Pionen · Secure Vault · v1.0.0
9:41●●●● 100%
VAULT LOCKED
BIOMETRIC SCAN
ENTER PIN
ACCESS GRANTED
Authenticating…
Skip ›
v1.0.0 · Open Source · Android 8+

Military
Encrypted
Vault.

AES-256-GCM per-file encryption.
Hardware-backed keys. Zero cloud. Zero traces.

Download APK View Source →
9:41 ●●●● 100%
VAULT LOCKED
AES-256 Keystore
AES-256
Encryption
100k
PBKDF2 Rounds
2-FA
Bio + PIN
~200ms
Panic Wipe
0
Cloud Backup
Capabilities

Nothing leaves.
Nothing leaks.

Every feature engineered around a single principle — your data stays yours, always.

🔐

AES-256-GCM Per-File Encryption

Each file gets its own unique 256-bit key, generated inside the Android Keystore. Keys never leave secure hardware. Streaming encryption means even 4GB files never sit in plaintext RAM.

AES-256-GCMAndroid Keystore StrongBox TEERandom IV 128-bit Auth TagCrypto-shredding
🔑

Two-Factor Auth

Biometric + mandatory 6-digit PIN. PBKDF2-SHA256 at 100,000 iterations with a 256-bit salt unique per installation.

💣

Panic Wipe

Shake the phone. Every key is destroyed in ~200ms. All files become irrecoverable — permanently and instantly.

🎭

Stealth Mode

Disguise as Calculator, Notes, or System Utilities. Switch icons instantly — the real app stays hidden in plain sight.

🌐

Tor Private Browser

Every browse session routed through Tor. No cookies, no history, no fingerprinting. Starts fresh every time.

📡

Local HTTPS Server

Share vault files to any browser on the same Wi-Fi. Zero cloud. Self-signed HTTPS. QR code pairing.

📷

Direct-to-Vault Camera

Photos and videos captured directly to the encrypted vault. The original never exists in your gallery.

🕵️

Intruder Capture

Silently photographs failed unlock attempts. Stored in vault. They'll never know they were caught.

Security Design

Paranoid
by design.

Every architectural decision starts from a threat model. No plaintext on disk. No key outside hardware. No telemetry, anywhere.

  • No disk image cache — Coil configured memory-only. Decrypted frames never touch storage.
  • FLAG_SECURE global — Screenshots, screen recorders, and recent-app thumbnails blocked everywhere.
  • Zero cloud backupallowBackup=false. All Android extraction rules blocked. No Google Drive sync possible.
  • HTTPS-only networking — Cleartext globally disabled. System CAs only. OS-level enforcement.
  • Zero logcat in release — All logs stripped by R8 + BuildConfig. Zero metadata leaks in prod builds.
  • Auto-lock on background — Vault locks instantly when app leaves foreground. No timeout grace period.
// Encryption Stack

User Auth (Biometric + PIN)
  └─▶ Android Keystore
        TEE / StrongBox
        └─▶ KeyManager
              AES-256, non-extractable
              └─▶ FileEncryptor
                    AES-256-GCM
                    IV: 12 bytes (random)
                    Tag: 128-bit
                    └─▶ *.enc on disk

// Database
SQLCipher
  └─▶ EncryptedSharedPrefs
        AES-256-GCM master key
        └─▶ encrypted metadata only

// Panic Wipe
KeyManager.destroyAllKeys()
  └─▶ Keystore entries: deleted
        Files: irrecoverable
        Time: ~200ms
Get Pionen

Start protecting
your files today.

Free. Open source. No accounts. No telemetry.
No subscriptions. Just encryption.

DOWNLOAD FROM
GitHub Releases
BROWSE THE
Source Code
Requires Android 8.0 (API 26) or higher · v1.0.0 · MIT License