User manual for the encrypted note-taking Android app.
Secret Notes is an encrypted note-taking app for Android. Notes never leave your device unless you explicitly send them — there is no account, no cloud account requirement, and no tracking.
Everything you need for keeping notes private and organised:
Tap the + button on the bottom-right of the notes list to create a new note. Pick the note type from the dialog. Enter a title (required, must be unique), pick or create a folder, and start writing. Tap the back arrow or the save action to persist. Tap any note in the list to view it, then the pencil icon to edit.
The first time you open the app, a 5-page walkthrough introduces the core ideas: encryption, note types, organisation, sync, and getting started. You can skip it on any page; it does not show again unless you reset the app.
On first launch the app also creates four default categories: Private, Work, Ideas, Passwords (in your chosen language). You can rename, delete, or add to these freely.
Tap +. A type picker appears. Tap the type you want.
A free-form text field. Use the Mic trailing icon for voice dictation (system speech recogniser). Use the Password icon to generate a random password and insert it at the cursor.
Two-level hierarchical to-do list. Tap + on a parent to add a child. Drag the handle to reorder.
Auto-check behaviour:
Open and completed items are shown in two collapsible sections.
A small editable table. Add columns from the toolbar; tap a cell to edit. Sums and averages are not built in — this is a structured data store, not a calculation engine.
Standard CommonMark with GitHub-flavoured extensions (task lists, tables, fenced code, strikethrough). The preview tab renders live. A toolbar inserts headings, bold, italic, lists, links and code.
Tap the record button to capture audio (AAC .m4a, 128 kbps, 44.1 kHz) directly in the note. Each recording becomes an attachment with inline play / pause / seek controls. The note's text field is used as a transcript or notes area.
From any audio recording, the Subject icon runs on-device speech-to-text (Android 13+) and appends the result to the text field.
Like audio, but for video. Record clips in-app or attach existing video files. Tap to play in your system video player. The note's text field carries a description or notes.
Open a note from the list, then tap the pencil icon. The Update screen has collapsible sections (Categories, Dates, Content, Images, Rating, Folder); their state is remembered between sessions. The Save button persists; the back arrow prompts if you have unsaved changes (unless Automatic save is on in Settings, in which case changes save on back).
Pin: tap the pin icon in the detail view to keep a note at the top of the list (independent of sort order).
Color: tap the colour swatch to set a per-note background colour, used in the list and detail views.
Rating: tap the star row (0–5). Useful for ranking ideas, books, or anything sortable.
Set a date and time. The system fires a notification at that time. Per-category lock-timeout overrides apply if the reminder unlocks the app.
Many-to-many tags. One note can belong to several categories. From the drawer or the note picker you can manage categories — rename, soft-delete, archive, or set an optional per-category lock timeout.
Hierarchical, single-parent. A note belongs to at most one folder. The folder picker has a New folder row at the top so you can create one inline while assigning. Folder counts are transitive: a parent folder shows the total of its own notes plus everything in its descendants.
Attach images, PDFs, audio, video, or any other file. Images preview inline; other types open in your system viewer (PDF reader, video player, etc.). Attachments travel with the note when you sync, export, or back up.
The list screen has a search field that filters across titles and content. Filter chips above the list let you narrow by category, folder, or note type. Search terms are highlighted in matching notes.
Tap the sort icon to choose the field (name, rating, category, date) and direction (ascending / descending). Pinned notes always come first.
Each save snapshots the previous version (title, text, items, categories, color, rating, type, timestamp). From the detail view, the history icon shows a chronological list. Tap a version to preview; restore replaces the current note.
The default retention is 50 versions per note; configurable in Settings.
Deleting a note moves it to Trash. From Trash you can restore individually or empty the trash to delete permanently. Archive is similar but for notes you want to keep out of the main list without deleting — restore to bring them back.
Long-press a note to enter selection mode. Then bulk-move to folder, bulk-categorise, bulk-delete, or bulk-archive.
Five built-in templates ship with the app:
When creating a new note, tap Use Template to pick one. From any note's overflow menu, Save as Template stores the current note as a custom template.
Open a note for editing. In the Content section, the type dropdown lets you change the type. A confirmation dialog asks before converting, so an accidental tap will not reformat your data.
What happens to your content:
[x] or - [x] are pre-checked; 4-space (or -) indent makes children.[x]/[ ] markers (or - [x]/- [ ] for Markdown), children indented.;) as separator; first line = column headers. | .Settings → Security → Enable PIN protection. Choose a 4+ digit code. The PIN is stored as an unsalted SHA-256 hash. PIN and biometric are mutually exclusive — enabling one disables the other.
Settings → Security → Enable biometric protection. Uses the Android BiometricPrompt API (fingerprint or face, depending on what your device supports).
Settings → Auto-Lock. Choose Immediate, 1 minute, 5 minutes, 15 minutes, or Never. Categories can override this with their own timeout — e.g. Passwords might re-lock immediately while regular notes have 5 minutes.
Every note's title, content, and metadata is encrypted with AES-256-GCM. Wire format: v1:<b64(iv)>:<b64(ciphertext+tag)> — 12-byte random nonce per field, 16-byte authentication tag, 256-bit data encryption key (DEK). The DEK is wrapped in an Android Keystore key, so it never leaves the secure hardware-backed key store in plaintext.
Help → Encryption status shows the live algorithm, key storage location, encrypted-notes counter, lock state, and whether a backup password is set.
Data screen → Automatic Backup. Choose Off, Daily, or Weekly. Backups run via Android's WorkManager when the device is charging or otherwise idle — Android may delay them if the device is in heavy use.
Each backup is a .zip in the app's private storage, containing the SQLite database (with WAL flushed) and all attachment files.
Data screen → Maximum number of backups: 3 / 5 / 10 / 20 / 50 / Unlimited (default 5). After each successful backup, the oldest zips beyond the limit are deleted automatically. Lowering the limit prunes immediately.
Data screen → Show Backups. The dialog lists all local backups by date. Tap one to restore (replaces all current data and restarts the app), or use the trash icon to delete a backup.
Data screen → Backup Password. If set, automatic backups also include a password-wrapped copy of the DEK, so you can recover encrypted notes on a new install or new device by entering the same password during restore.
Sync uses Google Nearby Connections — devices on the same Wi-Fi network advertise and pair directly. No cloud, no account, no Google sign-in. Encrypted manifests and payloads are exchanged.
The protocol uses delta sync: each side sends a manifest of which note IDs and update timestamps it has. Only the differences are transferred. Attachments travel with their note as Base64-encoded bytes; large payloads automatically switch from Nearby's BYTES type (32 KB cap) to STREAM.
State machine: Idle → Searching → FoundDevice → PairingConfirmation → Connected → Syncing → Complete (or Error).
Data screen → Sync devices. Both sides advertise their full manifest. After pairing, each side imports what's new on the other and exports what's new on itself. On completion, your two libraries are equal.
From the note detail view's overflow menu → Send to device. Only that one note's manifest is advertised. The receiver imports the note, including attachments and the original folder path. The send is forced — even a previously trashed copy on the receiver is overwritten / restored.
Data screen or note detail menu → Receive only. Your device advertises an empty manifest, so nothing of yours is sent. After import, a button takes you straight to the new note.
Data screen → Export CSV / Import CSV. Thirteen columns including the folder path. Images are Base64-encoded; attachments are stored as JSON in their own column. On import, missing folders are created automatically from the path.
Data screen → Export JSON / Import JSON. Full structured export — easier to round-trip than CSV and the recommended option for backup.
By default, exports are written using the app's encryption envelope. To export readable plain text, enable Export unencrypted in Settings first. A red warning appears whenever this option is on — exported plaintext files are not protected by anything except your own file system permissions.
Data screen → Export PDF. Generates a styled HTML representation of all visible notes and renders it to PDF using Android's PrintManager. Honours your current filter (folder / category / search).
From the detail view, the share icon copies the note's content to the clipboard, or sends it to other apps via Android's share sheet. Per note type:
[x]/[ ] lines, indented for children.The app also receives shares from other apps. Share intents from text, image, PDF, audio, video, or document apps land in the share dialog where you can route the content into a new note or append to the currently open one.
Two distinct paths:
RecognizerIntent. Inserts text at the cursor..m4a file using SpeechRecognizer.createOnDeviceSpeechRecognizer() (Android 13+). Result is appended to the note's text field. No network, no cloud.Long-press your home screen → Widgets → Secret Notes. Four widgets are available:
Widgets share the same encrypted database; they decrypt notes through the same Keystore-wrapped key the app uses.
The Settings screen organises options into:
One-time in-app purchase via Google Play Billing. Product ID: secret_notes_pro. No subscription.
Pro unlocks:
Free features (no purchase): text and checklist notes, unlimited notes, categories, CSV/JSON import & export, voice input, themes, PIN/biometric lock, reminders, password generator, language switcher, copy-to-clipboard.
Secret Notes does not collect, transmit, or share any personal data. There are no analytics, no crash reporting to a third party, no advertising IDs.
Network use is limited to:
The full privacy policy is in the project root and on the GitHub Pages site: privacy.html.
Email: agrauf67@gmail.com (Help screen → Send email pre-fills the app version).
FAQ and live encryption status: in-app, drawer → Help.
Source code: github.com/agrauf67/secretnotes
Copyright © 2026 Andreas Grauf. All rights reserved.
Secret Notes is published on Google Play under the developer account "djvlk". Source available on GitHub for transparency.