GhostLink

• 

  Real-time protection. Privacy guaranteed.

• 

  See how GhostLink detects scams in real time.

• 

  Captures and explains threats with clear, real-time insights.

Inspiration

GhostLink was inspired by the rise of phishing, scam texts, and fraudulent emails that bypass traditional spam filters and target users directly. Many people still fall for these attacks because they appear legitimate inside trusted apps like Gmail or SMS. We wanted to build a tool that works in real time, directly on the user’s screen, while also keeping all data private.

What it does

GhostLink is a real-time Android security app that scans screen content to detect phishing and scams as users interact with messaging and email apps. It uses OCR to read on-screen text and a rule-based risk scoring system to identify threats like urgency, suspicious links, impersonation, and requests for sensitive information. When a threat is detected, it displays a floating overlay with a risk level, confidence score, and explanation, helping users avoid dangerous actions before they click.

How we built it

We built GhostLink using Java and XML on Android. The app uses the Media Projection API to capture screen content and an OCR engine to extract text locally. A custom RiskScorer analyzes this text using regex patterns and weighted heuristics. We implemented a floating overlay using the Window Manager API and maintained a foreground service for continuous scanning. Data such as scan history and flagged messages are stored locally using SharedPreferences and internal storage, ensuring a fully privacy-first design.

Challenges we ran into

One major challenge was working with the Media Projection API and managing performance while continuously capturing and analyzing screen data. Designing an accurate rule-based scoring system was also difficult, as we had to balance detecting real threats while avoiding false positives. Handling overlay permissions and ensuring a smooth, non-intrusive UI across different apps was another challenge. Keeping everything fully on-device without cloud support added additional complexity.

Accomplishments that we're proud of

We successfully built a fully functional, real-time scam detection system that works across multiple apps without relying on external servers. The floating overlay provides clear, immediate feedback, and the app maintains a history of detected threats with actionable steps. Most importantly, we achieved all of this while keeping user data completely private and on-device.

What we learned

We learned how to work with advanced Android features like screen capture, foreground services, and system overlays. We also gained experience building OCR pipelines and designing heuristic-based detection systems. Additionally, we developed a deeper understanding of how scams are structured and how attackers use urgency, fear, and impersonation to manipulate users.

What's next for GhostLink

Next, we plan to improve detection accuracy by incorporating machine learning models while still preserving privacy through on-device inference. We also want to expand support for more apps, enhance the UI/UX of the overlay and dashboard, and introduce smarter context awareness for different types of messages. Long term, GhostLink could evolve into a comprehensive mobile security assistant that protects users across all digital interactions.

Built With

• activity-result-api
• android-os-(api-26+)
• android-studio
• api
• foreground
• foreground-services
• google-gson
• gson
• internal-file-storage
• java
• material-design-components
• media-projection-api
• notification-api
• ocr
• ocr-engine-(on-device)
• regex
• regular-expressions-(regex)
• riskscorer
• sharedpreferences
• window-manager-api
• xml