CleanSlate Backend is a Java-based application designed to support the CleanSlate platform, enabling users to remotely wipe their devices in case they are lost or stolen. The backend is implemented using Spring Boot and comes with an associated Docker image for easy deployment.
- Remote Device Wipe: Provides secure APIs to initiate remote factory resets on devices.
- No Personal Data Collection: Prioritizes user privacy by not storing any personal information.
- Secure Communication: Ensures data is transmitted securely using industry-standard protocols.
- Containerized Deployment: Offers a pre-configured Docker image for rapid deployment.
Before you begin, ensure you have the following installed:
- Java 11 or higher
- Maven 3.6 or higher
- Docker
- Git
git clone https://github.com/khalifarsm/botox-web.git
cd botox-webUse Maven to build the project:
mvn clean installRun the application locally using the Spring Boot plugin:
mvn spring-boot:runThe backend will be accessible at http://localhost:8200.
If you need to build the Docker image:
docker build -t <your-dockerhub-username>/cleanslate-backend .Alternatively, pull the pre-built image from GitHub Container Registry:
docker pull ghcr.io/khalifarsm/botox:masterStart the container using:
docker run -d -p 8200:8200 --name cleanslate-backend ghcr.io/khalifarsm/botox:masterAPI documentation is available at /swagger-ui.html once the backend is running. It provides detailed information about available endpoints and their usage.
The backend can be configured using the following environment variables:
| Variable | Description | Default Value |
|---|---|---|
SERVER_PORT |
Port for the backend server | 8200 |
DATABASE_URL |
JDBC URL for the database | jdbc:h2:mem:testdb |
LOGGING_LEVEL |
Logging level for the app | INFO |
You can also provide an external configuration file by mounting it as a volume in Docker or specifying the --spring.config.location property when starting the application.
The CleanSlate application ensures a high level of security and privacy for user data. To enhance security, we have replaced Firebase FCM with secure WebSocket communication, implemented a wipe token system, ensured that remote wipe commands are decryptable only by the application, added advanced in-app logging for remote commands, and enforced user confirmation before any wipe action can be executed.
| Feature | Status |
|---|---|
| Implement a wipe token: Each user should generate a local-only encrypted token during setup, used to validate remote wipe requests. This token is never stored on your server. | ✅ Complete |
Strip debug metadata before production (minifyEnabled true and remove DebugProbesKt.bin). |
✅ Complete |
| Make remote wipe command decryptable only by the app (client-side). | ✅ Complete |
| Show clear user onboarding before enabling Device Admin, explaining its impact. | ✅ Complete |
| Disable Firebase Analytics and tracking features in production. Replaced with secure WebSocket. |
✅ Complete |
| Provide an activity log within the app to show received remote commands. | ✅ Complete |
| Use self-hosted FCM alternatives (like ntfy.sh) or open-source push systems if needed. Replaced with secure WebSocket. |
✅ Complete |
| Ensure app cannot silently wipe without visible confirmation unless explicitly set by user. | ✅ Complete |
Contributions are welcome! To contribute:
- Fork the repository
- Create a feature branch (
git checkout -b feature/your-feature) - Commit your changes (
git commit -m 'Add your feature') - Push to the branch (
git push origin feature/your-feature) - Open a Pull Request
CleanSlate Backend is licensed under the MIT License. See the LICENSE file for more details.
For questions or support, please contact:
- Email: khalifarsm@gmail.com
- GitHub Issues: https://github.com/khalifarsm/botox-web/issues