Spectre
github.com/thomasbuilds/SpectreA radio frequency scanner app for Android with recon and offensive capabilities.
- Homepage: github.com/thomasbuilds/Spectre
- GitHub: github.com/thomasbuilds/Spectre
- Android App: play.google.com/.../dev.thomasbuilds.spectre
- Web info: web-check.xyz/check/github.com
Spectre Source Code
Author
Description
Radio frequency scanner with recon and offensive capabilities
Homepage
License
GPL-3.0
Created
23 May 26
Last Updated
13 Jul 26
Latest version
Primary Language
Kotlin
Size
1,304 KB
Stars
26
Forks
5
Watchers
26
Language Usage
Star History
Top Contributors
-
@thomasbuilds (105)
-
@dependabot[bot] (9)
-
@g-maxxx (1)
Recent Commits
-
Thomas (13 Jul 26)
Add F-Droid in README.md
-
Thomas (11 Jul 26)
Remove foojay JDK auto-download machinery
-
Thomas (11 Jul 26)
Release 0.1.2
-
Thomas (11 Jul 26)
Silence unused-expression warnings in empty when branches
-
Thomas (09 Jul 26)
Add F-Droid changelog for 0.1.2
-
Thomas (09 Jul 26)
Fix ktlint formatting in WifiCapabilities
-
Thomas (09 Jul 26)
Move the skeleton shimmer to the draw phase Reading the infinite transition's alpha during composition recomposed every warming card's scope at the animation rate. SkeletonBar now takes the State and reads it inside graphicsLayer, so the shimmer only invalidates the layer.
-
Thomas (09 Jul 26)
Harden Wi-Fi scanning and fix capability parsing Run the heartbeat and registration seed on the scan-callback executor so every apCache mutation is single-writer, which closes a lost-update race where the stale write-back could revert a concurrent scan's fresh data. Synchronize stop() with maybeRegister() in both the Wi-Fi and GNSS scanners so an in-flight registration can't complete after teardown, and guard the scan loop with the stopped flag. Parse security per capability bracket group and key the WPA2 badge on the group's PSK/EAP AKMs: the WPA2/RSN prefix alone also fronts WPA3-only (SAE) and OWE groups, which showed a phantom WPA2 label. Map 320 MHz channel width, move the 6 GHz band boundary to 5925 MHz with channel 2 at 5935, and clamp negative FTM distances from measurement noise.
-
Thomas (09 Jul 26)
Harden Bluetooth scanning and GATT inspection Require fine location in the scanner's permission check (BLUETOOTH_SCAN is declared without neverForLocation, so scans need it anyway), key the signal cache on advertisement content so payload rotations at steady RSSI refresh the details, and run all scheduled work on one serial lane so publishNow is single-writer. Match GATT read responses to the queued characteristic instance before disarming the read timeout: a late response for an already-timed-out read could strip the in-flight read's safety net and hang the inspection, and same-UUID characteristics now keep distinct values. Clear a pending write when a new inspection supersedes it, gate advertising support on the advertiser's existence rather than the multi-advertisement feature, decode Tx Power Level, and trim the NUL padding devices put in fixed-size string characteristics.
-
Thomas (09 Jul 26)
Fix cellular band mapping, neighbor identity, and monitor lifecycle Map UARFCN to frequency through a per-band offset table (TS 25.101) instead of N/5, which displayed UMTS-900 near 600 MHz; LTE, WCDMA, and GSM now share one band-table mechanism. Key cells that lack a cell id by PCI/PSC/BSIC and channel so distinct neighbors no longer overwrite each other in the cache or drop out of the exposure sum. Sync subscriptions on every heartbeat so a partial registration or a data-SIM move heals within a tick and the DisplayInfo listener follows the data SIM, and guard the subscription listener with the stopped flag. Expire towers in publishNow rather than on ingest so they age out even when the radio goes silent, with a conditional remove that spares a concurrently refreshed cell, and reject LTE RSSI readings below RSRP.
-
dependabot[bot] (08 Jul 26)
Bump kotlin to 2.4.0
-
Thomas (08 Jul 26)
Use the linked CodeQL bundle for Kotlin 2.4.0 support
-
Thomas (07 Jul 26)
Harden scanner lifecycle and simplify readiness tracking Guard every scanner's register/scan path with a stopped flag so an in-flight heartbeat tick cannot re-engage a radio after stop(). Cache the GNSS measurement capability instead of a binder call per status epoch, seed the phone position from the last known fused fix so satellite geometry renders immediately, label below-horizon satellites instead of dropping the row, and use the geosynchronous mean altitude for QZSS. ReadinessTracker loses its staleness window: once a source has delivered data, an empty result now reads as "nothing there" rather than reverting to the warming-up skeleton.
-
Thomas (07 Jul 26)
Fix scanner recovery after a late permission grant A permission granted while the service runs never re-invokes start(), so the GNSS and Wi-Fi callbacks stayed unregistered until process death. The heartbeat now retries registration. Also gate published satellites on status callback recency, a silent GNSS chip would otherwise keep its last delivery on screen as live data forever.
-
Thomas (07 Jul 26)
Simplify GNSS scanner code Replace the nested band-name when with a declarative frequency table and compress the scanner's collection, formatting, and registration code. No behavior change.
-
Thomas (07 Jul 26)
Fix BeiDou orbit classification PRNs C13 and C16 are BDS-2 IGSO and C59-C63 are BDS-3 GEO, all at 35786 km, while C41-C46 are BDS-3 MEO. The old ranges gave those thirteen satellites the wrong altitude, putting displayed slant range and sub-satellite position off by roughly 14000 km.
-
Thomas (07 Jul 26)
Use the monotonic clock for staleness and interval timing System.currentTimeMillis() jumps with NTP corrections and manual time changes, which can make stale scan data pass freshness checks or expire fresh data early. Every converted site measures elapsed intervals on in-memory state, so SystemClock.elapsedRealtime() is the correct base.
-
Thomas (06 Jul 26)
Make release builds reproducible for F-Droid F-Droid rebuilds from source and verifies the result byte-for-byte against the released APK, so the release build must be deterministic across machines. Two AGP defaults broke that: - vcsInfo include=false: AGP embeds the git commit into META-INF/version-control-info.textproto. The release is built before its own commit exists, so that revision never matches the tag F-Droid checks out. Only Google Play consumes this field. - keepDebugSymbols for all .so: bundled dependency libraries get stripped only when the build machine has an NDK, which F-Droid's does not. Shipping them unstripped makes the APK identical either way, at a cost of about 10 KB.
-
Thomas (05 Jul 26)
Update release script - Let GitHub create the tag when the draft release is published, so the tag and its APK become visible to F-Droid together - Guard against reusing an existing remote tag, which gh release create silently attaches to while ignoring --target - Check the YubiKey is reachable over PKCS#11 before building, with one retry for pcscd cold starts - Verify every split APK signature against the release certificate - Delete a previous run's output artifacts before signing - Filter bundletool JVM deprecation noise, real errors still surface - Correct the PKCS#11 module install hint to opensc-pkcs11
-
Thomas (05 Jul 26)
Add F-Droid and Accrescent distribution support
-
Thomas (05 Jul 26)
Replace deprecated GNSS onStatusChanged with GnssCapabilities
-
Thomas (03 Jul 26)
Move icon and banner into metadata/en-US/images
-
dependabot[bot] (02 Jul 26)
Bump composeBom to 2026.06.01
-
g-maxxx (01 Jul 26)
Create icon.png
-
dependabot[bot] (30 Jun 26)
Bump spotless to 8.8.0
-
dependabot[bot] (27 Jun 26)
Bump gradle-wrapper to 9.6.1
-
Thomas (26 Jun 26)
Mark GNSS range rate unavailable on devices without clock drift
-
Thomas (26 Jun 26)
Add range rate, ephemeris, and almanac to GNSS glossary
-
Thomas (26 Jun 26)
Fix tap ripple on detail rows, settings, and sponsor tiles
-
Thomas (26 Jun 26)
Expand GNSS per-satellite dropdown Add to each satellite's detail dropdown: - Range rate: line-of-sight closing speed from raw GnssMeasurements, corrected for receiver clock drift and labelled approaching or receding. Cached per satellite with a timestamp so a stale reading falls back to "Pending" rather than lingering as the satellite moves. - Ephemeris and almanac data flags, which indicate a satellite's lock state. Move elevation out of the row header into the dropdown alongside azimuth, and drop the standalone "Used in fix" row since the per-band "in fix" marker already conveys it. Broaden band-name coverage to Galileo E5 and E6, GLONASS L3, BeiDou B2b, QZSS L2 and L6, and the NavIC and SBAS constellations.
Spectre Reviews
More Mobile Apps
-
Lets you use CloudFlares fast and secure 1.1.1.1 DNS, with DNS over HTTPS, and also has the option to enable CloudFlares WARP+ VPN.
-
Android Firewall+ (AFWall+) is an advanced iptables editor (GUI) for rooted Android devices, which provides very fine-grained control over which Android apps are allowed to access the network. Get from F-Droid
-
This application blocks ads and trackers, doesn't require root and works for all the apps on your Android phone. Check out how it works here.
-
Gives you the ability to grant permissions temporarily, so that you could for example use the camera to take a profile picture, but when you close the given app, those permissions will be revoked.
-
Prevent background processes gaining unauthorized access to your devices camera. Better still, use a webcam sticker.
Not Open Source -
Simple tool, that compares SHA-1 fingerprints of the the SSL certificates seen from your device, and the certificate seen from an external network. If they do not match, this may indicate a man-in-the-middle modifying requests.
-
Encrypts files and folders client-side, before uploading them to cloud storage (such as Google Drive, One Drive or Dropbox), meaning none of your personal documents leave your device in plain text.
-
Shows which trackers, each of your installed apps is using, so that you can better understand how your data is being collected. Uses data from the Exodus database of scanned APKs.
-
F-Droid is an installable catalogue of FOSS applications for Android. The client enables you to browse, install, and keep track of updates on your device.
-
A network scanner to help you monitor and secure your WiFi network. The app is totally free, but to use the advanced controls, you will need a Fing Box.
-
Auto-disable Bluetooth, then it is not being used. Saves battery, and prevent some security risks. Get from F-Droid
-
An actively-maintained fork of the Island project with additional enhancements
-
A sandbox environment, allowing you to clone selected apps and run them in an isolated box, preventing it from accessing your personal data, or device information.
-
A firewall app for Android, which does not require root. NetGuard provides simple and advanced ways to block access to the internet, where applications and addresses can individually be allowed or denied access to your Wi-Fi and/or mobile connection.
-
System-wide Tor proxy, which encrypts your connection through multiple nodes. You can also use it alongside Tor Browser to access .onion sites.
-
-
An open-source ad-blocker and firewall app for Android 6+ (does not require root).
-
Prevent background processes taking unauthorized screenshots, which could expose sensitive data.
Not Open Source -
Triggers actions, when certain security conditions are met, such as multiple failed login attempts or monitor settings changed. It does require Tasker, and needs to be set up with ADB, device does not need to be rooted.
-
Makes it possible to entirely freeze all background activities on a per-app basis. Intended purpose is to speed up your phone, and prolong battery life, but this app is also a great utility to stop certain apps from collecting data and tracking your actions while running in the background. See on F-Droid
-
Monitor and control hidden data collection in mobile apps about user behavior/ tracking. Get from F-Droid
-
Simple to use privacy manager for Android, that enables you to feed apps fake data when they request intimate permissions. Solves the problem caused by apps malfunctioning when you revoke permissions, and protects your real data by only sharing fake information. Enables you to hide call log, calendar, SMS messages, location, installed apps, photos, clipboard, network data plus more. And prevents access to camera, microphone, telemetry, GPS and other sensors.
About the Data: Spectre
Change History
- Added #652
API
You can access Spectre's data programmatically via our API. Simply make a GET request to:
https://api.awesome-privacy.xyz/v1/services/spectre The REST API is free, no-auth and CORS-enabled. To learn more, view the API Docs or read the API Usage Guide.
Share Spectre
Help your friends compare Mobile Apps, and pick
privacy-respecting software and services.
Share Spectre and Awesome Privacy with your network!