Skip to content

ciphernotes

F-Droid

Open source

Client-side encrypted notes that sync across devices.

Version
3.6
Size
3.7 MB
Updated
Jun 30, 2026
Get from Download APK (v3.6)
Signing certificate on record

About this app

Ciphernotes is an end-to-end encrypted notebook that keeps your text safe even when it syncs through the cloud. Every note is encrypted before it leaves your device, so the server only sees ciphertext.

Key features: - Open source backend and frontend so you can self-host or review how your data is handled. - Works completely offline. - Text and files are encrypted before they're synced. - No ads, no trackers, no unnecessary cookies. - No account required for local use. - Syncs immediately across all platforms. - Dark- and Light-Mode. - Todo lists with sub-tasks. - Import and view images and videos. - Import files of any type. - Organize with labels. - Google Keep import. - Export notes as JSON. - Fully keyboard navigatable. - Keyboard shortcuts, open notes with cmd+k or ctrl+k. - Text-editor with multi-cursor support and other shortcuts. - Archive unused notes. - Share encryption key via QR-Code directly from app to app

Ciphernotes is a PWA hosted on https://ciphernotes.com the Android app bundles the assets and serves them locally using a WebView.

Encryption: - Encrypted in transit/storage from the server’s perspective. Notes are decrypted locally, edited locally, then encrypted before sync/upload. - Not encrypted at rest inside the app/device. Local IndexedDB data stores plaintext notes and decrypted file blobs. - Device compromise exposes notes. Malware, physical device access, malicious extensions (web version), or WebView data extraction can read plaintext local data and the key. - Server/operator compromise alone should not expose note contents.

Licensed under AGPL-3.0-only, by Raphael Nußbaumer BSc.

OfficialSignature VerifiedOpen Source

What's New in v3.6

Imported from the F-Droid repository index.

  • block all unneeded domains, bug fixes, disable android auto-backup

Version history

v3.6Latest
Signature continuous

Jun 30, 2026 · 3.7 MB · Android API 2135 · code 9

Imported from the F-Droid repository index.

  • block all unneeded domains, bug fixes, disable android auto-backup
INTERNETCAMERAWRITE_EXTERNAL_STORAGEPOST_NOTIFICATIONScom.ciphernotes.twa.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSIONREAD_EXTERNAL_STORAGE

SHA-256 f30c0760de2b9d780bf4d0704391b684779ed0320367d9b25c731529bd3dcfc6

v3.5
Signature continuous

Jun 9, 2026 · 3.7 MB · Android API 2135 · code 8

Imported from the F-Droid repository index.

  • handle opening of external link not supported
INTERNETCAMERAWRITE_EXTERNAL_STORAGEPOST_NOTIFICATIONScom.ciphernotes.twa.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSIONREAD_EXTERNAL_STORAGE

SHA-256 67c92dc7e65cde65a8ba9508225a025435840bd9ff7d056911107a756f297b8c

v3.4
Signature continuous

Mar 21, 2026 · 3.7 MB · Android API 2135 · code 7

Imported from the F-Droid repository index.

  • fix registration with hcaptcha
INTERNETCAMERAWRITE_EXTERNAL_STORAGEPOST_NOTIFICATIONScom.ciphernotes.twa.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSIONREAD_EXTERNAL_STORAGE

SHA-256 3312481872f31454ca4a1627d5ddf63d79ab92ecfde259fe7c78fa791c56d769

Will it run on your device?

CompatibilityLikely to run

78%

  • Runs on a broad range of modern Android versions.
  • ABI coverage is focused on newer 64-bit devices.
  • Aligned with the latest Android target SDK expectations.
What changed in this release
Size delta
0 MB
Added permissions
None
Removed permissions
None

Installation Guide

1

Open Settings on your Android device

2

Go to Security → Unknown sources (or Install unknown apps)

3

Enable "Allow from this source" for your browser or file manager

4

Open the downloaded APK file from your Downloads folder

5

Tap "Install" and wait for installation to complete

6

Launch the app from your home screen

Make sure to re-enable Unknown Sources restrictions after installation for security.

How to install this safely

How to verify the file you downloaded

Before you install anything, confirm the file is the one described here. On a computer, run shasum -a 256 your-download.apk (macOS or Linux) or certutil -hashfile your-download.apk SHA256 (Windows), then compare the output character-for-character with the SHA-256 on this page. If a single character differs, the file is not the build we recorded — delete it.

What the signing certificate proves

Every Android app is signed with a private key that only its developer holds. The fingerprint on this page is a hash of the matching public certificate, and it proves continuity rather than identity: it tells you a build came from whoever signed the earlier ones. Android enforces this at install time — if a package claiming to be com.ciphernotes.twa is signed with a different key, the system will refuse to install it over your existing copy. A fingerprint that changes between releases is worth pausing on, because a repackaged app that has been modified by someone else cannot keep the original signature.

How to roll back to an earlier version

If the current release misbehaves, 3.5 is the last build before it. Android will not install an older version code over a newer one, so you must uninstall ciphernotes first — which clears its local data unless you have a backup. Reinstall the older APK only if its signing fingerprint matches the build you already trust, and check the API range: an older release may target an Android version your device has moved past.

Why we list sources instead of hosting everything

The official store channel is almost always the right choice: it updates automatically and carries the publisher's own distribution guarantees. A direct APK is useful when a device has no store access, when a rollout has not reached your region, or when you need a specific version — and only when the publisher has authorized that copy. APKBrowse does not list pirated, cracked, or unauthorized rebuilds of ciphernotes, and a listing is removed when the evidence for it stops holding up.

Get ciphernotes

Every source we list for com.ciphernotes.twa is legality-reviewed. Pirated or cracked builds are never offered.

Other sources

F-Droid listing

official

F-Droid builds this app from source and signs it. This is its official listing, with older builds and full release notes.

Source code

verified publisher

The upstream repository this build is compiled from.

We check legality and signature continuity, but device behaviour still varies. Install at your own discretion.

App Information

Developer
F-Droid
Category
Productivity
Android
5.0+
Architectures
Version
3.6 (code 9)
Size
3.7 MB
Updated
Jun 30, 2026
Package name
com.ciphernotes.twa

Security Verification

File integrity
SHA-256 recorded
Signing certificate
Fingerprint on record
Official source
Download APK (v3.6)

We record provenance; we do not run malware scans. Verify the hash yourself before installing.

SHA-256 Hash

f30c0760de2b9d780bf4d0704391b684779ed0320367d9b25c731529bd3dcfc6

Signing certificate

bd027ed7778c6dd60164f0540b4ccdade18f55bf5f6f11451397a4e9007f47cd

Permissions Required

INTERNET
CAMERA
WRITE_EXTERNAL_STORAGE
POST_NOTIFICATIONS
com.ciphernotes.twa.DYNAMIC_RECEIVER_NOT_EXPORTED_PERMISSION
READ_EXTERNAL_STORAGE

Previous Versions

Signature verified

The signing certificate fingerprint for this release is on record, so a build that does not match it did not come from this publisher.

Report a problem with this listing

A listing is only as good as its corrections. If a source is broken, a signature looks wrong, or this app should not be here, tell the moderation team.

Report a problem