kt # Encrypted backup/restore
- No accounts - No sign-up required
- No analytics - Zero telemetry or tracking
- No ads - Completely free and ad-free
- No cloud - All data stays on your device
- Open source - Auditable code
MakimaKey is designed to work completely offline. It will never request internet access, and all data remains local to your device. This means:
- Your TOTP secrets never leave your device
- No risk of cloud breaches
- Works on devices without network access
- Complete control over your data
Compatible with any service that uses standard TOTP (RFC 6238), including:
- GitHub
- Microsoft
- Amazon
- Dropbox
- And thousands more...
- If you lose your device, you lose your accounts
- If you forget your PIN, you lose your accounts
- Always keep backup codes from service providers
- Export encrypted backups regularly
- Store backup files securely (not on the same device)
MakimaKey only generates TOTP codes. It does not:
- Store passwords
- Sync across devices
- Provide cloud backup
- Recover lost accounts
Always save the backup codes provided by service providers when setting up 2FA. These are your recovery method if you lose access to MakimaKey.
- RFC 6238 compliant
- Proper HMAC-based dynamic truncation
- Support for SHA-1, SHA-256, SHA-512
- Configurable time step (default 30s)
- 6 or 8 digit codes
- Time counter based on Unix epoch
- AES-256-GCM for secret encryption
- Hardware-backed Android Keystore when available
- EncryptedSharedPreferences for storage
- PBKDF2 with 100,000 iterations for backups
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Follow Kotlin coding conventions
- Add tests for new functionality
- Submit a pull request
MIT - see LICENSE file
- Built with Jetpack Compose
- Uses AndroidX Security library
- ZXing for QR code parsing
- CameraX for camera integration
This is an open-source project maintained by volunteers. For issues and feature requests, please use GitHub Issues.
This software is provided "as is" without warranty. Use at your own risk. Always keep backup codes from your service providers.
R (rishabnotfound)
Made with ❤️ by R