Why Trust SentinelPrivacy

Security software you cannot inspect is a promise, not a guarantee. SentinelPrivacy publishes its full source code so you can verify every claim independently. Read it at github.com/ElXavi07/sentinel-android.

There are no HTTP clients, no analytics SDKs, no telemetry, no DNS lookups. The only outbound communication is an SMS reply to a number you explicitly configured, and only when you trigger it yourself. Search every Java file in the repository to confirm.

The audit log, device posture report, baseline snapshot, and SMS keyword hash all live exclusively in on-device private storage. Nothing is transmitted, uploaded, or synced. android:allowBackup="false" is set in the manifest, so app data cannot be extracted by any backup tool.

SentinelPrivacy includes a full decommission protocol that clears every Device Policy Manager restriction, relinquishes Device Owner, and self-removes. The UI requires typing DECOMMISSION verbatim before anything executes. A malicious app would not include this.

Every root command is a discrete shell call. There is no background root daemon. Every root invocation lives in a single file, RootShell.java, that anyone can read.

The SHA-256 signing certificate fingerprint for every release is published in SIGNING.md. Run the command below to verify your APK was built from the published source and not tampered with.

$ apksigner verify --print-certs SentinelPrivacy-v1.0.8.apk

The Trust & Transparency Whitepaper documents every security control, what it does, how it is implemented, and which threat it was built to address. 28 features. No vague marketing.