Keylogger Github Android <2026>

Several GitHub projects combine Accessibility Service (for text) with overlay windows (for intercepting taps). One notable PoC (GhostTouch) overlays an invisible view to capture touches even on secure screens.

Instead of using a keylogger, consider these legitimate monitoring and debugging tools:

If you are a security researcher: Set up a virtual Android device (Android Studio Emulator) and test keylogger code in an isolated environment. Never test on a physical device that contains personal data. Keylogger Github Android

We queried GitHub using the following search terms (January 2024 – June 2025):

Inclusion criteria:

We analyzed 25 repositories after filtering out duplicates and non-functional code.

Here is a conceptual snippet of how a legitimate security researcher would log their own keystrokes using AccessibilityService (DO NOT use maliciously): If you are a security researcher: Set up

// Conceptual code for educational purposes only
class LoggerService : AccessibilityService() 
    override fun onAccessibilityEvent(event: AccessibilityEvent?) 
        if (event?.eventType == AccessibilityEvent.TYPE_VIEW_TEXT_CHANGED) 
            val text = event.text?.toString() ?: return
            if (text.isNotEmpty()) 
                // In a real test, you'd save this to a local encrypted file on YOUR device.
                Log.d("KeylogDebug", "Captured: $text")

Given that you cannot rely on GitHub to police every repository, protection falls to the user:

If you search "Keylogger Android" on GitHub, you will find two distinct categories of repositories: We queried GitHub using the following search terms

This post focuses on how these work technically so you can defend against them.

# Clone only the latest commit (avoid full history)
git clone --depth 1 https://github.com/suspicious/repo.git