No cloud. No servers. No accounts. Your data never leaves your device.
Download · Features · Security · Tech Stack · Screenshots · Feedback
This is an early public build, ahead of an official Play Store launch. Core functionality is implemented and stable, but it hasn't been through wide-scale testing or store review yet.
🐛 Found a bug or have feedback? localvault.support@gmail.com
Most password managers run on someone else's server. Even "encrypted" cloud vaults mean your data sits on infrastructure you don't control — one breach, one misconfigured database, one compromised account, and your vault is exposed somewhere you can't see.
LocalVault starts from a different assumption: the only truly safe place for your passwords is the one place no one else can reach — your own device, with zero network dependency.
| 🚫 No backend | nothing to breach |
| 🚫 No account | nothing to phish |
| works in a basement, a flight, a dead zone | |
| 🕵️ No analytics, no telemetry | the app doesn't know you exist, and neither does anyone else |
If your phone is secure, your vault is secure. That's the entire model.
Store credentials — site, username, password, notes — fully encrypted at rest.
- Full create / edit / delete / view
- Drag-to-reorder by priority or frequency of use
- Search & filter across every entry
- Built-in password strength indicator
Secure, encrypted note-taking for anything sensitive that isn't a credential.
- Full CRUD, search & filter
- Categorized (Personal / Work / Idea / Other) for fast scanning
An encrypted to-do list that doesn't forget deadlines.
- Due dates with local reminder notifications
- Priority levels, drag-to-reorder
- Search & filter
- Master Password — the root of your vault, set once at first launch
- PIN or Pattern — fast daily access without retyping your master password
- Automatic lockout after repeated failed attempts, with escalating cooldowns
- Screenshot blocking — the OS can't capture your vault screen
- Auto-lock on inactivity that survives the OS killing background timers
A full vault wipe, with confirmation, for when you need a clean slate — no half-measures.
Security isn't a feature bullet point here — it's the entire reason this app exists.
- AES-256-CBC encryption for everything you store — credentials, notes, and tasks are unreadable without your master password.
- Two independent unlock paths — your master password and your PIN/Pattern are cryptographically isolated from each other. Compromising the fast daily-unlock path does not weaken your master password.
- Hardware-backed key material — secrets that protect your vault are generated and held in your device's secure hardware storage, not in plain app storage.
- Lockout, not infinite guessing — repeated failed unlock attempts trigger escalating cooldowns and eventually force master-password verification, closing off brute-force attempts.
- Crash-safe by design — vault data is never left in a partially-changed state if the app is killed mid-operation (e.g. during a master password change).
- Zero network calls, anywhere — there is no API client, no analytics SDK, nothing reaching out from this app. The attack surface that doesn't exist can't be exploited.
This repository ships the compiled APK only. Implementation details beyond what's listed above — exact cryptographic parameters, internal data flows, and storage internals — are intentionally not published, to avoid handing out a roadmap for attacking the app.
Found a genuine vulnerability? Please report it privately to localvault.support@gmail.com rather than opening a public issue.
| Layer | Technology |
|---|---|
| Framework | React Native (Expo) |
| Language | TypeScript |
| State Management | Zustand |
| Encryption | AES-256-CBC |
| Vault Tab | Notes Tab | Tasks Tab |
|---|---|---|
![]() |
![]() |
![]() |
| Settings Tab | Change Master Password | Setup Unlock Method |
|---|---|---|
![]() |
![]() |
![]() |
| Password Unlock Screen | PIN Unlock Screen | Pattern Unlock Screen |
|---|---|---|
![]() |
![]() |
![]() |
Grab the latest APK from the Releases page.
- Download the
.apkfile from the latest release - When prompted, allow installation from this source (Settings → enable "Install unknown apps" for your browser/file manager, if not prompted automatically)
- Install and open the app
- Set your master password on first launch — this is the foundation of your vault's encryption, so choose something strong and memorable.
There is no password recovery. By design, there's no server to reset it from — if you lose your master password, your data is unrecoverable. That's the trade-off for nothing ever touching a server.
This app has no analytics, no crash reporting, no telemetry — which means I rely entirely on you to know if something's broken.
Found a bug? Have a feature idea? Just want to say it works great?
📧 localvault.support@gmail.com
Every message gets read.
Built solo, for anyone who'd rather trust their own device than someone else's server.








