Secure, Open-Source Android Password Manager with Nextcloud Sync
NexPass is a privacy-focused Android password manager with zero-knowledge encryption, designed for users who self-host Nextcloud. It combines robust security with seamless OS-level autofill integration and offline-first architecture.
- Zero-Knowledge Encryption: Master password never leaves your device
- AES-256-GCM Encryption: Military-grade encryption for all stored passwords
- Hardware-Backed Security: Android Keystore integration
- Biometric Authentication: Fingerprint/Face unlock support
- Auto-Lock: Configurable timeout (1/5/15/30 minutes)
- Encrypted Database: SQLCipher-encrypted local storage
- PBKDF2 Key Derivation: 100,000 iterations for master password
- Full CRUD Operations: Create, read, update, delete passwords
- Intelligent Password Generator: Character-based and passphrase modes
- Folder Organization: Categorize passwords into folders
- Tag System: 16-color tags for flexible organization
- Favorites: Quick access to frequently used passwords
- Search: Fast password search across all fields
- Export/Import: Encrypted backup and restore
- Two-Way Sync: Seamless synchronization with Nextcloud Passwords
- Offline-First: Works without internet, syncs when available
- Conflict Resolution: Smart last-write-wins algorithm
- Pending Queue: Offline changes synced automatically
- Zero-Knowledge Upload: Passwords encrypted before transmission
- Autofill Service: System-wide password autofill
- Intelligent Matching: Domain, package, and fuzzy matching
- Auto-Save: Capture new credentials automatically
- Material 3 UI: Modern, clean interface with dark/light themes
- Deep Linking: Direct navigation to specific passwords
- Android Studio: Hedgehog (2023.1.1) or newer
- JDK: 17 or higher
- Android SDK: API 29+ (Android 10+)
- Gradle: 8.2+ (included via wrapper)
# Clone the repository
git clone https://github.com/codegax/nexpass.git
cd nexpass
# Build debug APK
./gradlew assembleDebug
# Run on connected device/emulator
./gradlew installDebug
# Run tests
./gradlew test-
Debug: Development build with debugging enabled
- Package:
com.nexpass.passwordmanager.debug - Suffix:
-debug
- Package:
-
Release: Production build with ProGuard optimization
- Package:
com.nexpass.passwordmanager - Requires signing configuration
- Package:
- Language: 100% Kotlin
- UI Framework: Jetpack Compose + Material 3
- Architecture: Clean Architecture + MVVM
- Database: Room + SQLCipher (encrypted)
- Network: Ktor Client (HTTPS only)
- Security: Android Keystore + BiometricPrompt
- Dependency Injection: Koin
- Testing: JUnit, Coroutines Test
app/src/main/java/com/nexpass/passwordmanager/
├── autofill/ # Android AutofillService implementation
│ ├── matcher/ # Domain/package matching logic
│ ├── service/ # AutofillService & response builder
│ └── ui/ # Autofill unlock prompt
├── data/ # Data layer (repositories, DAOs, network)
│ ├── local/ # Room database, DAOs, entities
│ ├── network/ # Nextcloud API client
│ └── repository/ # Repository implementations
├── di/ # Koin dependency injection modules
├── domain/ # Business logic layer
│ ├── model/ # Domain models
│ ├── repository/ # Repository interfaces
│ └── usecase/ # Use cases (export/import)
├── security/ # Core security layer
│ ├── biometric/ # Biometric authentication
│ ├── encryption/ # AES-256-GCM crypto operations
│ ├── keystore/ # Android Keystore management
│ └── vault/ # In-memory vault key management
├── ui/ # Presentation layer
│ ├── components/ # Reusable Compose components
│ ├── navigation/ # Navigation graph
│ ├── screens/ # Screen composables
│ ├── theme/ # Material 3 theme
│ ├── viewmodel/ # ViewModels
│ └── lifecycle/ # Auto-lock manager
└── util/ # Utilities (retry policy, network monitor)
Master Password
↓
PBKDF2 (100k iterations)
↓
Vault Key (AES-256)
↓
Encrypted by Keystore Master Key
↓
Stored in Encrypted SharedPreferences
↓
Used to encrypt/decrypt passwords
↓
SQLCipher Database
# Unit tests
./gradlew test
# Unit tests with coverage
./gradlew testDebugUnitTest
# Lint checks
./gradlew lint
# All checks
./gradlew checkThis project follows Kotlin Coding Conventions:
- 4 spaces for indentation
- Max line length: 120 characters
- Explicit types for public APIs
- Meaningful variable names
- Fork the repository
- Create feature branch:
git checkout -b feature/amazing-feature - Commit changes:
git commit -m 'Add amazing feature' - Push to branch:
git push origin feature/amazing-feature - Open a Pull Request
See CONTRIBUTING.md for detailed guidelines.
- docs/USER_GUIDE.md: End-user installation and usage
- docs/NEXTCLOUD_SETUP.md: Nextcloud integration guide
- docs/TROUBLESHOOTING.md: Common issues and fixes
For detailed technical documentation, see the ../NexPassClaude/ directory:
- Architecture specifications
- API contracts
- Build instructions
- Setup guides
Please report security vulnerabilities to security@daguva.com or via GitHub Security Advisories.
See SECURITY.md for our security policy.
- Master password hashed with PBKDF2 (100,000 iterations)
- All passwords encrypted with AES-256-GCM
- Encryption keys protected by Android Keystore
- Database encrypted with SQLCipher
- HTTPS-only network communication
- Zero-knowledge architecture (server never sees plaintext)
- Biometric authentication with hardware backing
- Secure memory wiping for sensitive data
- ProGuard obfuscation in release builds
We welcome contributions! Please see CONTRIBUTING.md for:
- Code of conduct
- Development setup
- Testing requirements
- Pull request process
- Code review guidelines
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.
- ✅ Free to use, modify, and distribute
- ✅ Source code must remain open
- ✅ Changes must be documented
- ✅ Same license for derivatives
- Nextcloud Passwords: Backend API integration
- Android Open Source Project: Platform foundation
- Jetpack Compose: Modern UI framework
- SQLCipher: Database encryption
- Community Contributors: Bug reports and feature requests
- Core password management
- Nextcloud sync
- Autofill service
- Folder & tag organization
- Folder sync with Nextcloud
- Background sync worker
- Password history
- Biometric re-auth for sensitive actions
- TOTP/2FA code generation
- Custom fields support
- Password sharing
- Breach monitoring
- Multi-account support
- Passkey/WebAuthn support
- Browser extension
- Desktop clients (Linux, Windows, macOS)
- Documentation: See
docs/directory - Issues: GitHub Issues
- Discussions: GitHub Discussions
- Contact: contact@daguva.com
Built with ❤️ for privacy and security