WiFi Watchglass

WiFi Watchglass is a specialized network security auditor for Android designed to detect local wireless threats and infrastructure anomalies that standard security software often overlooks. It provides technical transparency by monitoring the local link for manipulations such as rogue routing, DNS hijacking, and access point impersonation.

Core Capabilities

• Environmental Baselines: Uses RSSI (signal-strength) distributions and spatial tracking to detect "Portable Evil Twins" and rogue access points.

• DNS Verification: Audits the system resolver using parallel DNS-over-HTTPS (DoH) probes and TLS identity verification to detect selective redirection and "Silent Downgrade" attacks.

• Routing Analysis: Employs ICMP TTL signature analysis and gateway stability tracking to identify transparent bridges and MITM interceptors.

• Hardware Attribution: Maps MAC prefixes (OUI) to a local database to flag hardware-infrastructure mismatches.

Technical Architecture

Developed as a local-first application, WiFi Watchglass is built with a zero-telemetry architecture. All network profiles and forensic logs are stored exclusively on-device in a SQLCipher database, secured with AES-256 encryption using hardware-backed keys. The application requires no cloud accounts and restricts external connectivity to user-selected security probes.

WiFi Watchglass is currently a Matterdyne Labs project focusing on localized network forensics and behavioral hardware fingerprinting.