Shredder is a high-security Android application designed to safely delete files, folders, and wipe unused space. It provides a highly defensive security posture by gating access behind device locks and biometric credentials, shielding critical system files from accidental shredding, and offering a dual-layered "Nuclear Option" (Full Factory Reset).
Shredder is engineered to mitigate specific security threats while operating under the sandboxed constraints of the Android platform:
- Threat 1: Device Loss / Physical Theft
- Mitigation: Shredder gates access app-wide. If an attacker gains physical possession of an unlocked phone, they cannot open Shredder to inspect sensitive hidden files or run destructive actions without a secondary biometric/PIN challenge.
- Threat 2: Post-Deletion Forensic Recovery
- Mitigation: Shredder overwrites target blocks with pseudo-random and structured bit-patterns prior to unlinking. This prevents basic undelete tools and forensic software from recovering file content from free blocks.
- Threat 3: Metadata / Identity Leakage
- Mitigation: Before deletion, files are renamed to random string identifiers and truncated to
0bytes, erasing trace elements of the original filenames and lengths.
- Mitigation: Before deletion, files are renamed to random string identifiers and truncated to
- Threat 4: Coerced Device Wipe (Emergency)
- Mitigation: The "Nuclear Option" is available to immediately initiate a cryptographic wipe and factory reset if the device's physical security is compromised.
Unlike old magnetic platters where bits were directly overwritten on physical tracks, modern smartphones use Flash-based Solid-State Storage (eMMC/UFS) which operates under fundamentally different mechanics:
- Flash Translation Layer (FTL): Modern storage chips utilize an FTL to map logical blocks to physical NAND flash cells. When a file is overwritten, the storage controller writes the new data to a different physical block (out-of-place writes) and marks the old block as "dirty" to be garbage-collected later.
- Wear Leveling: To prolong storage life, the controller distributes write operations evenly across cells. An in-place overwrite is not physically guaranteed.
- Over-Provisioning: Storage chips maintain hidden sectors for bad block replacement. Sensitive data might reside in these hidden sectors, unreachable by standard file-system APIs.
- Free Space Wiper: Because individual file overwriting can leave orphaned "dirty" blocks in free space, Shredder provides a Free Space Wiper. This creates a continuous stream of temporary wipe chunks and fills the storage partition to its limits (triggering
ENOSPC). The chunk content follows the selected algorithm's first pass profile (commonly random entropy). This pushes the FTL to garbage-collect and rewrite unallocated blocks, reducing residual recovery surface. - Hardware Encryption: Modern Android devices use File-Based Encryption (FBE). For absolute secure deletion of the entire chip, the Nuclear Option (Factory Reset) discards the device's master encryption keys, rendering all physical flash sectors permanently unreadable instant-by-instant.
- Strict Security Posture Enforcement
- If no lock screen credentials (PIN, Pattern, Password, or Biometrics) are configured, Shredder blocks application access. Instead of bypassing or warning via a toast, the app displays a full-screen block and guides the user to System Settings to secure their device first.
- Accidental Destruction Safeguards
- The standard file shredder incorporates path analysis via
DestructiveOrchestratorto automatically block the shredding of critical system folders (like/,/storage/emulated/0,/sdcard,/Android/data, and/Android/obb).
- The standard file shredder incorporates path analysis via
- Dual-Layered Nuclear Option
- To prevent accidental triggers, clicking the Nuclear Option does not immediately launch authentication. Instead, it prompts a high-visibility warning dialog requiring the user to explicitly type the phrase "NUCLEAR WIPE" in a text field. Once typed, the user must then pass a biometric/device credential authentication check before the reset service starts.
- Configurable Multi-Pass Shredding: Implements multiple secure, industry-standard overwrite algorithms with explicit manual
fsyncflushing. - Recursion Guards: The counting and shredding engines track canonical paths to prevent infinite loops from circular symlinks.
- Real-time Log Console: Fully collapsible and memory-sanitized console in the UI. Absolute file paths are never printed to system
logcatto avoid metadata leakage. - Foreground Service Execution: Runs shredding operations in a Foreground Service to prevent the OS from killing the process during intensive disk operations.
- Free Space Wipe Only (Settings): Dedicated operation that writes temporary wipe chunks only inside the app cache path, with live progress, cancel support, and cleanup guarantees.
- Keep-Awake Reliability: While destructive operations run, the app keeps the screen awake in-app and holds a service-level partial WakeLock to reduce pause/throttle risk when the device idles.
Users can customize the secure overwrite sequence to balance performance and security needs:
- Fast (1-pass)
- Sequence: 1 ร Cryptographically strong Random entropy.
- Best use: Recommended for Solid-State Drives (SSDs) and modern flash storage where block-level wear-leveling makes multi-pass schemes less useful.
- Standard (3-pass) (Default)
- Sequence: Random -> Alternating Bit Patterns (
0xAA/0x55) -> Random. - Best use: Excellent, general-purpose multi-pass balance.
- Sequence: Random -> Alternating Bit Patterns (
- DoD 5220.22-M (7-pass)
- Sequence: Zeros (
0x00) -> Ones (0xFF) -> Random -> Pattern0x96-> Zeros (0x00) -> Ones (0xFF) -> Random. - Best use: Fully compliant with the United States Department of Defense specifications for secure overwrite media sanitization.
- Sequence: Zeros (
- Schneier (7-pass)
- Sequence: Zeros (
0x00) -> Ones (0xFF) -> 5 ร Random passes. - Best use: Bruce Schneier's highly acclaimed algorithm combining block boundary limits with high-entropy cryptographic randomization.
- Sequence: Zeros (
- Gutmann (35-pass)
- Sequence: 4 ร Random -> 27 structured alternating pattern passes targeting raw magnetic sector encoding -> 4 ร Random.
- Best use: Legacy sanitization standard originally formulated for magnetic disk media. Warning: Extremely slow on large files due to extensive I/O passes.
A dedicated Settings Screen is accessible from the top toolbar's gear button, allowing users to:
- Select active algorithms: Instantly switch between Fast, Standard, DoD, Schneier, and Gutmann algorithms.
- Gutmann Warning: A prominent warning banner is displayed next to the Gutmann option to alert users of the performance penalty (
โ ๏ธ Extremely slow โ 35 passes). - Preferences Persistency: Selected algorithms are persisted across application restarts using the device's standard private
SharedPreferencesvia theShredderPreferenceshelper. - Dynamic Progress Feedback: The progress label dynamically transitions from percentage to real-time
Pass X of Y (Pass Label)info tracking based on the selected algorithm's length.
MANAGE_EXTERNAL_STORAGE(All Files Access): Required on Android 11+ to browse and securely shred user-selected files on shared storage.WRITE_EXTERNAL_STORAGE: Legacy permission required on Android 10 and lower.POST_NOTIFICATIONS: Required on Android 13+ to display the ongoing shredding progress notification.WAKE_LOCK: Required so the foreground service can hold aPARTIAL_WAKE_LOCKduring long-running shredding and wipe operations.- Device Administrator (
DevicePolicyManager): Required to obtain privileges for thewipeData(0)API to execute the Nuclear Option.
Ensure your phone has a secure PIN, pattern, password, or biometrics configured.
On start, the app will request the necessary storage permissions.
- Android 11+: Grant the "All Files Access" setting when prompted.
- Android 10-: Accept the standard runtime permission.
- Tap the Settings (Gear) icon in the top toolbar.
- Review and select your preferred secure erasure algorithm.
- Tap the Device Admin (Shield) icon in the top toolbar.
- Follow the system prompt to activate Secure Shredder as a Device Administrator.
- Navigate the directory tree using the built-in file explorer.
- Select files and folders using the checkboxes.
- Tap the Trash Icon to review total size/count, then confirm to shred.
- Open Settings.
- In Free Space Wipe, review warnings and tap Start Free Space Wipe.
- Confirm acknowledgement in the dialog and start the session.
- Track progress in-app and in notification; use Cancel Wipe (or notification cancel action) to stop safely.
Safety guarantees for this mode:
- Wipe artifacts are created only under the app external cache wipe directory (for example
Android/data/<package>/cache/free_space_wipe/<sessionId>/). - Cleanup never enumerates or deletes outside this wipe directory (canonical path-guarded).
- Temporary wipe files are securely cleaned (rename -> truncate to
0->fd.sync()-> delete). - This mode is independent from Nuclear Option and never calls
DevicePolicyManager.wipeData().
- Android SDK: targetSdk 36, minSdk 24
- Language: Kotlin 2.2.10
- UI Framework: Jetpack Compose
- Build System: Gradle Kotlin DSL (
.kts)
- Operational Keep-Awake Hardening: Added in-app
FLAG_KEEP_SCREEN_ONduring active destructive operations and a service-levelPARTIAL_WAKE_LOCKlifecycle for long-running tasks. - Secure Temp Wipe Cleanup: Free-space wipe and legacy free-space teardown now securely clean temporary wipe artifacts using metadata-minimizing deletion flow.
- Improved Free Space Wipe Telemetry: Added dedicated free-space status/progress messaging for writing, cleanup, completion, cancellation, and failure states.
- Configurable Overwrite Algorithms: Choose from Fast (1-pass), Standard (3-pass), DoD 5220.22-M (7-pass), Bruce Schneier (7-pass), and Peter Gutmann (35-pass) algorithms.
- Hardened Danger Zone in Settings: Removed the highly destructive "Nuclear Option" and "Device Admin" buttons from the main screen's top app bar to prevent accidental triggers. They are now cleanly isolated within a dedicated, red-bordered "Danger Zone" card at the bottom of the Settings screen.
- State-Preserving Navigation: Replaced inline screen-switching logic with a unified, type-safe
AppScreenenum-driven state. This guarantees that your current directory level, file selections, and search/sort queries survive transitions to the Settings or About screens and back. - Fully Clickable About Screen Links: Wrapped both the labels (e.g. "Website:") and URLs in unified clickable rows with underlined styling and primary color highlights, increasing click target accessibility.
- Contextual Back-Button Interception: Registered a standard Compose
BackHandlerthat contextually intercepts the system back buttonโnavigating up parent directories in the file browser or returning to the browser from secondary screensโwithout abruptly exiting the app unless you are at the storage root. - Dead Code Cleanup: Eliminated unused legacy
Shredder.ktfile for better project maintainability.
Disclaimer: Data deleted with Shredder is IRREVERSIBLE. Use with caution.