Open-source Android file manager for hiding, encrypting, and locking down your files.
Secure File Manager is an open-source Android file manager focused on keeping your files safe: hide files from the gallery/media scanner, encrypt files and folders, lock the app with a password or biometrics, and manage everything with a modern Material 3 interface. Based on Simple File Manager and part of the OnionPhone app family — this fork rebrands the app (ltechnologies.onionphone.securefilemanager) and is gradually converting the codebase to Kotlin.
‼️ This app is useless if you have a rooted device!
This is a beta version of the app. Do not use it with important files yet — the developers are not responsible for data loss or corruption.
✔️ Open source · ✔️ Privacy friendly · ✔️ Free · ✔️ No ads · ✔️ No unnecessary permissions
- Features
- Architecture
- Install from GitHub Releases
- Build it yourself
- API documentation (KDoc)
- Screenshots
- Security
- Contributing
- License
| Feature | Description |
|---|---|
| Hide files | Hide files/folders from the gallery and other apps without moving them off-device |
| Encrypt files | Encrypt individual files, or create/extract password-protected encrypted Zip archives |
| App lock | Password or biometric authentication to open the app (optional) |
| Checksums | Compute MD5, SHA1, SHA256, SHA512 for any file |
| Privacy hardening | Disable screenshots, disable thumbnails, clear cached thumbnails (all optional) |
| Media destinations | Choose where new photos/videos are saved |
| Remote storage | Connect to SFTP servers |
| Localization | English, French, Spanish (community), Japanese, Russian, Danish (partial) |
Single-module Gradle project — see docs/ARCHITECTURE.md for the full package layout and feature map.
:app
└── ltechnologies.onionphone.securefilemanager
├── activities / fragments / dialogs / views (UI)
├── adapters (RecyclerView)
├── storage / transfer / providers (file I/O, SFTP, encryption)
├── helpers (config, logging, hashing)
└── models / interfaces / observers / receivers / services
| Layer | Technologies |
|---|---|
| UI | Android Views + ViewBinding, Material Components |
| Async | Kotlin Coroutines |
| Encryption | Argon2Kt (key derivation), Zip4j (encrypted archives) |
| Remote storage | sshj (SFTP) |
| Thumbnails | Glide |
| Dependency auditing | OWASP dependency-check Gradle plugin |
| Licenses UI | AboutLibraries |
-
Open Releases.
-
Download the APK matching your device CPU:
APK suffix Devices arm64-v8aMost modern phones (2017+) armeabi-v7aOlder 32-bit ARM phones x86_64Emulators, some tablets x86Older emulators -
Enable Install unknown apps for your browser/files app.
-
Install the APK.
Release APKs are signed with the project release key when CI secrets are configured. Verify the signature with
apksigner verify.
Also available on F-Droid for the upstream app id.
| Tool | Version |
|---|---|
| JDK | 17 (Temurin recommended) |
| Android SDK | API 37, Build-Tools 36+ |
| Gradle | 9.x (wrapper included) |
Set ANDROID_HOME / ANDROID_SDK_ROOT and create local.properties:
sdk.dir=/path/to/Android/SdkOptional: copy secrets.properties.example to secrets.properties if you need BrowserStack device-farm testing (./gradlew connectedDebugAndroidTest on BrowserStack — not required for a normal build).
Linux / macOS
# Clone
git clone https://github.com/LTechnologies0/Secure-File-Manager.git && cd Secure-File-Manager
# Debug APK (arm64-v8a, fastest)
./gradlew :app:assembleDebug
# All unit tests
./gradlew test
# Release APKs — all 4 ABIs (unsigned without keystore)
./gradlew :app:assembleRelease
# Release APKs — signed locally
cp keystore.properties.example keystore.properties
# Edit keystore.properties, then:
./gradlew :app:assembleRelease
# Install debug on connected device
./gradlew :app:installDebug
# API documentation
./gradlew dokkaGenerate
# → build/dokka/html/index.htmlWindows (PowerShell)
git clone https://github.com/LTechnologies0/Secure-File-Manager.git; cd Secure-File-Manager
# Debug APK
.\gradlew.bat :app:assembleDebug
# Tests
.\gradlew.bat test
# Release (all ABIs)
.\gradlew.bat :app:assembleRelease
# Install debug
.\gradlew.bat :app:installDebug
# Docs
.\gradlew.bat dokkaGenerateThere are also ready-made PowerShell helper scripts: scripts/setup-and-install.ps1 and scripts/install-to-device.ps1.
| Task | Output |
|---|---|
assembleDebug |
app/build/outputs/apk/debug/app-<abi>-debug.apk |
assembleRelease |
app/build/outputs/apk/release/app-<abi>-release.apk |
dokkaGenerate |
build/dokka/html/index.html |
test |
**/build/reports/tests/ |
bash scripts/generate-release-keystore.sh
cp keystore.properties.example keystore.properties
# Edit paths/passwords — never commit these files
./gradlew :app:assembleReleasePublic APIs are documented with KDoc in source. HTML reference is generated with Dokka:
./gradlew dokkaGenerate
# → build/dokka/html/index.htmlLive docs (auto-deployed on push to main): ltechnologies0.github.io/Secure-File-Manager
- No secrets in repo:
keystore.properties,secrets.properties, andlocal.propertiesare gitignored — see SECURITY.md. - CI signing: GitHub Actions secrets only.
| GitHub secret | Purpose |
|---|---|
RELEASE_KEYSTORE_BASE64 |
Base64-encoded keystore |
RELEASE_KEYSTORE_PASSWORD |
Keystore password |
RELEASE_KEY_ALIAS |
Key alias |
RELEASE_KEY_PASSWORD |
Key password |
Enable in repo settings: Dependabot alerts, secret scanning, push protection, CodeQL.
See CONTRIBUTING.md. In short:
- Fork and create a feature branch from
main. - Run
./gradlew test :app:assembleDebugbefore pushing. - Add KDoc for new public APIs.
- Open a PR — CI runs tests, debug build, CodeQL, and dependency review.
Translations happen on Crowdin. See FAQ and CHANGELOG.md for release history.
This app is based on the Simple File Manager, continued via Secure-File-Manager/Secure-File-Manager.
Open-source components used: AboutLibraries · AppIntro · Argon2Kt · TapTargetView · Zip4j · Glide · sshj
Licensed under the GPLv3.
F-Droid logo is a trademark of F-Droid Limited. GitHub logo is a trademark of GitHub Inc.





