DEV Community

Cover image for Building SafeKit — A Local-First Android Permission Auditor Focused on Privacy
Jayant Navrange
Jayant Navrange

Posted on

Building SafeKit — A Local-First Android Permission Auditor Focused on Privacy

#flutter #android #security #kotlin

Why I Built SafeKit: A Local-First Android Permission Auditor That Respects User Privacy

Android users install dozens - sometimes hundreds - of apps without fully understanding what those apps can access behind the scenes.

Many apps request permissions that most people never notice, never question, and never audit again after installation.

That problem is what led to the creation of SafeKit.

SafeKit is an Android utility focused on:

  • Dangerous permission auditing
  • Risk analysis
  • APK extraction
  • Tracker detection

…while keeping user privacy at the center of the experience.

Unlike many security-style apps, SafeKit follows a Zero-Server / Local-First architecture.

Your app analysis stays on your device.

What Is SafeKit?

SafeKit is a diagnostic and educational Android utility that helps users inspect:

  • Dangerous permissions used by apps
  • Potential risk indicators
  • Hidden trackers
  • Permission changes over time
  • APK backups and extraction
  • App usage insights

The goal is not to behave like a traditional antivirus.

Instead, SafeKit helps users understand what apps are capable of doing and make informed decisions themselves.

Not All Permissions - Only Dangerous Ones

One of the biggest misconceptions about Android app scanners is that they simply dump every permission an app uses.

SafeKit does not do that.

Instead, SafeKit focuses on permissions that are considered potentially sensitive, high-impact, or security relevant.

That includes permissions associated with:

  • Device access
  • Background behavior
  • User tracking
  • Notifications
  • Package visibility
  • Usage statistics
  • Installation behavior
  • System-level interactions

This makes the audit cleaner, more practical, and easier to understand.

Instead of overwhelming users with harmless permissions, SafeKit prioritizes permissions that could genuinely affect privacy, security, or device behavior.

Local-First by Design

Privacy was one of the core principles during development.

SafeKit does not operate its own servers to collect audit data.

All analysis happens locally on the device using an SQLite database.

That means:

  • Installed app data stays on your phone
  • Risk calculations stay on your phone
  • Permission history stays on your phone
  • APK extraction stays on your phone

No cloud sync.
No account creation.
No remote scanning infrastructure.

This approach reduces privacy concerns while also improving transparency.

Core Features

Centralized Dashboard

SafeKit provides a system overview with:

  • App risk insights
  • Quick actions
  • Permission statistics
  • Activity indicators
  • Audit summaries

The goal is to make device inspection feel approachable rather than overly technical.

Risk-Aware App List

Installed applications are categorized using risk indicators and permission analysis.

Users can quickly identify apps that may deserve additional attention.

This is especially useful for:

  • Old unused apps
  • Unknown APK installs
  • Utility apps with excessive permissions
  • Apps installed from outside official stores

Deep App Inspection

Each app can be inspected individually.

SafeKit analyzes:

  • Dangerous permissions
  • Risk scoring
  • Metadata
  • Usage behavior
  • Tracker presence
  • Installation information

The app presents this information in a simplified format intended for normal users - not just developers or security researchers.

Permission Timeline

Permissions change over time.

Apps update.
Features change.
Developers add SDKs.
Advertising frameworks evolve.

SafeKit keeps a local historical log so users can track permission changes on their device.

This helps answer questions like:

  • “Why does this app suddenly need new permissions?”
  • “What changed after the update?”
  • “Did this app recently add tracking-related access?”

Tracker Detection

SafeKit includes tracker analysis powered by the public dataset from εxodus Privacy.

This feature helps identify embedded tracking libraries inside applications.

Examples include:

  • Analytics SDKs
  • Advertising frameworks
  • Behavioral tracking libraries
  • Attribution systems

APK Extraction

SafeKit also includes APK extraction tools.

Users can save APK files locally for:

  • Personal backups
  • Archiving older versions
  • Offline storage
  • Device migration

This process is completely local-to-local.

SafeKit does not upload APKs anywhere.

Why QUERY_ALL_PACKAGES Is Required

One permission that often raises questions is:

QUERY_ALL_PACKAGES
Enter fullscreen mode Exit fullscreen mode

Google treats this permission as highly sensitive because it allows visibility into installed applications.

SafeKit requires this permission because its core functionality depends on auditing installed apps.

Without package visibility, the app cannot:

  • Analyze installed applications
  • Detect dangerous permissions
  • Generate risk insights
  • Perform tracker checks
  • Build permission timelines

The permission exists strictly for on-device analysis purposes.

Ads, Billing, and Transparency

SafeKit uses:

  • Google AdMob
  • Google Play Billing

AdMob may process advertising identifiers for ad delivery and analytics.

Users can manage ad privacy preferences directly from the app settings.

The app also offers optional premium features through:

  • Monthly subscription
  • Lifetime purchase

Core app functionality remains available for free users.

What SafeKit Is NOT

SafeKit is not:

  • A remote spyware detector
  • A cloud antivirus
  • A malware removal tool
  • A system optimizer
  • A RAM booster

It is a transparency and auditing utility.

Its purpose is to help users understand their device environment more clearly.

Building SafeKit in Flutter

SafeKit is built using Flutter and relies on a combination of open-source libraries for:

  • Notifications
  • SQLite storage
  • Background tasks
  • File handling
  • App inspection
  • In-app purchases

Using Flutter allowed rapid UI iteration while maintaining Android-specific functionality.

The Bigger Problem With Mobile Privacy

Modern mobile ecosystems are extremely complex.

Many users:

  • Install apps quickly
  • Accept permissions automatically
  • Ignore updates
  • Never revisit privacy settings

Over time, devices accumulate apps with varying levels of access and transparency.

SafeKit attempts to simplify that complexity into something understandable.

Not fear-driven.
Not alarmist.
Just transparent.

Final Thoughts

SafeKit was built around a simple idea:

Users should understand what apps on their devices are capable of doing.

That understanding should not require:

  • Technical expertise
  • Server-side surveillance
  • Complicated security jargon

Try the app here

By focusing on dangerous permissions, local-first analysis, and privacy-conscious design, SafeKit aims to give Android users more visibility into their own devices - while keeping their data where it belongs: on the device itself.

Top comments (0)