Self-Verification Guide

How to Verify Aido Security

Don't just trust our claims—verify them yourself. This comprehensive guide teaches you how to independently audit Aido's security, privacy, and behavior using professional security tools and techniques.

Why Verify Yourself?

In the digital age, trust must be earned, not assumed. While we provide transparency documentation, we believe users should have the knowledge and tools to verify our claims independently.

What You'll Learn

  • How to verify the APK signature and authenticity
  • How to monitor network traffic to ensure no data leaks
  • How to decompile and inspect the app's actual code
  • How to analyze permissions and security configurations
  • How to detect malicious behavior patterns

This guide is structured in three levels: Basic for everyday users, Intermediate for tech-savvy individuals, and Advanced for security professionals and developers.

Level 1: Basic Verification EASY

No technical knowledge required. These checks can be performed by anyone in under 10 minutes.

1 Verify Official Download Source

Why: Ensure you're installing the genuine Aido app, not a malicious clone.

How to verify:

  • Only download Aido from the Google Play Store or our official GitHub releases page
  • Check the developer name: Rubex
  • Verify the package name: com.rr.aido
  • Cross-reference with our website: myaido.web.app
Expected Result: The app should only be available through official channels listed on our website.

2 Check App Permissions

Why: Verify that Aido only requests necessary permissions and nothing suspicious.

How to verify:

  1. Go to Settings → Apps → Aido → Permissions
  2. Review each permission and compare with our Permissions Deep Dive page
  3. Ensure no unexpected permissions are requested (e.g., Camera, Microphone, SMS)
Expected Result: Only essential permissions like Accessibility, Notifications, and Storage should be present.

3 Test Network Activity (Simple Method)

Why: Verify that Aido doesn't send your data to unknown servers.

How to verify:

  1. Enable Airplane Mode on your device
  2. Open Aido and use core features (text shortcuts, clipboard manager, utility commands)
  3. Observe that all features work perfectly without internet
  4. Disable Airplane Mode and check if Aido requests network access for basic operations
Expected Result: All core features should work offline. Network is only used when you explicitly use AI features or online commands.

4 Review Privacy Policy & Transparency Pages

Why: Understand what data Aido collects and how it's used.

How to verify:

Expected Result: Crystal-clear documentation with no vague language or hidden clauses.

5 Test Offline Functionality

Why: If an app works perfectly without internet, it can't be secretly sending your data.

How to verify:

  1. Turn on Airplane Mode
  2. Test all core features:
    • Type text shortcuts (e.g., "@em" for email)
    • Use clipboard manager
    • Try utility commands (.date, .reverse, etc.)
    • Test font library
  3. Verify everything works smoothly without any errors
Expected Result: All features except AI and translation work perfectly offline, proving data stays on your device.

6 Check Play Store Reviews & Ratings

Why: Real user experiences reveal the truth about an app's behavior.

How to verify:

  • Read recent reviews on Google Play Store
  • Look for privacy-related complaints or data concerns
  • Check if users report unexpected behavior
  • Note the developer's responses to negative reviews
Expected Result: Positive reviews about privacy, no reports of data theft, transparent developer responses.

7 Observe Battery & Data Usage

Why: Suspicious apps drain battery with background activities and consume data secretly.

How to verify:

  1. Go to Settings → Battery → Battery Usage
  2. Check Aido's battery consumption (should be minimal)
  3. Go to Settings → Network & Internet → Data Usage
  4. Check Aido's data usage (should be near zero if you don't use online AI)
Expected Result: Minimal battery usage, near-zero background data consumption.

8 Verify No Ads or Trackers

Why: Apps with ads always track you. Ad-free apps are inherently more private.

How to verify:

  • Use Aido for a week and observe: Do you see any ads?
  • Check if there's any "Ad settings" or "Personalized ads" option
  • Look for tracking prompts or consent dialogs
Expected Result: Zero ads, zero tracking prompts, zero consent dialogs for analytics.

Pre-Installation Checks EASY

Verify safety BEFORE installing the app.

9 Check Play Store Data Safety Section

Why: Google requires developers to declare data collection transparently.

How to verify:

  1. Open Aido's Play Store page
  2. Scroll to "Data safety" section
  3. Check what data is collected and shared
  4. Verify our claims: "No data shared with third parties"
Expected Result: Data safety section should clearly state minimal data collection and no third-party sharing.

10 Research the Developer

Why: Trustworthy developers have public presence and accountability.

How to verify:

  • Search for "Aido app" and "Rubex developer" online
  • Check our official website: myaido.web.app
  • Look for social media presence, GitHub activity, community engagement
  • Check if other users are discussing the app on Reddit, Twitter, forums
Expected Result: Active developer presence, transparency center, positive community discussions.

11 Compare Permissions with Similar Apps

Why: Excessive permissions compared to competitors is a red flag.

How to verify:

  1. Find similar keyboard/clipboard apps on Play Store
  2. Compare their permissions with Aido's
  3. Aido should request similar or fewer permissions
Expected Result: Aido requests standard permissions for its category, nothing excessive.

Behavioral Observation EASY

Monitor app behavior during daily usage to spot abnormalities.

12 Verify No Automatic Background Execution

Why: Malicious apps run in background without permission to spy or steal data.

How to verify:

  1. Go to Settings → Apps → Aido → Battery
  2. Check "Background usage" - should show minimal or zero usage
  3. Go to Settings → Developer Options → Running Services
  4. Close all apps and wait 10 minutes
  5. Check if Aido appears in running services (it shouldn't!)
  6. Restart your phone and check battery stats after 1 hour
  7. Aido should NOT appear in battery usage if you haven't used it
Expected Result: Zero background activity. Aido only runs when YOU actively use it. No automatic startup after reboot.

13 Verify Banking & SMS Protection

Why: Verify that Aido cannot access or steal banking info, SMS, passwords, or OTPs.

How to verify:

  1. Test Banking Apps:
    • Open your banking app (PhonePe, Paytm, Google Pay, etc.)
    • Try using Aido features - they should be DISABLED automatically
    • Try typing shortcuts in password/PIN fields - they WON'T work (good!)
    • Aido should not interfere with UPI transactions
  2. Test SMS Access:
    • Go to Settings → Apps → Aido → Permissions
    • Verify: SMS permission should be NOT GRANTED
    • Aido should NEVER request SMS permission
  3. Test Password Fields:
    • Open any app with password/PIN input
    • Aido's shortcuts should NOT work in these fields
    • Clipboard manager should NOT capture passwords
  4. Test OTP Fields:
    • Receive an OTP via SMS
    • Type it manually - Aido should NOT interfere
    • OTP should NOT appear in clipboard history
Expected Result:
  • No SMS permission granted (ever!)
  • Banking apps work normally without Aido interference
  • Passwords, PINs, and OTPs are never captured
  • Aido automatically disables itself in sensitive apps

14 Verify No Auto-Start After Reboot

Why: Malicious apps auto-start after reboot to run in background without your knowledge.

How to verify:

  1. Check current permissions: Settings → Apps → Aido → Permissions
  2. Verify "Autostart" or "Run at startup" is DISABLED
  3. Actual Test:
    • Note Aido is NOT currently running (close all apps)
    • Restart your phone completely
    • After restart, check Settings → Apps → Running Services
    • Aido should NOT be in the list
  4. Open Recent Apps menu - Aido should not appear unless you opened it
Expected Result: Aido does NOT auto-start. It only runs when YOU manually open or use it.

15 Check for Unexpected Notifications

Why: Spammy notifications often indicate data-hungry apps.

How to verify:

  • Use Aido for several days
  • Check if you receive promotional notifications
  • Look for requests to enable additional permissions
  • Watch for "rate us" spam or intrusive popups
Expected Result: Zero promotional notifications, no spam, no intrusive permission requests.

16 Test Contact & Call Log Access

Why: Verify Aido cannot steal your contacts, call history, or phone records.

How to verify:

  1. Go to Settings → Apps → Aido → Permissions
  2. Check these permissions are NOT GRANTED:
    • Contacts
    • Phone (Call logs)
    • Call history
    • SMS/MMS
  3. Aido should NEVER request these permissions
  4. If prompted, deny and verify app still works normally
Expected Result: Zero access to contacts, calls, or SMS. Aido doesn't need or request these permissions.

17 Verify Camera & Microphone Protection

Why: Ensure Aido cannot record audio, take photos, or spy through camera/microphone.

How to verify:

  1. Go to Settings → Apps → Aido → Permissions
  2. Verify these are NOT GRANTED:
    • Camera
    • Microphone
  3. Check Settings → Privacy → Camera Access - Aido should not be listed
  4. Check Settings → Privacy → Microphone Access - Aido should not be listed
Expected Result: No camera or microphone access. Aido is a text/clipboard tool, not a spying tool!

18 Verify App Size & Updates

Why: Sudden large app size increases can indicate added tracking libraries.

How to verify:

  1. Note Aido's current app size in Settings → Apps
  2. After updates, check if size changes significantly
  3. Read update changelogs to understand changes
  4. Large size increases without clear feature additions = suspicious
Expected Result: App size should stay reasonable. Updates should have clear, transparent changelogs.

Community-Based Verification EASY

Leverage collective intelligence to verify trustworthiness.

19 Check VirusTotal Scan

Why: VirusTotal scans APKs with 70+ antivirus engines.

How to verify:

  1. Visit VirusTotal.com
  2. Search for com.rr.aido or upload the APK
  3. Review scan results from multiple security vendors
  4. Check detection ratio (should be 0/70+)
Expected Result: Clean scan with 0 detections from reputable antivirus engines.

20 Search for Security Research

Why: Security researchers publicly expose malicious apps.

How to verify:

  • Google: "Aido app security vulnerability"
  • Search Twitter for: "Aido app privacy concern"
  • Check security forums and Reddit for discussions
  • Look for independent security audits or reports
Expected Result: No security reports, no privacy scandals, no exposed vulnerabilities.

21 Join User Communities

Why: Real users share genuine experiences and concerns.

How to verify:

  • Join Aido's user communities (Discord, Telegram, Reddit)
  • Ask existing users about their privacy experiences
  • Check if anyone has reported data breaches or privacy violations
  • Observe developer responsiveness to concerns
Expected Result: Active community, positive privacy feedback, responsive developer.

Level 2: Intermediate Verification MEDIUM

Requires basic technical knowledge and tools. Recommended for tech-savvy users who want deeper insights.

22 Verify APK Signature

Why: Confirm that the APK hasn't been tampered with and is genuinely from us.

Required Tools:

APK Analyzer (Android Studio) jarsigner (JDK)

How to verify:

  1. Extract the APK file from your device using:
    adb pull $(adb shell pm path com.rr.aido | cut -d: -f2) aido.apk
  2. Verify the signature using jarsigner:
    jarsigner -verify -verbose -certs aido.apk
  3. Check the certificate fingerprint:
    keytool -printcert -jarfile aido.apk
Expected Result: The APK should be properly signed with our official certificate. SHA-256 fingerprint should match the one published on our GitHub.

23 Monitor Network Traffic

Why: Capture and analyze all network requests to ensure no unauthorized data transmission.

Required Tools:

HTTP Toolkit Charles Proxy mitmproxy

How to verify:

  1. Install HTTP Toolkit or Charles Proxy on your computer
  2. Configure your Android device to use it as a proxy
  3. Install the SSL certificate on your device (for HTTPS inspection)
  4. Use Aido normally for 10-15 minutes, testing various features
  5. Review all network requests in the proxy tool
Expected Result:
  • No requests when using offline features
  • Only requests to known AI APIs when using online AI features
  • No analytics tracking or telemetry
  • No requests to ad networks or data brokers

24 Analyze Manifest File

Why: The AndroidManifest.xml contains all permissions, services, and components. Inspecting it reveals what the app CAN do.

Required Tools:

Apktool APK Analyzer

How to verify:

  1. Decompile the APK using Apktool:
    apktool d aido.apk
  2. Open AndroidManifest.xml and review:
    • Permissions: Should match our documentation
    • Services: Look for background services
    • Receivers: Check for broadcast receivers
    • Activities: Verify app entry points
Expected Result: No hidden services, receivers, or permissions. Everything should align with our transparency documentation.

25 Check Storage & Data Files

Why: Verify what data Aido stores locally and ensure nothing is being collected secretly.

How to verify:

  1. Using ADB, browse Aido's data directory:
    adb shell
    run-as com.rr.aido
    ls -la
  2. Check for databases, shared preferences, and cache files
  3. Use sqlite3 to inspect database contents:
    sqlite3 databases/aido.db
    .tables
    .schema
Expected Result: Only user-created data (shortcuts, saved clips, settings). No telemetry, no analytics, no tracking databases.

Level 3: Advanced Verification ADVANCED

For security researchers and developers. Requires programming knowledge and deep technical understanding.

26 Decompile & Inspect Source Code

Why: The ultimate verification—reading the actual code to see what the app does.

Required Tools:

JADX JEB Decompiler Ghidra

How to verify:

  1. Decompile the APK using JADX:
    jadx -d output_folder aido.apk
  2. Open the decompiled code in an IDE (IntelliJ IDEA recommended)
  3. Search for suspicious patterns:
    grep -r "analytics" .
    grep -r "tracking" .
    grep -r "telemetry" .
    grep -r "URLConnection" .
    grep -r "HttpClient" .
  4. Review key files:
    • AidoAccessibilityService.kt - Accessibility logic
    • ClipboardManager.kt - Clipboard handling
    • NetworkModule.kt - Network requests
    • UtilityCommandProcessor.kt - Command processing
Expected Result: No obfuscated code hiding malicious behavior. All network activity should be for user-initiated features only.

27 Static Analysis with Security Tools

Why: Automated tools can detect vulnerabilities and suspicious code patterns faster than manual review.

Required Tools:

MobSF APKLeaks Qark

How to verify:

  1. Install Mobile Security Framework (MobSF):
    docker pull opensecurity/mobile-security-framework-mobsf
    docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf
  2. Upload the Aido APK to MobSF at http://localhost:8000
  3. Review the automated security report for:
    • Hardcoded secrets or API keys
    • Insecure data storage
    • Weak cryptography
    • Privacy violations
Expected Result: No critical or high-risk vulnerabilities. Any findings should be documented in our security changelog.

28 Dynamic Runtime Analysis

Why: Monitor actual app behavior at runtime to catch anything static analysis misses.

Required Tools:

Frida Xposed Framework objection

How to verify:

  1. Install Frida on your rooted device or emulator
  2. Hook into Aido's process:
    frida -U -f com.rr.aido
  3. Inject monitoring scripts to track:
    • File read/write operations
    • Network socket connections
    • Clipboard access
    • Process spawning
  4. Example Frida script to monitor network:
    Java.perform(function() {
    var URL = Java.use("java.net.URL");
    URL.openConnection.implementation = function() {
    console.log("Network request: " + this.toString());
    return this.openConnection();
    };
    });
Expected Result: No unexpected file access, no unauthorized network connections, no data exfiltration attempts.

29 Binary Analysis (Native Code)

Why: If Aido includes native libraries (.so files), they need inspection too.

Required Tools:

Ghidra IDA Pro radare2

How to verify:

  1. Extract native libraries from the APK:
    unzip aido.apk -d extracted
    find extracted/lib -name "*.so"
  2. Load each .so file into Ghidra for disassembly
  3. Look for suspicious function calls:
    • Socket operations
    • File operations
    • Encryption/decryption
Expected Result: No hidden backdoors or malicious code in native libraries. Currently, Aido is pure Kotlin with no native dependencies.

30 Traffic Decryption & SSL Pinning Check

Why: Verify that HTTPS traffic isn't hiding secret data transmission.

Required Tools:

Burp Suite SSLUnpinning

How to verify:

  1. Set up Burp Suite as a proxy with SSL interception
  2. If SSL pinning is implemented, bypass it using:
    frida --codeshare pcipolloni/universal-android-ssl-pinning-bypass-with-frida -U -f com.rr.aido
  3. Intercept and decrypt all HTTPS traffic
  4. Verify request payloads and response data
Expected Result: Only user-initiated AI requests. No background telemetry or analytics beacons.

Required Tools & Resources

Here's a complete list of tools you'll need for different verification levels.

Basic Level Tools
  • Android Settings - Built into your device
  • Web Browser - To read our transparency documentation
  • Play Store - For official app downloads
Intermediate Level Tools
Advanced Level Tools

If you find discrepancies between our claims and actual behavior, we want to know. Contact us at: aiqknow@gmail.com

Responsible Disclosure

Security researchers: If you discover vulnerabilities during your audit, we encourage responsible disclosure.

How to Report

  1. Email us at: aiqknow@gmail.com
  2. Include detailed steps to reproduce the issue
  3. Allow us 90 days to patch before public disclosure
  4. Get acknowledged in our Hall of Fame (optional)

We do not currently offer a bug bounty program, but we deeply appreciate security research and will publicly acknowledge your contribution (with your permission).

Constitution Security Details

Verification Menu