Nightly APK build.

DuckDetector is an Android security inspection app focused on local, device-side evidence collection for root-related tampering, runtime hooking, mount manipulation, attestation trust, and virtualized execution environments. The project combines a Jetpack Compose UI, modular Kotlin feature packages, and native C++ / assembly probes to surface detector cards with structured findings, method coverage, and scan-state summaries. Highlights - Modular detector architecture with feature-specific repositories, mappers, view models, and card UIs. - Native startup preload through a transparent NativeActivity launcher for early mount and virtualization evidence collection. - Native runtime probes implemented in C++ and arm64 assembly where timing, syscall, or mount visibility matters. - Cross-process and isolated-process consistency checks for stronger runtime validation. - Dashboard aggregation with per-detector status, top findings, loading states, and detailed drill-down cards. - Mostly local, offline inspection. Network access is only used when the user allows online TEE revocation checks in Settings. Detector Modules The app includes these major detector areas: - Bootloader Checks bootloader unlock state and related security posture. - Custom ROM Checks ROM fingerprints, platform-file fallbacks, and ROM indicators. - Dangerous Apps Corroborates installed apps against known risky packages. - Kernel Check Looks for kernel build and runtime consistency signals. - LSPosed Checks for Java-side and native LSPosed or Xposed runtime evidence. - Memory Looks for runtime hook residue, suspicious mappings, and loader visibility. - Mount Inspects mount tables, mount consistency, startup preload findings, overlay signals, and namespace anomalies. - Native Root Checks native root-runtime traces, corroborated residue paths, and low-level system anomalies. - Play Integrity Fix Checks property spoofing and related runtime consistency signals. - SELinux Checks SELinux mode, policy, audit integrity, and context consistency. - SU Checks root binaries and runtime root-context indicators. - System Properties Checks property consistency, native snapshots, and raw property-area residue. - TEE Checks key attestation, certificate chain analysis, revocation, StrongBox, and RKP signals. - Virtualization Checks emulator, guest, translation, host-app, consistency, and honeypot evidence. - Zygisk Checks Zygisk state, FD traps, linker residue, and cross-process evidence. Supporting areas like dashboard, settings, and deviceinfo provide aggregation, user controls, and device context. License Apache 2.0