shihaam/basedbank
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 4 Wiki Activity
94 Commits 1 Branch 5 Tags
782e2e76740709168aef5d7dacd98ea4cc412855
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Shihaam Abdul Rahman 782e2e7674
All checks were successful
Auto Tag on Version Change / check-version (push) Successful in 6s
Details
refactor codebase to be more module for later adding new banks.. add support for single profile mib accounts.. add suport for disabling mib profiles in settings
2026-05-19 14:48:04 +05:00
.build/release
update ci to fetch reponame as apk name
2026-05-15 17:20:05 +05:00
.gitea/workflows
update ci to fetch reponame as apk name
2026-05-15 17:20:05 +05:00
.idea
refactor codebase to be more module for later adding new banks.. add support for single profile mib accounts.. add suport for disabling mib profiles in settings
2026-05-19 14:48:04 +05:00
app
refactor codebase to be more module for later adding new banks.. add support for single profile mib accounts.. add suport for disabling mib profiles in settings
2026-05-19 14:48:04 +05:00
docs
refactor codebase to be more module for later adding new banks.. add support for single profile mib accounts.. add suport for disabling mib profiles in settings
2026-05-19 14:48:04 +05:00
gradle
fix prod build
2026-05-18 00:43:05 +05:00
.gitignore
add support for fahipay login and view history
2026-05-16 21:31:34 +05:00
bml-logo.svg
working mib login and list accounts
2026-05-14 05:24:11 +05:00
build.gradle.kts
repo init
2026-05-14 05:24:09 +05:00
gradle.properties
repo init
2026-05-14 05:24:09 +05:00
gradlew
repo init
2026-05-14 05:24:09 +05:00
gradlew.bat
repo init
2026-05-14 05:24:09 +05:00
LICENSE
add LICENSE
2026-05-17 00:48:13 +05:00
mib_faisanet_logo.svg
working mib login and list accounts
2026-05-14 05:24:11 +05:00
README.md
add readme
2026-05-17 00:47:48 +05:00
settings.gradle.kts
add support for PayMV QR scan
2026-05-14 05:24:24 +05:00

README.md

BasedBank

A unified Android banking app for Maldivians that combines MIB (Faisanet), BML (Bank of Maldives), and Fahipay into a single interface — with no analytics, no tracking, and no phone-home behaviour outside the banks themselves.

AI Slop Inside License: GPL v3 Android 8.0+ Jetpack Compose Maintained

What it does

  • Multi-bank dashboard — view balances across all your MIB, BML, and Fahipay accounts in one place, with a combined MVR and USD total
  • Transaction history — paginated, searchable transaction history per account for MIB CASA, BML CASA, BML prepaid cards, and Fahipay wallet
  • Transfers — send money between accounts and to saved contacts; supports MIB-to-MIB, BML-to-BML, and cross-bank (MIB↔BML via FAVARA)
  • Contacts — manage saved beneficiaries across all banks; validates Dhiraagu and Ooredoo numbers and shows the account owner name before you add
  • Fahipay — full wallet support including balance, history with merchant icons, and Fahipay favourites (Raastas, Reload, Ooredoo Bill, Dhiraagu Bill)
  • QR payments — scan PayMV QR codes to pre-fill transfers
  • BML foreign limits — view your foreign currency spending allowances and breakdowns by ATM / POS / ECOM
  • MIB financing — view active financing deals

Authentication

The app requires your existing credentials for each bank — the same username/password/OTP seed you use with the official apps. It stores them encrypted using AES-256-GCM backed by the Android Keystore (hardware secure enclave).

Each bank's 2FA uses TOTP, so you need to have your OTP seed (the same secret used by your authenticator app).

Security

  • All credentials encrypted at rest with AES-256-GCM (Android Keystore)
  • Lock screen protected by PBKDF2-HMAC-SHA256 (100,000 iterations) with optional biometric unlock
  • FLAG_SECURE on by default — content hidden in app switcher and screenshots blocked
  • All sensitive data excluded from Android cloud backup
  • Zero analytics, crash reporters, or third-party SDKs — network traffic goes only to MIB, BML, Fahipay, and the Maldivian telecoms for number validation

See docs/AI_SECURITY_CHECK.md for the full security audit.

Supported banks

Bank Login Accounts History Transfers Contacts
MIB (Faisanet) username + password + TOTP
BML (Bank of Maldives) username + password + TOTP
Fahipay national ID + password + TOTP ✓ (favourites)

Requirements

  • Android 8.0+ (API 26)
  • Existing accounts with MIB, BML, or Fahipay
  • Your TOTP seed (base32 secret from your authenticator app setup) for each bank

Building

Open in Android Studio and run. No API keys or secrets required — all protocol constants are derived from the official apps and are included in the source.

The release signing config reads from environment variables (KEYSTORE_PASSWORD, KEY_ALIAS, KEY_PASSWORD).

How it works

BasedBank talks directly to each bank's existing mobile API using the same protocol as their official apps, reverse-engineered from the APKs. It does not use any intermediary server — requests go straight from your device to the bank.

  • MIB: Blowfish/ECB encrypted JSON over HTTPS with a Diffie-Hellman session key exchange
  • BML: PKCE OAuth 2.0 flow via the BML web login, exchanged for a Bearer token used on the mobile API
  • Fahipay: multipart form login with TOTP, session maintained via __Secure-sess cookie and authid header

Privacy

No data ever leaves your device except the API calls to the banking services themselves. See the security audit for a full list of every server the app connects to.

Disclaimer

This is an unofficial third-party app. It is not affiliated with, endorsed by, or supported by MIB, BML, or Fahipay. Use at your own risk. Review the source code before entering your banking credentials.

Reference in New Issue View Git Blame Copy Permalink
Description
Android app that connects with multiple Bank APIs in 1 mobile app
Readme GPL-3.0 3.3 MiB
Releases 4
basedbank v1.0.4 Latest
2026-05-19 13:26:19 +00:00
Languages
Kotlin 100%