Privacy-first mobile security toolkit to analyze suspicious links, strip metadata from media/documents, and auto-blur sensitive text in screenshots β designed to run mostly on-device.
Project by ArkQube.
Active development. APIs, UI, and scoring heuristics may change.
- Link Shield: unwraps shortened URLs, removes trackers, classifies links, and computes a multi-signal trust score.
- Media Scrubber: reads and removes metadata from images, PDFs, and DOCX locally.
- Privacy Blur: on-device OCR + rules/learning to detect and blur sensitive text in screenshots.
- Demo video: (coming soon)
- Screenshots: (coming soon)
If you add images later, a common pattern is:
  
- Motivation
- Core Features
- Architecture & Tech Stack
- Project Structure
- Setup & Development
- Privacy & Permissions
- Technical Deep Dive (optional)
- Changelog
- License
In todayβs digital landscape, users frequently share links and media without knowing the hidden risks:
- Shortened URLs (e.g., bit.ly) obscure the true destination of a link, often masking phishing attempts or malware downloads.
- Media files (photos/videos) can contain EXIF metadata (GPS coordinates, device model, software versions).
- Documents (PDF/DOCX) can embed author/company metadata.
- Screenshots may contain sensitive information (emails, phone numbers, IDs, addresses) that users unknowingly share.
Seycure addresses these with three modes:
| Mode | Purpose |
|---|---|
| Link Shield | Sandboxed environment to unwrap, classify, score, and safely preview URLs |
| Media Scrubber | Local tool that reads, displays, and strips metadata from images, PDFs, and DOCX files |
| Privacy Blur | OCR-based scanner that detects and auto-blurs sensitive text in screenshots |
The Link Shield acts as a secure quarantine zone for URLs. It combines multiple analysis layers to give users a clear picture of a linkβs safety before they open it.
URL input methods
- Paste a URL
- Scan a QR code (camera) via
html5-qrcode(includes hardware camera zoom slider via WebRTC) - Select a QR image from gallery (decoded locally)
What it does
- Removes tracking parameters (UTM + many common trackers)
- Detects & resolves shortened URLs
- Assesses file-extension risk (e.g.,
.apk,.exe,.zip) - Classifies links into categories (e.g., Gambling, Adult, Education, Government)
- Computes a multi-signal trust score
- Optional Google Safe Browsing check via Cloudflare Worker proxy
- Safe preview using a sandboxed
iframe
Strips metadata locally from:
- Images (EXIF)
- PDFs (Author/Title/Producer/etc.)
- DOCX (docProps metadata)
Also supports anonymous export + renaming (e.g. ArkQube_[timestamp]_[random-hash].[ext]) and sharing via native Android share sheet.
On-device OCR (Google ML Kit) + rule-based detection that:
- Detects sensitive text patterns (IDs, phones, emails, bank details, etc.)
- Applies automatic blur
- Includes a manual blur editor
- Learns from user corrections over time (always-blur / never-blur + app layout memory)
Seycure uses a hybrid web-to-native architecture combining React with Android via Capacitor. The app is offline-first and aims to keep processing on-device.
flowchart TD
App["π± Seycure App<br/>React / Vite / Capacitor"]
subgraph LinkShield ["π Link Shield"]
InputURL{"URL Input"}
Clean["Tracker Removal<br/>30+ params stripped"]
Classify["Hybrid Classifier<br/>13 categories, 4 signals"]
TrustScore["Trust Scorer<br/>15 signals, earn-based"]
LocalCheck["Local Heuristics<br/>IPs, TLDs, Phishing"]
RDAP["rdap.org API<br/>Domain Age & Identity"]
CORS["allorigins.win<br/>Redirect Tracer"]
CFWorker["Cloudflare Worker<br/>Edge Proxy"]
GSB[("Google Safe<br/>Browsing DB")]
InputURL --> Clean --> Classify --> TrustScore
TrustScore --> LocalCheck
TrustScore --> RDAP
Clean --> CORS
LocalCheck -->|"Optional Deep Scan"| CFWorker
CFWorker -->|"Hashed Threat Check"| GSB
end
subgraph MediaScrubber ["πΌοΈ Media Scrubber"]
InputMedia{"Image / PDF / DOCX"}
ExifParse["exifr / pdf-lib / jszip<br/>Extract Metadata"]
CanvasApp["Canvas Redraw / XML Strip<br/>Destroy Metadata"]
FileSystem["Capacitor FileSystem<br/>Anonymous Export"]
InputMedia --> ExifParse --> CanvasApp --> FileSystem
end
subgraph PrivacyBlur ["π Privacy Blur"]
InputScreenshot{"Screenshot Upload"}
OCR["ML-Kit OCR<br/>On-Device Text Recognition"]
PatternMatch["Pattern Detector<br/>Email, Phone, IDs"]
BlurEngine["Gaussian Blur Engine<br/>Canvas-based"]
Export["Share / Save"]
InputScreenshot --> OCR --> PatternMatch --> BlurEngine --> Export
end
App --> LinkShield
App --> MediaScrubber
App --> PrivacyBlur
| Technology | Purpose |
|---|---|
| React 18 + TypeScript | UI framework + type safety |
| Vite 7 | Bundler / dev server |
| Shadcn UI + Vanilla CSS | UI components + styling |
| Lucide React | Icons |
exifr |
EXIF parsing |
html5-qrcode |
QR scanning |
pdf-lib |
PDF metadata read/write |
jszip |
DOCX parsing/modification |
| Technology | Purpose |
|---|---|
| Capacitor v6 | Web-to-native bridge |
@capacitor/share |
Native share sheet |
@capacitor/filesystem |
Device storage |
@capacitor/app |
App lifecycle |
@capacitor/preferences |
Persistent local storage |
| Google ML Kit | On-device OCR |
| Technology | Purpose |
|---|---|
| Cloudflare Workers | Edge proxy |
| Google Safe Browsing API | Threat database lookup |
Note: The core app logic (RDAP checks, metadata scrubbing, classification, trust scoring, OCR) is designed to run on-device. The Worker is only needed for Google Safe Browsing API access.
.
βββ app/ # Main frontend + native bridge
β βββ android/ # Native Android project (Capacitor-generated)
β βββ public/ # Static assets (logo, icons)
β βββ src/
β β βββ components/
β β βββ hooks/
β β βββ lib/
β β βββ App.tsx
β β βββ index.css
β βββ capacitor.config.ts
β βββ package.json
β βββ vite.config.ts
β
βββ worker/ # Cloudflare Worker proxy (optional)
β βββ src/
β β βββ index.ts
β βββ package.json
β βββ tsconfig.json
β βββ wrangler.toml
β
βββ README.md
- Node.js v18+
- Android Studio (Ladybug+ recommended)
- Java JDK v17+
- (Optional) Cloudflare Wrangler CLI:
npm i -g wrangler
cd app
npm install --legacy-peer-deps
npm run devcd app
npm run build
npx cap sync androidThen open app/android in Android Studio and run on an emulator/device.
cd worker
npm install
npx wrangler kv:namespace create GSB_CACHE
npx wrangler deploy
npx wrangler secret put GOOGLE_SAFE_BROWSING_API_KEYWorker endpoints:
| Endpoint | Method | Description |
|---|---|---|
/check?url=<target> |
GET | Full check (cache β coalesce β batch β rate limit) |
/redirects?url=<target> |
GET | Redirect chain tracer (up to 10 hops) |
/stats |
GET | Health check + metrics |
/ |
POST | Legacy raw Safe Browsing proxy |
Seycure processes everything on-device wherever possible.
| Permission | When Requested | Why Required |
|---|---|---|
CAMERA |
QR Code Scanner | Camera access for scanning |
READ_MEDIA_IMAGES |
Media Scrubber / Privacy Blur | Select images for scrubbing or OCR |
READ_EXTERNAL_STORAGE |
Legacy Android support | File access on Android < 13 |
Network requests made:
allorigins.winβ resolving shortened URLs and fetching page titlesrdap.orgβ public domain WHOIS/RDAP data- Cloudflare Worker β Google Safe Browsing queries only (optional)
No user media, browsing history, or personal data is uploaded or stored off-device.
Link classification: 4-signal hybrid model + categories
A zero-latency classifier that categorizes URLs using priority-ordered signals:
Signal 1: TLD pattern β confident? β return category
Signal 2: Domain keywords β match? β return category
Signal 3: Page title keywords β match? β return category
Signal 4: Known domain list β found? β return category
Result: Unknown
Trust score: earn-based multi-signal scoring
The trust score starts at 0 and earns/loses points from multiple signals (domain age, HTTPS, entropy, redirect detection, suspicious TLDs, etc.).
Worker scaling architecture (KV cache + coalescing + batching + rate limits)
flowchart LR
User["π± App Request"] --> RL{"Layer 4<br/>Rate Limit"}
RL -->|"Allowed"| KV{"Layer 1<br/>KV Cache"}
RL -->|"429"| Block["Rate Limited"]
KV -->|"Hit"| Return["β
Cached Result<br/><10ms"]
KV -->|"Miss"| Coal{"Layer 2<br/>Coalesce"}
Coal -->|"Existing"| Wait["Await Shared Promise"]
Coal -->|"New"| Batch{"Layer 3<br/>Batch API"}
Batch -->|"50ms window"| Google["Google Safe Browsing<br/>1 call for N URLs"]
Google --> WriteKV["Write to KV Cache"]
WriteKV --> Return
Wait --> Return
- Massive update to Privacy Blur detection engine (15+ new patterns)
- Strict-by-default blurring policy (10+ digit numbers blur unless strongly identified as safe references)
- Swipe navigation gestures between the 3 main tabs
- QR Code Scanner hardware camera zoom slider via WebRTC
- 4-priority learning pipeline in OCR (user rules β app memory β built-in patterns)
- Learned rules settings UI + spatial memory
- KV cache + in-memory coalescing + batch API calls + per-IP rate limiting
- Earn-based trust score + hybrid link classifier + warning modal
- Privacy Blur mode + manual blur editor
- PDF/DOCX metadata clearing
- Link Shield + Media Scrubber + QR code scanning
Proprietary / All Rights Reserved.
Copyright (c) ArkQube.
You may not copy, modify, distribute, or use this software without explicit permission from the author.