NextVault — Password Manager by ThingSmart
📱 Android · Free Download · v2.0

Your digital life,
one secure vault.

NextVault stores all your passwords, cards, IDs and notes in a triple-layer encrypted vault — entirely on your device. No cloud. No subscription. No compromise.

📥 Get on Google Play 🔒 How It’s Secured
nextvault — Your digital life, one secure vault
🔒
AES-256-GCMPer-record encryption
NextVault
14 categories · ●●● records
🔍 Search your vault…
All
Personal
Work
🌐
GitHub
Login Work
🏦
HSBC Online
Bank Account
🔑
Gmail OTP
Email · 234 567
💳
Visa Platinum
Credit / Debit Card
👆
Biometric LockFingerprint + Anti-phishing
256
Bit AES-GCM Encryption
14
Credential Categories
600K
PBKDF2 Iterations
0
Cloud Servers Used
Features

Everything your password manager should do.

Built for users who want full control. No telemetry, no ads, no cloud dependency. Your credentials live on your device, encrypted with keys only you hold.

🛡️
Triple-Layer Encryption

RSA-2048 master password via Android Keystore → PBKDF2-HMAC-SHA256 database key (600k iterations) → AES-256-GCM per-record. Three independent cryptographic barriers.

RSA-2048AES-256-GCMSQLCipherPBKDF2
👆
Biometric + Anti-Phishing

Fingerprint and face unlock via Android BiometricPrompt. Anti-phishing phrase displayed on the login screen — RSA-encrypted, biometric-gated to change. Auto-locks after configurable idle timeout.

FingerprintFace UnlockAnti-PhishingAuto-Lock
🔢
Built-in TOTP Authenticator

Live 2FA codes directly inside your vault. OTP fields store Base32 secrets or otpauth:// URIs. Scan QR codes with the built-in CameraX scanner. 30-second countdown with one-tap copy.

TOTPQR Scannerotpauth://
❤️‍🩹
Password Health Dashboard

Detects weak, reused, and aged passwords. Checks against HaveIBeenPwned using k-anonymity — only 5 SHA-1 hash characters leave the device. Your passwords are never transmitted.

HIBPK-AnonymityBreach Check
📤
Encrypted Backup & Import

Export to AES-256-GCM .nextvault files (PBKDF2 310k iterations) with biometric gate. Import from 1Password, Bitwarden, and LastPass CSV. Backup bundles DB + salt in a single .tskbackup envelope.

1PasswordBitwardenLastPass.tskbackup
🗂️
Collections & Custom Categories

Organise records into Personal, Work, or any custom collection. Create your own credential types with drag-to-reorder fields: Text, Password, Note, Phone, Date, Number, URL, OTP.

CollectionsCustom FieldsDrag & Drop
🤖
Android Autofill
Fills passwords in Chrome, Firefox, Edge and apps via the Android Autofill Framework — biometric-gated on every use.
🔑
Password Generator
Passwords or EFF passphrases with entropy display. Per-category presets: 4-digit PIN for cards, 20-char for WiFi, 5-word passphrase for notes.
📋
Security Audit Log
Full log of every login, export, and record change. Biometric-gated clearing, 90-day auto-prune. App integrity check verifies APK signing certificate.
📱
Tablet & Dark Mode
Adaptive two-pane layout on tablets via SlidingPaneLayout. Full dark mode with system-following or manual toggle — no restart needed.
Security Architecture

Paranoid by design. Private by default.

Every security decision assumes worst-case: a motivated attacker with physical access to your device. We don’t cut corners.

Encryption Stack

Layer 01 · Master Password
RSA-2048 via Android Keystore
Hardware-backed key · PKCS#11 boundary · Alias: myPasswords · Never leaves secure enclave
Layer 02 · Database
SQLCipher + PBKDF2-HMAC-SHA256
600,000 iterations · Per-install random salt (db_salt) · v3→v4 cipher auto-migration
Layer 03 · Each Record
AES-256-GCM (v2 session key)
Session key: SHA-256(dbKey ∥ domain) · Unique IV per record · GCM auth tag · sub-ms decrypt
Export / Backup
AES-256-GCM + PBKDF2 310K
Highest KDF cost for at-rest files · Biometric gate required · Salt bundled in envelope

Security Controls

🚫
No Screenshots, System-wideFLAG_SECURE on every screen prevents screenshots, screen recording, and app-switcher thumbnails. Clipboard auto-clears after 30 seconds.
🐟
Anti-Phishing PhraseUser-set phrase displayed on the login screen as a pill chip, RSA-encrypted. Protects against fake login screens. Biometric-gated to change.
App Integrity CheckAPK signing certificate SHA-256 verified on every launch. Non-dismissible tamper dialog shown if the signature doesn’t match — skips DB init entirely.
⏱️
Auto-Lock + Session TokensSession token cleared on logout. DB connection fully closed and nulled. PBKDF2 key re-derived on next login — no stale session survives.
Credential Types

14 built-in categories. Unlimited custom ones.

Every category ships with context-aware fields. Drag to reorder, add or remove fields, create entirely new types. Your vault, your structure.

🔐
Login
URL · Username · Password · OTP
📧
Email Account
SMTP · IMAP · OTP
📱
Social Media
Platform · Handle · OTP
💳
Credit / Debit Card
Number · CVV · Expiry · PIN
🏦
Bank Account
IBAN · Sort Code · PIN
📶
WiFi Network
SSID · Password · QR Code
🪪
Personal ID
Passport · NI · DOB
📡
SIM Card
PIN · PUK · Carrier
🏢
Company
Reg · VAT · Director
🪪
Business Card
Name · Role · Phone · Share
📍
Address
Full address + Maps · GPS fill
📷
Document Photos
Camera · Gallery · Encrypted
📝
Secret Note
Encrypted · Monospace
🔔
Subscription
Service · Cost · Renewal · OTP
Custom
Your fields. Your order. Drag & drop.

Your digital life, one secure vault.

Free to download on Android. All core features included — no subscription required. Your credentials stay on your device, encrypted with keys only you hold.

📥 Get it on Google Play 🏠 Visit ThingSmart.co
nextvault