Send in your ideas. Deadline October 1, 2025

NGI Mobifree Fund

More ethical and human mobile software

This page contains a concise overview of projects funded by NLnet foundation that belong to NGI Mobifree Fund (see the thematic index). There is more information available on each of the projects listed on this page - all you need to do is click on the title or the link at the bottom of the section on each project to read more. If a description on this page is a bit technical and terse, don't despair — the dedicated page will have a more user-friendly description that should be intelligible for 'normal' people as well. If you cannot find a specific project you are looking for, please check the alphabetic index or just search for it (or search for a specific keyword).

Mobile devices like phones and tablets have become pervasive: they are our gateway to the world at large, function as an external brain and are increasingly part of even our most intimate moments. People should therefore be far more empowered when it comes to such a critical dependency. If we want everyone to use and benefit from the internet to its full potential without holding back, the internet must be built on strong and transparent technologies that allow for permissionless innovation and are equally accessible to all.

Mobifree is a pilot programme designed to push beyond the status quo of mobile software, and create a virtuous cycle of innovation through free and open source software, libre hardware and open standards. It has brought together a number of the "movers and shakers" of the open mobile ecosystem, in order to deliver a comprensive development effort and advance a number of important free and open source technologies.

Mobifree is part of the Next Generation Internet initiative, which focuses on the development and maintenance of internet commons that support the vision of a resilient, trustworthy and sustainably open technology stack that empowers users, and grants everyone full autonomy.

Together we work towards better technologies to restore and maintain European sovereignty and to secure democratic ownership of the digital society. Our goal is to help mobile technology evolve to a more healthy state, provide people with concrete new tools and more reliable infrastructure, in order to provide better security and allow users more agency and choice.

But this is a vast domain, with many more challenges than what any preconceived effort could tackle by itself. This is why we invite your contribution to help us reshape the state of play, and together create an open, trustworthy and reliable internet for all.

All project results will become available under a free and open source license so you will be able to study, use, modify and share everything with anyone you want! And even better: part of NGI Mobifree is a supporting grant programme through NLnet, through which auxiliary efforts can be funded. This means that if you are interested in actively contributing to this effort, you can still join! Do you have a project idea that complements, strenghtens or otherwise will benefit the work of Mobifree? Why not put in a proposal yourself, calls are currently open!

Logo NLnet: abstract logo of four people seen from aboveLogo NGI Mobifree: letterlogo shaped like a tag

Applications are still open, you can apply today.

Android translation layer (ATL) — Run Android apps on Linux

The Android Translation Layer is an alternative implementation of Android application APIs on top of standard Desktop Linux, with the ability to run apps as-is using some AOSP components such as ART+libcore, modified to use system-provided libraries where possible to further the goal of being as lightweight as possible. That is in contrast with existing container-based solutions which require running a whole AOSP system in parallel to the host Linux system, resulting in considerably higher resource usage (both disk space and RAM) and longer startup times. The higher efficiency of ATL can make it viable to sideload apps also on more constrained devices. Another benefit of our approach is better integration with the desktop, such as native notifications.

>> Read more about Android translation layer (ATL)

Androguard — Static and dynamic analysis of Android apps

The Androguard project is used to analyze Android applications. This project marks a major evolution for Androguard, focusing on modernizing its architecture. The core strategy is to replace its monolithic structure with a suite of independent, native Python libraries for parsing essential Android files like AXML, APK, and DEX. This modular approach will make the tools easier to maintain, reduce external dependencies, and allow for greater flexibility.

Performance is a key driver of this initiative. To tackle the primary analysis bottleneck, a new high-speed dex-bytecode library will be developed in Rust with Python bindings. The main Androguard project will then be refactored to integrate these new, faster components, resulting in a cleaner and more efficient core tool for static analysis.

Building on this new foundation, the project will expand into advanced security domains. This includes APKXploit, a new tool for penetration testing; AndroidIR, which will enable sophisticated code analysis via an Intermediate Representation; and Androguard-MCP, an innovative plugin to help security engineers in discovering vulnerabilities more effectively.

>> Read more about Androguard

F-Droid App Overhaul — Modernise the F-Droid mobile app store

F-Droid is a software ecosystem around Android applications. It is an app store kit, a platform, an app and catalogue of free and open source applications. The app makes it easy to browse and install apps, and redistribute these from your own device to others.

This project is about modernizing and rewriting the official F-Droid app that still dates back to the early days of Android in 2009. The goal is to make the app easier to use and more appealing especially for new users.

The rewrite will use the latest technologies and will make it easier and more attractive to contribute to the app while also making it easier for the maintainers to review and merge external contributions due to better test coverage and less code entanglement.

>> Read more about F-Droid App Overhaul

LambdaNative F-Droid integration — Portable, Productive and Performant App Development with Scheme

LambdaNative is an free and open source framework that allows for creation of cross-platform applications, in particular on Android and general desktop operating systems such as Linux, BSD's, OS X or Windows. With LambdaNative, even someone with minimal programming background can create nice applications ranging from basic to advanced, using the Scheme programming language. This makes it very suitable for those that do not have a computer science background but still need to create a custom app - such as most researchers, educators and people working in the public sector.

The aim of the project is to add a LambdaNative pipeline to publish apps on the free and open source F-Droid app store. The second part of the project will create educational materials to teach people how to work with LambdaNative mobile application and how to publish their app.

>> Read more about LambdaNative F-Droid integration

FMD — Privacy-preserving mobile device location

FMD allows you to locate and remotely control your Android device. This is useful if you have lost or misplaced it. FMD is decentralised, and users remain in full control of their data.

With FMD, you can send commands to your phone: to locate it via GPS, to locate it via nearby cell towers, to take a picture, to lock it, to let it ring, or to factory-reset it. Commands can be sent over multiple transport channels: over SMS, over third-party messaging apps like Signal or Matrix (that post a notification to the Android notification tray), or over the "FMD Server" (a self-hostable server providing a web interface to control your device).

>> Read more about FMD

Gesture Typing for AOSP-derived Keyboards — More efficient text input for mobile touch screen devices

HeliBoard is a very customizable and privacy-conscious open-source keyboard for Android. The current gesture typing feature, which lets you input words by swiping your finger over the letters, is only accessible when adding abandoned closed source code by Google.

Goal of this project is a well working and completely open-source implementation of gesture typing. Gesture typing quality will be ensured by sample contribution by developers and volunteers and comparison with results of said closed source code. The gesture typing library will be developed separately from HeliBoard, with a compatibility layer allowing it to be used as a drop-in replacement for said closed source gesture typing code. This approach will allow for compatibility with other virtual keyboards, mainly for Android, but also for other systems e.g. Linux.

>> Read more about Gesture Typing for AOSP-derived Keyboards

IsMyPhonePwned — Scan phone security directly from a web browser

"IsMyPhonePwned" is a new open-source initiative designed to put the power of security back into the users hands. By leveraging the speed and safety of Rust, the project allows anyone to run a comprehensive security scan on their phone directly from a web browser implementing WebUSB. There's nothing to install and no complicated setup; just a simple, clear process to check for compromise with complete anonymity and privacy.

"IsMyPhonePwned" aims to be more than just a tool; it's a statement that privacy is a fundamental right. By providing a free, accessible, and trustworthy way for journalists, activists, and any concerned citizen to secure their devices, we are building a community-driven defense against digital intrusion, one phone at a time.

>> Read more about IsMyPhonePwned

IzzyOnDroid — Third party repository for FOSS Android apps

IzzyOnDroid provides Android apps which are available under free and open source licenses approved by OSI/FSF. With its more than 1,200 apps, this already popular repository is the largest third-party F-Droid-compatible repository - with more than 200,000 daily visitors on the primary site alone, not counting mirrors. Its intent is to provide useful apps, connecting a vibrant community of developers and users, with a focus on transparency, privacy, and security.

The goal of this project is to provide additional security, transparency, flexibility, and decentralization – e.g. by advancing our reproducible builds (which already cover more than a third of all apps in our collection) and making our tooling easier available for others to use.

>> Read more about IzzyOnDroid

OWASP blint — Versatile binary linter, malware research tool and SBOM generator

OWASP blint is an open-source binary linter and SBOM generator. The project had a humble origin as a linting tool, but soon found rapid adoption for a range of use cases such as malware identification (MalwareBazaar is a large-scale user), binary risk audits, and more recently binary SBOM generation for Android apk, go, dotnet, and rust binaries. The current version of Blint can already generate a granular SBOM for Android apk/aab files, up to some extent even from binary.

Within the scope of this grant, the team will enhance blint to improve package identification for native binary blobs (c/rust/kotlin native) bundled within an android app, will add fuctionality to identify cloud services, domain names, IP addresses, and other sensitive literals by performing static analysis on binaries. In addition support will be added for generating precise SBOM for swift binaries (unencrypted/debug files) by integrating blint with an LLVM frontend and a number of general improvements will be made to linting rules for mobile apps.

>> Read more about OWASP blint

Offline Translator — On-device translations using open models

Offline translator is a privacy-focused application that handles multilingual needs entirely on-device, without sending data to external servers. It supports text and image translation with automatic language detection, transliteration across scripts, dictionary look-ups and text-to-speech functionality.

The app uses exclusively open code, models and datasets, and will contribute to those ecosystems as necessary.

>> Read more about Offline Translator

OpenAGPS — Privacy-friendly, self-hostable location service

Location-specific services benefit greatly from location awareness. However, satellite signals are slow and not always reliably available in urban areas (let alone inside buildings). Hence the need for "assisted GPS", which uses alternate sources such as information based on mobile cell ids to determine location. While it seems obvious for such a capability to be a digital commons, there are no open services reliably providing this information- Mozilla operated something called the Mozilla Location Service, but this was retired recently. This leaves users either unserved or with a huge dependency on a few large vendors that bundle their own location service (based on non-public data sources and dark code) - with the latter users being dependent on the availability of and connectivity to specific machines on the internet. This project aims to provide a self-hostable alternative based on free and public sources, such as Galmon and OpenCellID, which would function independently from the services mentioned earlier.

>> Read more about OpenAGPS

PiRogue Tool Suite — Mobile device forensics and digital investigation

The project summary for this project is not yet available. Please come back soon!

>> Read more about PiRogue Tool Suite

Pithus — Free and open-source mobile threat intelligence

Pithus is a free and open-source Android threat intelligence platform aimed at activists, journalists, NGOs and researchers. Its goals is to provide intelligible and relevant information aggregated from several android application analysis tools to facilitate the understanding, reverse engineering, and threat analysis of android applications. Pithus adapts to its users by providing easy to read information on application behaviors, as well as precise technical data and analysis tools to detect similar malicious samples. Functionalities to easily pivot to other malwares of a same family, create custom detection rules, and monitor, detect and analyse new emerging threats. Pithus is community driven with an ever growing database of android applications.

This grant focuses on developing a number of new features and performing well overdue maintenance and necessary refactoring tasks, as well as provide adequate documentation and QoL improvements.

>> Read more about Pithus

Solid Share — Digital Mobile Wallet for W3C Solid

This project works on a native app for the Android operating system, allowing citizens to use their solid pod as data and digital wallet. It allows users to login into their Solid pod with different accounts, manage their data (for instance also travel ticket and passes), share private files by means of a QR code, s and sync other Solid data modules (such as Contacts) within the Android ecosystem without needing extra apps. The app is designed offline-first. The goal of this project is to bring Solid into the hands of regular people, making them aware of the existence of the Solid project and allowing them to have a smooth and easy experience. It should be a base platform for using Solid pods as a daily usage storage as well.

>> Read more about Solid Share

Termux — Android terminal app and software distro/run-time

Termux is an Android app that provides a terminal emulator and a GNU/Linux distribution environment with 2000+ packages and executes programs natively on Android host OS/kernel, without any emulation or containerisation. It allows users to locally do most things that can be done on a Linux PC, like program in many languages, use text editors/IDEs, backup files, host websites and servers, and even run a full linux desktop interface.

Under the NGI Mobifree grant the following three improvements to Termux are planned to be implemented: 1) A termux-core library will be created which allows external projects to use Termux execution environment in their own apps. 2) A new APK Library File (APKLF) execution/packaging design will be implemented so that Termux can comply with security restrictions in Android 10 and newer that prevents apps from executing downloaded code. Currently Termux works by being compiled in backward compatibility mode. 3) Package sources will be patched to read paths from environment variables exported by the app, or compiled package files will be patched at install time, rather than relying on hardcoded paths in the package files to Termux rootfs.

>> Read more about Termux

Unexpected Keyboard Autocomplete/Correct — Input correction for popular alternative Android keyboard

Unexpected Keyboard is a lightweight and privacy-conscious virtual keyboard for Android-based mobile operating systems. Its distinguishing feature is that you can type different characters by swiping your finger towards the corner of the key, a feature was originally designed for programmers using Termux. This allows to fit much more characters on screen than a regular keyboard layout, and prevents users from having to continuously switch just to input content containing characters spread across layouts. This project will add (offline) word suggestion and correction to Unexpected Keyboard, which well help to make the app even more user-friendly.

>> Read more about Unexpected Keyboard Autocomplete/Correct

VoWiFi Watchdog — Identify blocks and misconfigurations for VoWiFi

VoWiFi (Voice over WiFi, also WiFi-calling) is the preferred channel for voice calls and messages for 4G/5G for most operators and operating systems (i.e., Android, iOS). However, there is a lack of transparency regarding existing operator practices and the security of everyday voice calls and messages. There are shocking security weaknesses such as default and static private keys, insecure configurations, as well as anti-consumer practices (geoblocking) at live operators.

Operators still use shared private keys to encrypt their customers' communication, allowing adversaries to eavesdrop on calls and messages. Due to the lack of transparency, customers have no way of evaluating the settings for their current operator and operators have little incentive for improvements. The VoWiFi Watchdog project will regularly probe operator's VoWiFi configurations to detect deployed geoblocking measures and expose deprecated security settings. The scan results will be automatically published at our project platform, allowing customers to check their current (or future) operator, motivating operators to upgrade insecure setups. This will help to bring transparency to the VoWiFi ecosystem.

>> Read more about VoWiFi Watchdog

CanIWebView — Contributing to standardisation of WebView in W3C

Web technologies like HTML, CSS and JavaScript are also used very much outside of a  Web browser, because they are well standardized, openly available and many developers know how to build for the web. WebViews are software components used to render Web content inside native apps. They are integral to the mobile web experience, as in-app web content display for social media and serving as a foundation for entire applications and games built with web technologies. WebViews are, however, very much overlooked by web developers, web standards developers, and browser engine vendors in terms of compatibility and feature availability.

As part of the W3C WebView Community Group, this project addresses a critical gap in the web platform by establishing comprehensive testing infrastructure and resources for WebView compatibility. The initiative will deliver three key components: open-source testing applications for Android and iOS distributed through app stores, automated testing infrastructure using WebDriver-like tools for continuous compatibility monitoring, and the caniwebview.com website as resource for WebView compatibility data and documentation. Through regular meetings and conference sessions with stakeholders in the WebView space this project aims to improve the user experience, address common issues and lay foundations to future standards.

>> Read more about CanIWebView