Smart 2FA Manager (Android) ^v1.0.0

A secure, offline TOTP 2FA manager for Android

Overview

Smart 2FA Manager is a lightweight, offline TOTP (Time-based One-Time Password) manager for Android. Store your 2FA secrets encrypted locally, generate codes without an internet connection, and maintain full control over your authentication data.

---

Disclaimer

By using this software, you agree to the full disclaimer terms.

Summary: Software provided "AS IS" without warranty. You assume all risks.

Full legal disclaimer: See DISCLAIMER.md

---

Features

• AES-256-GCM Encryption - Industry-standard encryption for your secrets
• SHA-512 Key Derivation - Strong password hashing
• QR Code Scanning - Quickly add services by scanning QR codes
• Real-time Search - Filter services by name instantly
• One-Tap Code Copying - Copy TOTP codes with a single tap
• Offline Operation - No internet connection required
• Material Design UI - Clean and intuitive interface
• Local Storage - Data stored in Documents/.2fa/secrets.enc
• Master Password Protection - All data encrypted with your master password
• Interactive Tooltips - Long press any button to see its function

---

Screenshots

Main Screen	Lock Screen

---

Quick Start

Prerequisites

• Android 8.0 (API level 26) or higher
• Camera permission for QR code scanning

Installation

1. Download the APK from the Releases page
2. Enable "Unknown Sources" in your Android settings
3. Install the APK and open the app

First Launch

1. Create a master password - This password encrypts all your 2FA secrets
2. WARNING - If you lose this password, your secrets are lost forever (no recovery!)
3. Add your first service - Tap the menu button (three dots) and select "Add Service"

Adding a Service

Option 1: Manual Entry

1. Tap the menu button (three dots)
2. Select Add Service (+)
3. Enter service name and secret key (Base32 format)
4. Tap Add

Option 2: QR Code Scan

1. Tap the menu button (three dots)
2. Select Scan QR (camera icon)
3. Scan the TOTP QR code from your service provider
4. Service will be added automatically

Using TOTP Codes

• Copy Code - Tap the "COPY" button to copy the current code
• View Secret - Tap the "SECRET" button to see the secret key (requires master password)
• Delete Service - Tap the "DELETE" button to remove a service
• Search - Tap the "SEARCH" icon in the toolbar to filter services by name

---

Permissions

• CAMERA – Required for scanning QR codes
• MANAGE_EXTERNAL_STORAGE – Required for Android 11+ to access Documents folder

---

Security

Encryption

• Algorithm: AES-256-GCM (Galois/Counter Mode)
• Key Derivation: SHA-512
• IV: Random 12-byte initialization vector per encryption

Data Storage

• Location: Documents/.2fa/secrets.enc
• Format: Encrypted JSON with service:secret pairs
• No Internet: App never sends data over the network
• Local Only: All secrets remain on your device

Master Password

• Never stored - Password is only used to derive encryption key
• No recovery - If forgotten, secrets cannot be recovered
• Local only - Password never leaves your device

---

File Structure

Documents/
└── .2fa/
    └── secrets.enc      # Encrypted services data (AES-256-GCM)

---

Technical Specifications

Component	Specification
Encryption	AES-256-GCM
Key Derivation	SHA-512
TOTP Standard	RFC 6238
Time Step	30 seconds
Code Length	6 digits
Hash Algorithm (TOTP)	HMAC-SHA1
Min Android Version	API 26 (Android 8.0)

---

User Interface

Main Screen

• Service Cards - List of all your 2FA services
• TOTP Code - Current 6-digit code with countdown timer
• Color Coding - Blue (normal), Orange (10 sec left), Red (3 sec left)
• Service Counter - Shows number of services in toolbar

Toolbar Buttons

Button	Action
Search	Opens search bar to filter services
Show All Tips	Displays tooltips for all buttons

Menu Buttons

Button	Action
Scan QR	Add service via QR code
Add Service	Add service manually
Help	Opens help documentation
About	Shows app information and links

Lock Button

Button	Action
Lock	Lock the app and return to password screen (bottom left)

Service Card Buttons

Button	Action
Copy	Copy current TOTP code to clipboard
Secret	View secret key (requires master password)
Delete	Remove service

Search Feature

• Tap "SEARCH" in toolbar to open search
• Type service name to filter list
• Counter shows "Services X" or "X / Y services" when filtered
• Tap ✕ to close search

---

Development

Build Requirements

• Android Studio Hedgehog | 2023.1.1 or higher
• JDK 11 or higher
• Android SDK with API 34

Build from Source

# Clone the repository
git clone https://github.com/smartlegionlab/smart-2fa-manager-android.git

# Open in Android Studio
# Wait for Gradle sync to complete

# Build the APK
./gradlew assembleDebug

Project Structure

app/src/main/
├── java/com/smart-2fa-manager-android/
│   ├── MainActivity.kt          # Main UI and logic
│   ├── TOTPManager.kt           # Encryption and TOTP generation
│   ├── ServiceAdapter.kt        # RecyclerView adapter for services
│   ├── ScanQRActivity.kt        # QR code scanner
│   ├── PortraitScanActivity.kt  # Portrait mode scanner
│   ├── HelpActivity.kt          # Help screen
│   └── AboutActivity.kt         # About screen
├── res/
│   ├── layout/                  # All UI layouts
│   ├── drawable/                # Icons and graphics
│   ├── values/                  # Colors, strings, themes
│   └── anim/                    # Animations for menu
└── AndroidManifest.xml          # App configuration

---

License

BSD 3-Clause License

Copyright (c) 2026, Alexander Suvorov
All rights reserved.

---

Contact & Support

• Author: Alexander Suvorov
• GitHub: github.com/smartlegionlab
• Repository: github.com/smartlegionlab/smart-2fa-manager-android
• Python CLI version: smartlegionlab/smart-2fa-manager-cli
• Python GUI version: smartlegionlab/smart-2fa-manager-desktop
• Python BASH version: smartlegionlab/smart-2fa-manager-bash
• Issues: Report a bug

---

Made with ❤️ for privacy and security