The App Lockr is a password manager with no account, no cloud, and — uniquely — no network permission at all. Your logins are encrypted on your phone and autofilled anywhere. Nothing to sync, nothing to breach.
Every design choice serves one promise: the secrets stay with you.
The app doesn't request internet access in its manifest — anyone can verify it. Passwords can't be sent anywhere because the app literally cannot reach the network.
Set it as your Android autofill service once. Login screens get a suggestion; a fingerprint fills it. The vault stays locked until the moment you approve.
Argon2id to stretch your master password, AES-256-GCM for the vault, hardware-backed keys via the Android Keystore. No home-grown anything.
Strong, random passwords on tap — proper entropy from your device's secure RNG, with length and character rules you control.
Suggestions match the real domain only. A look-alike like paypal.com.evil.io will never surface your PayPal login. Exact match, never fuzzy.
Back up the whole vault as one encrypted file, to wherever you like. Moving phones is export, then import. No cloud in the middle.
No jargon required — but the details are here for the people who want them.
It's stretched with Argon2id into a key that unwraps your vault, used briefly in native memory, then wiped. It's never stored, never transmitted.
Industry-standard authenticated encryption. Each entry's secret is sealed individually and only decrypted the instant you view or fill it.
The fingerprint unlock uses a key held in the Android Keystore that the operating system refuses to release without a fresh biometric check.
Vault screens are marked secure, so they don't appear in screenshots or the app-switcher preview. The app auto-locks the moment it leaves the foreground.
One vault, on your phone, that answers to you alone.