Secure, Open-Source Android Password Manager with Nextcloud Sync
NexPass is a privacy-focused Android password manager with zero-knowledge encryption, designed for users who self-host Nextcloud. It combines robust security with seamless OS-level autofill integration and offline-first architecture.
- Zero-Knowledge Encryption: Master password never leaves your device
- AES-256-GCM Encryption: Military-grade encryption for all stored passwords
- Hardware-Backed Security: Android Keystore integration
- Biometric Authentication: Fingerprint/Face unlock support
- Auto-Lock: Configurable timeout (1/5/15/30 minutes)
- Encrypted Database: SQLCipher-encrypted local storage
- PBKDF2 Key Derivation: 100,000 iterations for master password
- Full CRUD Operations: Create, read, update, delete passwords
- Intelligent Password Generator: Character-based and passphrase modes
- Folder Organization: Categorize passwords into folders
- Tag System: 16-color tags for flexible organization
- Favorites: Quick access to frequently used passwords
- Search: Fast password search across all fields
- Export/Import: Encrypted backup and restore
- Two-Way Sync: Seamless synchronization with Nextcloud Passwords
- Offline-First: Works without internet, syncs when available
- Conflict Resolution: Smart last-write-wins algorithm
- Pending Queue: Offline changes synced automatically
- Zero-Knowledge Upload: Passwords encrypted before transmission
- Autofill Service: System-wide password autofill
- Intelligent Matching: Domain, package, and fuzzy matching
- Auto-Save: Capture new credentials automatically
- Material 3 UI: Modern, clean interface with dark/light themes
- Deep Linking: Direct navigation to specific passwords
- Android Studio: Hedgehog (2023.1.1) or newer
- JDK: 17 or higher
- Android SDK: API 29+ (Android 10+)
- Gradle: 8.2+ (included via wrapper)
# Clone the repository
git clone https://github.com/codegax/nexpass.git
cd nexpass
# Build debug APK
./gradlew assembleDebug
# Run on connected device/emulator
./gradlew installDebug
# Run tests
./gradlew test-
Debug: Development build with debugging enabled
- Package:
com.nexpass.passwordmanager.debug - Suffix:
-debug
- Package:
-
Release: Production build with ProGuard optimization
- Package:
com.nexpass.passwordmanager - Requires signing configuration
- Package:
- Language: 100% Kotlin
- UI Framework: Jetpack Compose + Material 3
- Architecture: Clean Architecture + MVVM
- Database: Room + SQLCipher (encrypted)
- Network: Ktor Client (HTTPS only)
- Security: Android Keystore + BiometricPrompt
- Dependency Injection: Koin
- Testing: JUnit, Coroutines Test
app/src/main/java/com/nexpass/passwordmanager/
βββ autofill/ # Android AutofillService implementation
β βββ matcher/ # Domain/package matching logic
β βββ service/ # AutofillService & response builder
β βββ ui/ # Autofill unlock prompt
βββ data/ # Data layer (repositories, DAOs, network)
β βββ local/ # Room database, DAOs, entities
β βββ network/ # Nextcloud API client
β βββ repository/ # Repository implementations
βββ di/ # Koin dependency injection modules
βββ domain/ # Business logic layer
β βββ model/ # Domain models
β βββ repository/ # Repository interfaces
β βββ usecase/ # Use cases (export/import)
βββ security/ # Core security layer
β βββ biometric/ # Biometric authentication
β βββ encryption/ # AES-256-GCM crypto operations
β βββ keystore/ # Android Keystore management
β βββ vault/ # In-memory vault key management
βββ ui/ # Presentation layer
β βββ components/ # Reusable Compose components
β βββ navigation/ # Navigation graph
β βββ screens/ # Screen composables
β βββ theme/ # Material 3 theme
β βββ viewmodel/ # ViewModels
β βββ lifecycle/ # Auto-lock manager
βββ util/ # Utilities (retry policy, network monitor)
Master Password
β
PBKDF2 (100k iterations)
β
Vault Key (AES-256)
β
Encrypted by Keystore Master Key
β
Stored in Encrypted SharedPreferences
β
Used to encrypt/decrypt passwords
β
SQLCipher Database
# Unit tests
./gradlew test
# Unit tests with coverage
./gradlew testDebugUnitTest
# Lint checks
./gradlew lint
# All checks
./gradlew checkThis project follows Kotlin Coding Conventions:
- 4 spaces for indentation
- Max line length: 120 characters
- Explicit types for public APIs
- Meaningful variable names
- Fork the repository
- Create feature branch:
git checkout -b feature/amazing-feature - Commit changes:
git commit -m 'Add amazing feature' - Push to branch:
git push origin feature/amazing-feature - Open a Pull Request
See CONTRIBUTING.md for detailed guidelines.
- docs/USER_GUIDE.md: End-user installation and usage
- docs/NEXTCLOUD_SETUP.md: Nextcloud integration guide
- docs/TROUBLESHOOTING.md: Common issues and fixes
For detailed technical documentation, see the ../NexPassClaude/ directory:
- Architecture specifications
- API contracts
- Build instructions
- Setup guides
Please report security vulnerabilities to security@daguva.com or via GitHub Security Advisories.
See SECURITY.md for our security policy.
- Master password hashed with PBKDF2 (100,000 iterations)
- All passwords encrypted with AES-256-GCM
- Encryption keys protected by Android Keystore
- Database encrypted with SQLCipher
- HTTPS-only network communication
- Zero-knowledge architecture (server never sees plaintext)
- Biometric authentication with hardware backing
- Secure memory wiping for sensitive data
- ProGuard obfuscation in release builds
We welcome contributions! Please see CONTRIBUTING.md for:
- Code of conduct
- Development setup
- Testing requirements
- Pull request process
- Code review guidelines
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.
- β Free to use, modify, and distribute
- β Source code must remain open
- β Changes must be documented
- β Same license for derivatives
- Nextcloud Passwords: Backend API integration
- Android Open Source Project: Platform foundation
- Jetpack Compose: Modern UI framework
- SQLCipher: Database encryption
- Community Contributors: Bug reports and feature requests
- Core password management
- Nextcloud sync
- Autofill service
- Folder & tag organization
- Folder sync with Nextcloud
- Background sync worker
- Password history
- Biometric re-auth for sensitive actions
- TOTP/2FA code generation
- Custom fields support
- Password sharing
- Breach monitoring
- Multi-account support
- Passkey/WebAuthn support
- Browser extension
- Desktop clients (Linux, Windows, macOS)
- Documentation: See
docs/directory - Issues: GitHub Issues
- Discussions: GitHub Discussions
- Contact: contact@daguva.com
Built with β€οΈ for privacy and security