ThreatStrike Mobile bundles eleven privacy utilities, metadata remover, file shredder, virus & APK scanner, breach check, password generator, permission auditor, 2FA authenticator, encrypted vault, biometric lock, duress PIN, and optional Tor routing, into one Android app. No ads. No tracking. No subscription.
Every utility you've been installing separately, unified, signed, and under one biometric lock. Works offline by default.
Strips EXIF, GPS, authorship, and embedded metadata from images, Office documents, and MP3s. Supports JPG, PNG, WebP, HEIC, DOCX, XLSX, PPTX.
Cryptographically secure multi-pass overwrite with random bytes, then deletion. Configurable pass count. Honest about the limits of flash storage.
Bring your own API key, never ours. Scan files up to 32 MB, URLs, or installed APKs against 70+ antivirus engines (VirusTotal) and the Koodous Android malware DB. QR codes preview the URL and verdict before you ever open them.
Check if a password has appeared in known breaches using HaveIBeenPwned's k-anonymity API. Only the first 5 chars of the SHA-1 hash ever leave the device.
Random (8–100 chars) or Diceware passphrases from a bundled wordlist. Configurable separators, character classes, and capitalization. Clipboard auto-clears after 30 seconds.
Scans every installed app and flags risky permission combinations, accessibility abuse, overlay attacks, SMS exfiltration, notification snooping. Deep-links to system settings.
One PIN set once, Argon2id derives the vault key. Fingerprint / face unlocks via a Keystore-bound wrapper; PIN is always the fallback. Optional scrambled keypad defeats shoulder-surfing.
A second PIN that silently wipes every vault file, 2FA code, saved API key, and the vault key itself, then closes the app. Looks like a mistyped unlock. Irreversible: every encryption key is destroyed in memory and on disk, so even forensically recovered ciphertext can't be decrypted.
RFC 6238 TOTP codes. QR-scan enrollment, encrypted local storage, auto-clearing clipboard, long-press to edit labels. Aegis-compatible, your codes aren't locked into our app.
Import any file or create text notes inside the app. AES-256-GCM, hidden from other apps. Batch-select to delete. Open decrypted files in any viewer via the system share menu. One-tap shred of the original source after import.
Detects Orbot on your device and optionally routes VirusTotal and breach-check requests through its SOCKS proxy. We don't re-implement Tor, we use the real thing.
A privacy app that funds itself with ads or behavioral tracking is a contradiction. ThreatStrike Mobile is the thing it claims to be.
No banners, no pop-ups, no "rewarded" video nonsense. Not in v1, not in v10.
No analytics SDKs, no crash reporters to third parties, no telemetry of any kind.
One-time purchase. You own the version you buy. Free updates while the app is maintained.
Scan history, saved API keys, and anything sensitive, AES-256-GCM, hardware-backed Android Keystore.
Only VirusTotal and HIBP calls ever touch the network, and only when you initiate them.
BYOK for VirusTotal and Koodous. We never see your API key. We never see your files.
SQLCipher-backed Room DB, certificate pinning on every outbound call, FLAG_SECURE on sensitive screens (no screenshots, no recents thumbnails), root/debugger/emulator warning on launch.