Hypatia is the world’s first FOSS malware scanner for Android. It is powered by ClamAV style signature databases.
Looking for a Maintainer ! Please consider to apply to keep this app maintained !
hmm two projects already, damn that is getting bad, reminds me I have bookmarked the tails apps one that does metadata removing I should look at it at some point.
Tbh the biggest problem I have is the limited knowedlge (in this one I dont have the java skills/android development yet) and usually lack of time or consistency of such, if active maintaner for example, nope can only do weekly basis which if this is considered active then… Yeah
It’s also that I don’t want to disrupt time with my blog and stuff like that.
Does anybody use LoveLaceAV as fork of Hypatia FOSS malware scanner and what are your findings of using the app?
More info on LoveLaceAV
For my kids I used to use Bitdefender on their Samsung android phone, but I want to replace bitdefender due to nearing the end of the paid subscription.
1 Like
This is probably off-topic but I’m curious what your reasoning for requiring an AV on Android is? The only situation I’d imagine it might be worth using is if they’re installing apps from untrustworthy sources. Otherwise they tend (perhaps LoveLaceAV/Hypatia are an exception) to be privacy-invasive, increase system resource usage, and in some cases may increase attack surface.
4 Likes
Hypatia had support to flag malicious links seen on screen.
Hypatia is completely on device.
Was quite efficient considering it again was completely on device.
Since it only checked split strings or calculated whole file hashes and was in Java at most it’d likely just be a DoS.
2 Likes
Yeah I assumed Hypatia would be better cause it was from Divest, I was mostly talking about things like Bitdefender and their mainstream competitors like Kaspersky.
1 Like
One of my kids likes/liked to click on ads or many seemingly “important” messages and with installing he always clicks yes on his windows laptop (where he has no admin rights) and also on his Samsung phone.
He had malware for three times on his Samsung android and with bitdefender there was a block on visiting malicious sites through links/ads and there was a block on installing malicious apps/games also through Google playstore.
With Bitdefender Central I could see what kind of messages bitdefender had given for which malicious sites, for each of my kids.
Now the kids are getting older and hopefully smarter 
, so I want to stop using and paying for an AV like bitdefender, but it could be nice to have a kind of block on malicious android things/apps/sites/links. On windows they will use Defender.
Offtopic: For myself I’m using a pixel 9 with GOS and I’m in the process of switching from windows 10 to a Linux version.
1 Like
layers are your friend
- Safe Browsing enabled in all browsers
- uBlock Origin in all browsers
- Rethink for system wide ad/malware blocking
- AdGuard/PiHole/etc for network wide ad/malware blocking
- set your DNS to ZERO — Hardened security for highly sensitive environments — dns0.eu
3 Likes
Would it be unsafe to continue using Hypatia in the way that continuing to use an unmaintained browser would be unsafe due to unpatched security issues over time?
I assume the signature databases probably won’t be updated for Hypatia anymore, so using it will get less and less reliable over time since you’ll be still using signatures from Q1 2025.
Hypatia only used the network connection to update the signature databases (so you could still use it without network permission, if these databases will not be updated anymore anyways) and doesn’t need to load JavaScript etc. from theoretically any existing website, so it shouldn’t be as much of a security risk as using an outdated browser.
The signatures aren’t even available, I pulled them from my server in January.
They were last generated on like December 22nd.
I gave the full/raw dump to MaintainTeam and to steadfasterX and they are both hosting their own databases now. Although only sfX is also providing the domain database. Sadly neither are providing the complete 45m signature extended database.
sfX documents them here: LoveLaceAV – The AXP.OS Project
I don’t think either of the two forks have made significant code changes to Hypatia.
1 Like
I just refreshed it, still comes out with more entries than the others: https://divested.dev/MalwareScannerSignatures/
Thanks for your suggestions!
I know some games will not work when ads are blocked, but I will try your suggestions and see what works. Nothing is more frustrating then frustrated kids that can not play their favourite game for the day 