[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-82922":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":30,"readmeContent":31,"aiSummary":32,"trendingCount":16,"starSnapshotCount":16,"syncStatus":33,"lastSyncTime":34,"discoverSource":35},82922,"web-to-app","shiaho777\u002Fweb-to-app","shiaho777","A native Android application that converts any website URL into a standalone Android App.","",null,"Kotlin",4035,611,21,1,0,22,290,300,241,110.36,"The Unlicense",false,"main",true,[27,28,29],"android","app","web","2026-06-12 04:01:39","\u003Cdiv align=\"center\">\n\n# WebToApp\n\n### Any website. One tap. An app.\n\nNo IDE. No build server. No PC.\n\n**English** · [简体中文](README_CN.md)\n\n[![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fshiaho777\u002Fweb-to-app?style=for-the-badge)](https:\u002F\u002Fgithub.com\u002Fshiaho777\u002Fweb-to-app\u002Fstargazers)\n[![Forks](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fforks\u002Fshiaho777\u002Fweb-to-app?style=for-the-badge)](https:\u002F\u002Fgithub.com\u002Fshiaho777\u002Fweb-to-app\u002Fnetwork\u002Fmembers)\n[![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-Unlicense-blue?style=for-the-badge)](LICENSE)\n[![Android](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAndroid-23%2B-3DDC84?style=for-the-badge&logo=android&logoColor=white)](#)\n\n\u003C\u002Fdiv>\n\n\u003Cp align=\"center\">\n \u003Ca href=\"#what-it-does\">What it does\u003C\u002Fa> ·\n \u003Ca href=\"#highlights\">Highlights\u003C\u002Fa> ·\n \u003Ca href=\"#module-market\">Module Market\u003C\u002Fa> ·\n \u003Ca href=\"#feature-catalog\">Feature catalog\u003C\u002Fa> ·\n \u003Ca href=\"#tech-stack\">Tech stack\u003C\u002Fa> ·\n \u003Ca href=\"#build-from-source\">Build\u003C\u002Fa> ·\n \u003Ca href=\"#contributing\">Contributing\u003C\u002Fa>\n\u003C\u002Fp>\n\n---\n\n\u003Cdiv align=\"center\">\n\u003Cimg src=\"png\u002F1.png\" width=\"19%\" \u002F>\u003Cimg src=\"png\u002F2.png\" width=\"19%\" \u002F>\u003Cimg src=\"png\u002F3.png\" width=\"19%\" \u002F>\u003Cimg src=\"png\u002F4.png\" width=\"19%\" \u002F>\u003Cimg src=\"png\u002F5.png\" width=\"19%\" \u002F>\n\u003Cimg src=\"png\u002F6.png\" width=\"19%\" \u002F>\u003Cimg src=\"png\u002F7.png\" width=\"19%\" \u002F>\u003Cimg src=\"png\u002F8.png\" width=\"19%\" \u002F>\u003Cimg src=\"png\u002F9.png\" width=\"19%\" \u002F>\u003Cimg src=\"png\u002F10.png\" width=\"19%\" \u002F>\n\u003C\u002Fdiv>\n\n---\n\n## What it does\n\nWebToApp turns websites, HTML projects, media libraries, and even server-side\napplications into installable Android APKs — entirely on the device.\n\nDrop in a URL, pick the bits you want, and you walk away with an APK you can\ninstall, share, or sideload. Behind the scenes the app stitches together a\nconfigurable WebView, optional native runtimes (Node.js, PHP, Python, Go), and\nan APK builder that signs and packages everything in-process via\n[`com.android.tools.build:apksig`](https:\u002F\u002Fmvnrepository.com\u002Fartifact\u002Fcom.android.tools.build\u002Fapksig).\nNo remote build server is ever contacted.\n\n**Supported app types** (the `AppType` enum): Web · HTML · Frontend\n(React \u002F Vue \u002F static builds) · WordPress · Node.js · PHP · Python · Go ·\nImage · Video · Gallery · Multi-Web.\n\n## Highlights\n\n- **One-tap on-device APK builds** — packaged, signed, and installed without\n leaving the phone.\n- **Two browser engines** — system WebView plus an optional GeckoView\n (Firefox) backend. The GeckoView engine ships arm64-v8a only and its native\n runtime is downloaded on first use, not bundled.\n- **GitHub-backed Module Market** — install community JS\u002FCSS modules without\n shipping an app update; the catalog lives in this repository.\n- **Bundled Chrome extension support** — runs unmodified MV3 extensions\n inside the WebView. Ships with the BewlyCat extension as a working example.\n- **Local server runtimes** — Node.js, PHP, Python, and Go execute on-device\n via a local HTTP server. WordPress runs against the on-device PHP runtime.\n- **Customisable WebView** — UA spoofing, 28-vector fingerprint disguise, ad\n blocking, DNS-over-HTTPS, JS\u002FCSS injection, payment scheme handlers.\n- **App Modifier** — clone an installed APK and re-brand it (icon, name,\n package) by patching its binary AXML manifest and re-signing.\n- **On-device APK signing** — create, import, export, and inspect keystores\n (MD5 \u002F SHA-1 \u002F SHA-256 fingerprints) right on the phone; choose V1\u002FV2\u002FV3\n signature schemes and a custom V1 signature filename.\n- **AI Coding** — a skill-driven agent that builds web apps, extension\n modules, and full app types (HTML, React, Vue, Node, PHP, Python, Go,\n WordPress, etc.) on your phone, with inline preview and built-in image\n generation.\n- **Per-app usage analytics** — Stats screen with health monitoring and Vico\n charts.\n- **Trilingual UI** — Chinese, English, Arabic out of the box.\n\n---\n\n## Module Market\n\nThe Module Market lets users install community-built JS\u002FCSS extension modules\nin one tap, and the entire catalog **lives in this repository**. There's no\nbackend, no submission portal, no review queue beyond a regular GitHub PR.\n\n```\nmodules\u002F ← published catalog\n├── registry.json ← index the app fetches first\n├── submissions.json ← CI-generated PR \u002F submitter metadata\n├── README.md ← contributor guide\n├── hello-world\u002F ← example: floating banner\n│ ├── module.json\n│ └── main.js\n├── night-shift\u002F ← example: amber overlay\n│ ├── module.json\n│ ├── main.js\n│ └── style.css\n├── reading-mode\u002F ← reader view\n├── floating-search\u002F ← selection action bar\n└── auto-scroll\u002F ← auto-scroll remote\n```\n\nThe app fetches **both** `registry.json` and `submissions.json`, and only\nshows a module when it appears in both — that's how the catalog guarantees it\nlists only modules whose PR has actually been merged (`submissions.json` is\nregenerated by CI on every push to `main`).\n\n**For users:** open the app, navigate to *Extension Modules*, tap the\nstorefront icon in the top bar. Modules update automatically when new\nversions are published.\n\n**For contributors:** fork the repo, drop a folder under `modules\u002F`, add an\nentry to `registry.json`, and open a PR. Once it's merged, every WebToApp\nclient picks up the module on its next refresh (default cache is one hour).\n\n→ [Full contributor guide](modules\u002FREADME.md)\n→ [General contributing guide](CONTRIBUTING.md)\n\n---\n\n## Feature catalog\n\nClick any section to expand. Every claim below is backed by a class or enum\nin this repository.\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Browser engine & networking\u003C\u002Fb>\u003C\u002Fsummary>\n\n- Desktop mode, custom User-Agent, JS\u002FCSS injection at `DOCUMENT_START` \u002F\n `END` \u002F `IDLE` (`ScriptRunTime`).\n- Build-time **kernel flavor** disguise (`KernelFlavor`): make the generated\n APK present itself as Chrome \u002F Edge \u002F Samsung Internet (Blink), Firefox\n (Gecko) or Safari (WebKit) — a consistent spoof of UA, `navigator.userAgentData`\n \u002F Sec-CH-UA brands, `window.chrome` presence and `vendor`. Client-hint request\n headers are driven through the official `WebSettingsCompat.setUserAgentMetadata`\n API (where the WebView supports it). The real engine is unchanged.\n- Popup blocker; new-window behaviour (`NewWindowBehavior`) selectable as\n `SAME_WINDOW` \u002F `EXTERNAL_BROWSER` \u002F `POPUP_WINDOW` \u002F `BLOCK`.\n- Static (HTTP \u002F HTTPS \u002F SOCKS5) and PAC proxies with optional authentication\n and bypass rules. SOCKS5 is routed through a local HTTP-to-SOCKS bridge.\n- DNS-over-HTTPS with seven providers (Cloudflare, Google, AdGuard, NextDNS,\n CleanBrowsing, Quad9, Mullvad) plus custom endpoints (`DnsProvider`).\n- PWA offline support with selectable caching strategy; custom error pages.\n- Per-app hosts file overrides; payment scheme handlers (`alipay:\u002F\u002F`,\n `weixin:\u002F\u002F`, `paypal:\u002F\u002F`, etc.).\n- Opt-in WebView compatibility toggles (all default off): blob download\n interception, scroll memory, image repair, kernel disguise\n (`KernelDisguiseLevel`), clipboard \u002F orientation \u002F notification polyfills,\n Native Bridge (with a per-capability allow-list), and a private-network\n bridge.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Browser fingerprint disguise (28 vectors)\u003C\u002Fb>\u003C\u002Fsummary>\n\nFive preset levels (`STEALTH` → `GHOST` → `PHANTOM` → `SPECTER` → `CUSTOM`,\nplus `OFF`). The disguise engine (`BrowserDisguiseConfig`) spoofs:\n\n| Group | Vectors |\n| --- | --- |\n| Anti-detection baseline | `X-Requested-With` removal, UA sanitisation, hide `webdriver`, emulate Chrome `window`, fake plugins, fake vendor |\n| Hardware fingerprints | Canvas noise, WebGL renderer (7 GPU profiles), AudioContext noise, Screen profile (7 device-class presets), ClientRects noise |\n| Environment fingerprints | Timezone, language, platform, `hardwareConcurrency`, `deviceMemory` |\n| Privacy fingerprints | MediaDevices, WebRTC IP shield, font enumeration block, battery shield |\n| Network fingerprints | Connection, Permissions, Performance Timing, Storage Estimate, Notification, CSS Media |\n| Hardening | `Native.toString` protection, iframe disguise propagation, error-stack cleaning |\n\nCoverage is reported as `OFF` → `BASIC` → `MODERATE` → `ADVANCED` → `DEEP` →\n`MAXIMUM` based on how many of the 28 vectors are active.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>OAuth in-WebView (30+ providers)\u003C\u002Fb>\u003C\u002Fsummary>\n\nPer-provider anti-detection scripts let unmodified Chrome OAuth flows\ncomplete inside the WebView. The `OAuthCompatEngine.Provider` enum recognises\n32 branded providers:\n\nGoogle, Facebook, Apple, Microsoft, Amazon, Twitter \u002F X, GitHub, Discord,\nReddit, LinkedIn, Spotify, Twitch, LINE, Kakao, Naver, WeChat, QQ, Alipay,\nTikTok \u002F Douyin, Yahoo Japan, Yahoo, VK, Yandex, Mail.ru, Shopify, Dropbox,\nNotion, Slack, Zoom, PayPal, Stripe, Square — plus reCAPTCHA \u002F hCaptcha \u002F\nCloudflare Turnstile compatibility and a generic OAuth fallback.\n\nWhen a recognised OAuth flow can't complete in-WebView, it falls back to a\nChrome Custom Tab with shared cookies (via `androidx.browser`).\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Extension modules\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **11 built-in JS modules** (`BuiltInModules`): Video Downloader, Bilibili \u002F\n Douyin \u002F Xiaohongshu extractors, Video Enhancer, Web Analyzer, Find-in-Page,\n Dark Mode, Privacy Protection, Content Enhancer, Element Blocker.\n- **1 built-in Chrome extension** (`assets\u002Fextensions\u002Fbewlycat\u002F`): BewlyCat\n for Bilibili. Demonstrates the MV3 runtime working with a real-world\n extension (loaded as ISOLATED + MAIN world scripts).\n- **3 module sources** (`ModuleSourceType`): plain JavaScript (`CUSTOM`),\n Greasemonkey\u002FTampermonkey userscripts (`USERSCRIPT`, `.user.js`), and Chrome\n MV3 extensions (`CHROME_EXTENSION`, `manifest.json`).\n- A `GM_*` API bridge for Tampermonkey scripts (`GM_setValue`,\n `GM_xmlhttpRequest`, `GM_addStyle`, menu commands, the Promise-based `GM.*`\n surface, etc.) with per-script grants.\n- An MV3 `chrome.declarativeNetRequest` engine (`ActionType`): block, allow,\n redirect, upgrade-scheme, and allow-all-requests are honoured;\n modify-headers rules are parsed but not yet applied. A broad `chrome.*`\n polyfill (runtime, storage, tabs, scripting, etc.) backs MV3 extensions.\n- Module sharing via export codes (`WTA1:` gzip+Base64) and QR codes (ZXing).\n- An **AI Coding** agent that can generate extension modules from a prompt via\n the `module-js` \u002F `module-style` \u002F `module-userscript` \u002F\n `module-chrome-mv3` skills.\n- The community **Module Market** described above.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Look & feel\u003C\u002Fb>\u003C\u002Fsummary>\n\n- A single calibrated monochrome theme (`AppThemes.KimiNoNawa`) with separate\n light and dark schemes; Material You dynamic colour is opt-in (off by\n default).\n- Custom splash screens — image or video, click-to-skip, video trim range,\n fixed orientation.\n- Background music playlists with LRC sync, 6 lyric animations (fade,\n slide-up, slide-left, scale, typewriter, karaoke), 3 positions (top \u002F\n center \u002F bottom), custom font\u002Fcolour\u002Fstroke\u002Fshadow theme. Online music\n search with 20 genre tags.\n- Status bar theming — colour, dark\u002Flight icons, height, and a separate\n dark-mode config.\n- Floating window mode with adjustable size, opacity, corner radius, edge\n snap, position lock, auto-hide title bar, and a \"start minimised\" option.\n- 10 announcement template styles (Minimal, Xiaohongshu, Gradient,\n Glassmorphism, Neon, Cute, Elegant, Festive, Dark, Nature) triggered on\n launch \u002F interval \u002F no-network.\n- 7 screen orientation modes; screen-on lock with brightness control.\n- 5 long-press menu styles (Simple, Full, iOS, Floating, Context).\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Per-app usage analytics\u003C\u002Fb>\u003C\u002Fsummary>\n\n- Stats screen with charts powered by Vico Compose.\n- Tracks open count, total time, last-open time, and last-session duration per\n packaged app.\n- App Health Monitor periodically `HEAD`s every app's URL and surfaces\n unreachable hosts (`HealthStatus`: UNKNOWN \u002F ONLINE \u002F SLOW \u002F OFFLINE).\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Server-side runtimes (on-device)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Node.js** — env vars, an npm dependency manager, and a sample project\n gallery (Express \u002F Fastify \u002F Koa). The runtime runs inside a dedicated\n `:nodejs` OS process and wraps a native `node_launcher` C++ executable that\n `dlopen`s `libnode.so` (so a crashing `server.js` can't take down the host).\n- **PHP** — PHP 8.4, downloaded once on first use from\n [`pmmp\u002FPHP-Binaries`](https:\u002F\u002Fgithub.com\u002Fpmmp\u002FPHP-Binaries) (arm64-v8a),\n with Composer support and a configurable document root.\n- **Python** — Flask, Django, FastAPI (via uvicorn), Tornado, or a built-in\n HTTP server, with pip dependency resolution into `.pypackages`.\n- **Go** — on-device `go build` (with `vendor\u002F` offline support) and static\n file serving, executed via the `go_exec_loader` C++ wrapper.\n- **WordPress** — runs against the on-device PHP runtime, backed by SQLite\n (WordPress 6.9.1 + the `sqlite-database-integration` plugin), with theme +\n plugin import.\n- **Linux environment** — a screen that installs toolchains on demand and\n manages builds\u002Fdependencies for the Node, PHP, and Python runtimes (Go and\n WordPress are managed by their own dependency managers).\n- **Port Manager** — cross-app port coordination via broadcast receivers\n (`PortQueryReceiver` \u002F `PortReleaseReceiver`), so multiple packaged apps\n don't fight for the same port. Each runtime gets its own port range.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>App-type specific features\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Gallery app** — categorised images and videos; grid \u002F list \u002F timeline\n views; sequential \u002F shuffle \u002F single-loop playback; sort by custom \u002F name \u002F\n date \u002F type; thumbnail bar, media info overlay, video auto-next, remember\n playback position.\n- **Multi-Web app** — sites in tabs \u002F cards \u002F feed \u002F drawer layouts;\n per-site icon, theme colour, CSS selectors for content extraction;\n configurable refresh interval.\n- **Website Scraper** — offline pack creator that crawls the entire\n frontend (HTML \u002F CSS \u002F JS \u002F images \u002F fonts), 6 concurrent downloads,\n recursive CSS `url()` \u002F `srcset` \u002F `@import` resolution, absolute-to-\n relative path rewriting, same-domain restriction, depth and size limits.\n- **App Modifier** — two flavours: a launcher-shortcut disguise, or a real\n binary clone that patches the AXML manifest, replaces icon resources via\n ARSC, and re-signs with `JarSigner` before installing through\n `FileProvider`.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Translation, notifications, deep linking, lifecycle\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Translation overlay** — 20 target languages and 5 engines (Google,\n MyMemory, LibreTranslate, Lingva, Auto); floating button toggle;\n auto-translate on load.\n- **Web Notification polyfill** plus a URL-polling foreground service with\n configurable interval (5 min minimum), JSON parsing, and GET \u002F POST with\n custom headers.\n- Custom URL schemes (deep links) with configurable host patterns.\n- Boot auto-start (`BOOT_COMPLETED`, `QUICKBOOT_POWERON`,\n `MY_PACKAGE_REPLACED`, time \u002F timezone change).\n- Scheduled launch at a specific time via `SCHEDULE_EXACT_ALARM`.\n- Background-run foreground service with custom notification, CPU wake\n lock, and a battery-optimisation bypass prompt.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Generated-APK security\u003C\u002Fb>\u003C\u002Fsummary>\n\nThe features below apply to the apps **WebToApp generates**. The host\nitself ships with a minimal permission set (see `AndroidManifest.xml`).\n\n- **Resource encryption** — `PBKDF2WithHmacSHA256` + AES-256-GCM (100 000\n PBKDF2 iterations) encrypts the packaged assets (config, HTML, media, BGM).\n With no custom password the key is derived from the package name and signing\n certificate — both public in the APK — so encryption then only deters casual\n extraction; set a **custom password** for protection that survives\n reverse-engineering of the host.\n- **Runtime protection** — bundled with resource encryption: when encryption\n is on, the generated app runs anti-debug, anti-Frida and DEX-tamper (CRC)\n checks at launch. A configurable **threat response** (`ThreatResponse`)\n decides what happens on a high-risk hit — `LOG_ONLY` (default, never affects\n normal users), `SILENT_EXIT`, or `CRASH_RANDOM`. This is lightweight\n protection that raises the bar for dynamic analysis; it cannot stop static\n reverse-engineering of the open-source host code.\n- **WebView \u002F content isolation** (`IsolationConfig`) — storage isolation,\n WebRTC blocking, Canvas \u002F Audio \u002F WebGL \u002F font protection, and\n fingerprint \u002F header \u002F IP spoofing for the packaged WebView.\n- **Browser and device fingerprint disguise** — see above.\n- **Ad blocker** — a hosts-rule engine plus a cosmetic MutationObserver\n filter, with 23 built-in community filter lists (EasyList, EasyPrivacy,\n uBlock, AdGuard family, StevenBlack, AdAway, Peter Lowe, 1Hosts Lite,\n Anti-AD, and several regional lists).\n- **Activation code gating** — per-launch or persistent; codes can be\n permanent, time-limited, usage-limited, device-bound, or combined\n (`ActivationCodeType`). Codes are verified locally by default, or against\n **your own HTTPS endpoint** (`RemoteActivationConfig`) so you can revoke and\n issue them without rebuilding — the server response is checked with an\n EC P-256 signature you control, with a configurable offline policy. Remote\n verification still runs on the client, so it raises the bar rather than\n preventing a determined bypass. See\n [`docs\u002Fremote-activation.md`](docs\u002Fremote-activation.md) for the server\n contract and a reference implementation.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>Forced run, BlackTech, multi-icon disguise\u003C\u002Fb>\u003C\u002Fsummary>\n\nThese exist for technical demonstration of Android's surface area. They\nmust be used with informed user consent.\n\n- **Forced run** — three modes (`FIXED_TIME`, `COUNTDOWN`, `DURATION`).\n Blocks system UI, back \u002F home \u002F recents, and notifications. Countdown\n survives process kills. Optional emergency-exit password and a\n pre-end warning.\n- **BlackTech** (`DeviceActionsConfig`, serialised as `blackTechConfig`):\n - Volume control (force max \u002F mute \u002F block volume keys)\n - Flashlight modes — strobe, SOS, Morse code (with custom text and unit\n duration), heartbeat, breathing, emergency, custom alarm pattern with\n vibration sync\n - System control (block power key, max performance, airplane mode)\n - Screen control (black screen, force rotation, block touch, force awake)\n - Network control (WiFi hotspot with SSID\u002Fpassword, disable WiFi \u002F\n Bluetooth \u002F mobile data)\n - Pre-baked profiles: `SILENT_MODE`, `ALARM_MODE`, `SOS_SIGNAL`,\n `NUCLEAR_MODE`, `STEALTH_MODE`\n- **Device disguise** — 6 device types (Phone \u002F Tablet \u002F Desktop \u002F Laptop \u002F\n Watch \u002F TV) × 10 OSes (Android, iOS, HarmonyOS, Windows, macOS, Linux,\n ChromeOS, watchOS, Wear OS, tvOS); 49 brand-specific device presets\n including iPhone 17 Pro Max, Galaxy S26 Ultra, Pixel 10 Pro XL,\n Mate 70 Pro+, OnePlus 15, MacBook Pro M5, Surface Pro 11, Apple Watch\n Ultra 3, etc.\n- **Icon Storm** (`IconStormMode`) — multi-launcher icon disguise. A packaged\n app can ship anywhere from a custom minimum up to `5000` launcher aliases.\n Modes: `Subtle Flood (25)`, `Icon Flood (100)`, `Icon Storm (500)`,\n `Extreme Storm (1000)`, `Research (5000)`, plus a custom count. Each\n alias adds roughly 520 bytes of manifest overhead — the screen estimates\n the impact for you.\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>APK export options\u003C\u002Fb>\u003C\u002Fsummary>\n\n- Custom package name, `versionName`, and `versionCode`.\n- Architecture targeting (`ApkArchitecture`): Universal, ARM64, ARM32.\n- Performance optimisations — image compression, WebP conversion, code\n minification, lazy loading, DNS prefetch, preload hints.\n- Granular runtime permissions injected per-APK at build time (camera, mic,\n location, storage, Bluetooth, NFC, SMS, contacts, calendar, sensors,\n foreground service, wake lock, install packages, system alert window).\n These are **not** declared in the host manifest.\n- Banner, interstitial, and splash ad configuration (the config\u002Fplumbing is\n present; no ad SDK is bundled, so serving is a stub).\n- Full app data backup and restore; project export\u002Fimport.\n- AAB export for Play-style distribution (the bundle's protobuf metadata is\n generated on-device).\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>APK signing & keystore management\u003C\u002Fb>\u003C\u002Fsummary>\n\nAll signing happens on-device through `JarSigner`, which drives\n`com.android.tools.build:apksig`. The signing identity is a global setting —\nwhatever you pick here is used for **every** newly built APK.\n\n- **Three signer identities** (`JarSigner.SignerType`): `PKCS12_CUSTOM` (a\n keystore you created or imported), `PKCS12_AUTO` (an auto-generated keystore\n on first run), and `ANDROID_KEYSTORE` (system-backed fallback). Custom takes\n priority on every launch.\n- **Create a keystore on-device** (`createCustomKeystore` \u002F\n `CertificateSpec`) — generate a fresh RSA key pair (2048 \u002F 4096) and a\n self-signed certificate with a full X.500 subject (CN \u002F O \u002F OU \u002F L \u002F ST \u002F C)\n and a configurable validity (default 30 years), no PC or `keytool` required.\n- **Import** PKCS12 \u002F PFX \u002F JKS \u002F BKS keystores (`importKeystore`), including\n the JKS \u002F Android-Studio \"upload key\" case where the key password differs\n from the store password. Non-PKCS12 formats are converted to PKCS12 and the\n real key alias is persisted in a sidecar so custom signing survives restarts.\n- **Export** the active key as a password-protected `.p12` for backup\n (`exportPkcs12`), and **remove** a custom keystore to fall back to the\n auto-generated one.\n- **View fingerprints** (`getCertificateFingerprints` →\n `CertificateFingerprints`) — MD5 \u002F SHA-1 \u002F SHA-256 of the certificate,\n tap-to-copy.\n- **Signature scheme selection** (`SigningSchemeOptions`) — toggle V1 (JAR),\n V2 (full APK), and V3 (key rotation) independently. An **auto-fallback**\n switch progressively drops the newest scheme (V3 → V2) and re-verifies when\n a legacy certificate algorithm is incompatible with a newer scheme; turn it\n off to sign strictly with exactly the schemes you selected.\n- **Custom V1 signature filename** — set the `\u003Cname>` in `META-INF\u002F\u003Cname>.SF`\n and `META-INF\u002F\u003Cname>.RSA`. Leave it blank to auto-derive the name from the\n signing key's certificate CN, with a live preview.\n\n\u003C\u002Fdetails>\n\n---\n\n## Tech stack\n\nThe pieces that distinguish this from a basic Compose app:\n\n- **Kotlin** + **Jetpack Compose** + **Material 3**\n- **Koin** for dependency injection\n- **Room 2.7.2** + **KSP** for persistence\n- **OkHttp 4.12.0** + `okhttp-dnsoverhttps` for networking\n- **`com.android.tools.build:apksig` 8.3.0** — the on-device signer\n- **`protobuf-javalite` 3.25.5** — encodes the metadata for on-device AAB\n export\n- **GeckoView** (Firefox engine, arm64-v8a) as an optional WebView\n replacement — the native runtime is downloaded on first use, not bundled\n- **Coil** (`compose` + `video` + `gif`) for images\n- **AndroidX Security Crypto** + **AndroidX DataStore** for stored secrets\n- **Vico** Compose-M3 for the Stats charts\n- **ZXing** for QR-code module sharing\n- **Apache Commons Compress** + **xz** for the website scraper and project\n imports\n- **Native C++ via JNI** — `node_launcher` and `go_exec_loader` are real\n CMake targets compiled per-ABI\n- **Robolectric** for the unit-test layer\n\nSee [`app\u002Fbuild.gradle.kts`](app\u002Fbuild.gradle.kts) for the full list.\n\n> **Why `targetSdk = 28`?** WebToApp must `fork`+`exec` native binaries\n> (PHP, Go, etc.) from app storage. Android 10+ blocks this for\n> `untrusted_app` under SELinux, so — like Termux — the app pins\n> `targetSdk = 28` and distributes via GitHub Releases rather than Google\n> Play. See the comment in `app\u002Fbuild.gradle.kts` for the full rationale.\n\n---\n\n## Build from source\n\n**Requirements:** Android Studio Hedgehog or newer, JDK 17. The Gradle\nwrapper pins Gradle 9.4.1, so you don't need a system Gradle install.\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fshiaho777\u002Fweb-to-app.git\ncd web-to-app\n.\u002Fgradlew assembleDebug\n```\n\nFor release builds, configure signing in `app\u002Fbuild.gradle.kts` (via\n`local.properties`). The server-side runtimes (PHP, Node.js, Python, Go, the\nGeckoView engine) are **not** bundled in the APK — they download on first use\nfrom inside the app, which keeps the host build small.\n\n---\n\n## Contributing\n\nThree lanes, in increasing scope:\n\n| Lane | What you do | Guide |\n| --- | --- | --- |\n| `modules\u002F` | Publish a community module to the in-app market | [`modules\u002FREADME.md`](modules\u002FREADME.md) |\n| Issues | Report a bug or request a feature | [GitHub Issues](https:\u002F\u002Fgithub.com\u002Fshiaho777\u002Fweb-to-app\u002Fissues) |\n| Code | Fix a bug or build a feature in the Android client | [`CONTRIBUTING.md`](CONTRIBUTING.md) |\n\n## Contact\n\nDeveloped by **shiaho**.\n\n| Platform | Link |\n| --- | --- |\n| GitHub | [github.com\u002Fshiaho777\u002Fweb-to-app](https:\u002F\u002Fgithub.com\u002Fshiaho777\u002Fweb-to-app) |\n| Telegram | [t.me\u002Fwebtoapp777](https:\u002F\u002Ft.me\u002Fwebtoapp777) |\n| X (Twitter) | [@shiaho777](https:\u002F\u002Fx.com\u002Fshiaho777) |\n| Bilibili | [b23.tv\u002F8mGDo2N](https:\u002F\u002Fb23.tv\u002F8mGDo2N) |\n| QQ Group | 1041130206 |\n\n## License\n\n[The Unlicense](LICENSE). Advanced features (e.g. forced run, BlackTech,\nicon storm) are intended for technical demonstration and must only be used\nwith informed user consent.\n\n\u003Cdiv align=\"center\">\n\n**Open source · Free forever · Star to support**\n\n\u003C\u002Fdiv>\n","WebToApp 是一个将任意网站URL转换为独立Android应用的原生应用程序。其核心功能包括通过输入网址,选择所需组件,即可在设备上直接生成、签名并安装APK文件,无需依赖IDE或远程构建服务器。该应用支持多种类型的应用程序转换,如Web、HTML项目、前端框架(React\u002FVue)、WordPress以及Node.js、PHP等后端运行环境,并且内置了两种浏览器引擎(系统WebView和可选的GeckoView)以提供更好的兼容性和性能。此外,WebToApp还集成了模块市场,允许用户轻松添加社区贡献的JS\u002FCSS模块,以及对未修改的Chrome扩展的支持。这款工具非常适合需要快速将现有网页内容封装成移动应用的开发者和个人使用。",2,"2026-06-11 04:09:38","top_language"]