Research & Projects
App Manager
App Manager is a suite of tools and utilities for Android operating system that helps the users improve their privacy and usability. This is primarily done by managing the installed applications. Most applications come with privacy-invasive advertisements, trackers and permissions which cannot be controlled in most cases because neither the application nor the operating system offers such features to the end users. App Manager can provide these features by utilising Android hidden APIs when the privileged mode is enabled. During initialisation, it is capable of adjusting its threat model based on the features available in the operating system using a greedy approach (e.g. it runs in privileged mode when the device is rooted). The users can later adjust it based on their own set of requirements. Another important goal of App Manager is sharing insights about an application with the users to improve their understanding of the application. This facilitates proactive prevention of privacy and security incidents which are ever on the increase in the Android platform. It encourages the users to ask questions regarding certain behaviour of an app or certain features offered by the platform itself. As an example of awareness spread by App Manager, a user discovered a critical privacy issue in Android operating system. App Manager is also built with cutting-edge and ever-evolving design concepts such as Material Design 3 with some home-made designs to fill the remaining gaps on those concepts. It also has an extensive user manual that is available both online and offline inside the application. Features, design principles and goals on the whole has made it quite popular among the Android users as the number of users are constantly growing with more than a hundred thousand downloads in GitHub alone with more than eight thousand followers in various social media channels. I have also raised more than $3,500 for the application using Open Source Collective.
Captive Portal Controller
Captive Portal Controller is a utility software for Android to primarily address the connectivity leaks which reveals the real IP address when VPN is enabled. The leaks affect captive portals (often necessary when logging into a public network) and Internet connectivity checks which is almost always done through Google's servers, which is a breach of privacy. However, the app can also be used to avoid other captive portal-related attacks usually done by setting up a malicious captive portal in a Wi-Fi network obtained through other typical Wi-Fi attacks. For connectivity checks, the app can either disable it entirely or keep it enabled using a more privacy-friendly alternative such as GrapheneOS or Kuketz. It also allows you to set a custom user agent for default connections in Android in case the OEM altered it to something else in order to track the user through, say, connectivity checks.
ADACT
ADACT (Alignment-free Dissimilarity Analysis & Comparison Tool) is a web-based tool for analysing & comparing dissimilarity among nucleotide and protein sequences, which are just strings in computer programming, using alignment-free techniques with the help of absent words such as Minimal Absent Word (MAW), and Relative Absent Word (RAW). The tool produces results faster than the traditional alignment-based alternatives which have higher computational complexity and is capable of comparing a wide range of sequences. Paper: https://doi.org/10.1093/bioinformatics/btaa853
Android Debloat List
Android Debloat List is a recent project whose primary goal is to catalogue preinstalled applications that aren't vital to the core operations of the operating system yet cannot be deleted from the system (also known as ‘ bloatware‘) due to restrictions put by OEM. This is one of the first independent projects to systematically list bloatware as well as suggest alternatives to the applications. At the same time, we're also cataloguing system applications with known vulnerabilities such as RCE or privilege escalation vulnerabilities. This is still a work in progress (listed over 2,300 system applications) and no stable version has been released yet. My other project, App Manager (above), use it to allow its users get rid of those bloatware (the process is known as ‘debloating‘). When a stable version will be released, third-party apps will also be able to use the catalogue in their apps.
Screenshot from App Manager displaying bloatware information obtained from Android Debloat List project.
LibADB Android
LibADB Android is an Android library to let applications utilise Android Debug Bridge (ADB) to perform operations that may require more privileges than that is offered by Android for third-party applications. This is the only known library that offers connections through wireless debugging. The primary challenge was getting rid of the BoringSSL dependency which has an ugly license that makes it incompatible with the most open source licenses including GNU Public License (GPL). It was replaced with a custom SPAKE2 implementation written in Java and C.
SetEdit
SetEdit stands for Settings Database Editor which allows an Android user to browse and modify setting items that aren't accessible from the Android Settings application. It is inspired by an application by the same name which was abandoned for some time. It offers a better user interface and features such as searching and exporting the items.
Android Libraries
Android Libraries aims at building a database of frequently used Android libraries containing primary signatures (eg. Java package name), licenses, anti-features, etc. These data can be used to gather insights on libraries used by an unobfuscated Android application, and a user can decide whether to install the application based on their threat model. This is one of the first open source projects to systematically list such signatures. The list is based on the works of F-Droid and Exodus in addition to signatures investigated by App Manager (above) contributors. This project is currently in progress and only being used by App Manager. Once it is stable, third-party apps will be able to use the list to display insights to the users.
App Manager displaying a list of trackers and libraries in an app taken from the project.
Metro
Metro is a fork of Retro Music Player that improves usability and removes privacy-evading features such as usage of Google Play's billing library, fetching album and artist data from last.fm or audioscrobbling to it. The internet permission itself is removed from the application to avoid leaving any space for exploitation when opening untrusted music files and playlists.
Battery Charge Limiter
Battery Charge Limiter is a utility software aims at improving battery lifespan of Android devices. This is done by maintaining two threshold points. When the upper threshold point has reached, the charging stops automatically, and when the lower threshold point has reached, the charging begins again. It requires root permission to work and is deprecated since Android 13 as most devices with Android 13 already offer similar functionalities.
JADX Android
JADX Android is an Android library to decompile DEX, Smali, etc. to Java. This is an Android port of JADX, a DEX to Java decompiler and desktop application frequently used by reversers to reverse engineer Android applications.
Rapidfuzz-Android
Rapidfuzz-Android is a java wrapper for Rapidfuzz-CPP, rapid fuzzy string matching using the Levenshtein Distance. This library is similar to FuzzyWuzzy and JavaWuzzy, but the string matching is faster than both of the libraries.
UnApkm Android
UnApkm Android is a small utility application for Android to decrypt APKMirror's encrypted APKM files using the Lazysodium library for Android. It also provides an API for third-party applications to use.
KextStatViewer
KextStatViewer is a small utility application for macOS to visualise the output of kextstat command which displays the present state of the XNU kernel extensions (kexts). It also provides a few useful features such as dynamic updates, searching/filtering and display details about a kext.
hostap_realtek_osx
hostap_realtek_osx is a macOS port of Linux's wpa_supplicant to support USB Wi-Fi dongles (Realtek RTL8188) whose kernel extensions no longer work in the latest versions of macOS's.
AdvanceKextUpdater
AdvanceKextUpdater was a utility application for macOS which allowed XNU's third-party kernel extensions (kexts) to be updated automatically. This application was principally intended for the Hackintosh users.
DPCI Manager
DPCI Manager was a popular utility software in the Hackintosh community which is now succeeded by Hackintool. It primarily displays the PCI hardware information fetched from the operating system which are not necessarily the same as the original hardware information since many of them are emulated by editing the ACPI tables. It also offers a dedicated section to display audio, network and graphics information since configuring these options in a Hackintosh is quite difficult. A tool, namely dspci, is also developed as part of the project which produces outputs identical to the Linux command lspci. The software was downloaded at least thirty-six thousand times.
Tuition Management System
Tuition Management System is a fully-featured web application that makes it easy for house tutors to find their students and vice versa. This was originally developed as a university project with the goal of creating an elegant, secure and fully-featured web application using Django web framework.
Other projects
I've also created and/or developed a number of open source projects, such as PHPPhylogeneticTrees, PHPPListEditor, RNGTests, Chrome OS Multiboot, Chrome OS Updater, apksig for Android, Magic MIME DB (work in progress), CountdownTimer, AppleIntelFramebufferPlatformInfo, etc.
I have contributed to a number of projects, such as IINA, MaciASL-patchmatic, maclog, pycookiecheat, Intent Intercept, Autostarts, Robolectric, Material Components Android, Sora Editor, ARSCLib, etc.