The purpose of this app is to facilitate access to 2FA tokens managed through Bubka's 2FAuth service.
To do this, we have developed an Android App that reads 2FA accounts from a user server and stores them locally, allowing the generation of 2FA codes even when we are not connected to the server.
- Free and open source
- Secure
- The vault is encrypted (AES-256-GCM), and can be unlocked with:
- PIN (stored encrypted for higher security)
- Biometrics (Android Keystore)
- Multi-account (you can add an indeterminated number of accounts, from one or multiple 2FAuth servers)
- Screen capture prevention
- Tap to reveal (capable to show current and next TOTP code)
- Clic to copy to clipboard (app can be configured to auto be minimized after the OTP has been copied)
- Alphabetic/last use sorting
- Search by name/issuer
- Shortcuts to fast access to accounts by first service name letter or by group
- Add an account by QR code or by a form (QR code is not shared with other than your server)
- Full Groups and icons management
- Icons not at your 2FA server are downloaded from other sources (optionally)
- Ability to copy server token or account secret code
The SHA-256 digest of the certificate used to sign the app is as follows, and remains constant regardless of the version:
730d15ddea95e04a3d8201a577dfb7c5490dbf0f489f33de8061651067cd2582
The app signature certification can be checked by the following command:
apksigner verify --verbose --print-certs app-release.apk | grep "Signer #1 certificate SHA-256 digest"
We generate the TOTP/HOTP codes using the JAVA library from Bastiaan Jansen (license summary). To generate STEAM OTP codes we have "translated" to Java the Python Algorithm from Art-em1s (license summary).
We use SQLCipher to encrypt the Accounts database (license summary).
Because Bubka 2FA uses SVG icons by default and Android does not natively support that graphic format, we use Dashboard Icons to download icons that are in that format (to search for icons we use the 2FA account service name, in lowercase and with blank spaces replaced by dashes) (license summary).
To design the app icon, we made modifications to the account-lock icon available at Pictogrammers.com (license summary).
If you want, you can invite me to a coffee or a seafood platter
THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
IN NO EVENT SHALL WE BE LIABLE FOR ANYONE DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF NO ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This app is licensed under the terms of the CC BY-NC-SA 4.0 License.