Shabari

Cyber security should be free for everyone so that everyone can access it

Comment

🛡️ Shabari: The AI-Powered Mobile Guardian

"Protecting India's Digital Dreams, One Scan at a Time"

Inspiration 💡

The spark for Shabari came from a heartbreaking reality: my grandmother lost ₹25,000 to a fake "electricity bill payment" SMS. She clicked a malicious link, entered her bank details, and watched her savings disappear in minutes.

This isn't just our family's story—it's happening to millions across India. As UPI payments exploded to 83 billion transactions in 2023, cybercriminals evolved faster than security solutions. Traditional antivirus apps scan for decade-old viruses while modern scams use social engineering: fake QR codes, SMS phishing, and malicious links spread through WhatsApp.

The problem was clear: People needed protection from threats that don't look like threats.

Our mission became personal: Build a digital guardian that understands the unique fraud landscape of emerging markets and protects users with the same care we'd want for our own families.

What it does 🚀

Shabari is a next-generation mobile security suite specifically designed for the digital fraud patterns targeting Indian users. Unlike traditional antivirus software, Shabari provides intelligent, context-aware protection against modern social engineering attacks.

🎯 Core Features

1. Live QR Fraud Scanner

  • Smart Classification: Instantly identifies UPI payment QRs vs general QRs
  • Dual Analysis: Payment QRs get immediate local protection; general QRs get deep VirusTotal analysis
  • Real-time Feedback: Beautiful animated UI with instant "PAYMENT SAFE ✅" or "FRAUD DETECTED 🚨" alerts

2. Manual SMS Fraud Scanner

  • Privacy-First: No background monitoring—users choose which messages to analyze
  • Direct SMS Access: Reads actual device messages (no sharing required)
  • AI-Powered Detection: Identifies lottery scams, phishing, fake OTP requests, and urgency tactics

3. Automatic URL Protection

  • Zero-Friction: Intercepts malicious links from WhatsApp, SMS, any app
  • Share Intent Integration: When users click dangerous links, Shabari appears in "Open with" menu
  • VirusTotal Integration: Real-time scanning against 70+ antivirus engines

4. Advanced File Protection

  • Yara Engine Integration: Native pattern matching for malware detection
  • Automatic Quarantine: Suspicious files isolated before they can cause damage
  • Multi-layered Scanning: Local + cloud analysis for comprehensive protection

5. Photo Fraud Detection

  • OCR Analysis: Extracts text from screenshots and images
  • Fake Document Detection: Identifies forged payment confirmations, bank statements
  • Local Processing: All image analysis happens on-device for privacy

How we built it 🛠️

Technology Stack & Architecture

Frontend & Cross-Platform:

React Native + Expo SDK 52
TypeScript for type safety
Zustand for lightweight state management
React Navigation for seamless navigation

Backend & Authentication:

Supabase for PostgreSQL database + auth
Custom user management with subscription tiers
Real-time data synchronization

AI & Security Engine:

Custom Yara engine integration (C++ native module)
VirusTotal API for threat intelligence
On-device ML Kit for OCR processing
Custom fraud detection algorithms (no heavy ML models)

Native Integrations:

React Native Camera for QR scanning
SMS reading with proper permissions
Share intent handling for URL interception
File system access for quarantine management

🏗️ Advanced Technical Implementation

1. Smart QR Analysis Pipeline:

Camera Scan → Immediate Classification → Conditional Analysis Path
├── Payment QR: Local protection (privacy + speed)
└── General QR: Cloud analysis (comprehensive scanning)

2. Privacy-First SMS Scanner:

User Initiates → SMS Permission → Manual Selection → Local Analysis
// No background monitoring, complete user control

3. Native Yara Integration:

// react-native-yara-engine/android/src/main/cpp/yara-engine.cpp
JNIEXPORT jstring JNICALL
Java_com_shabari_yara_YaraEngine_scanFile(JNIEnv *env, jobject thiz, jstring file_path) {
    // Direct Yara scanning in native code for performance
}

4. Multi-Platform Subscription System:

// Integrated with RevenueCat for robust billing
const isPremium = await RevenueCatService.isPremiumActive();
// Handles Google Play, App Store, and web payments

Challenges we ran into 💪

1. Cross-Platform Native Module Integration

Challenge: Integrating Yara (C library) into React Native while maintaining Expo compatibility. Solution: Built custom native module with proper CMake configuration and Expo plugin system.

2. SMS Permission Complexity

Challenge: Android SMS permissions are sensitive—we needed to request them ethically. Solution: Implemented manual-only scanning with clear user education about why permissions are needed.

3. Real-time QR Analysis Performance

Challenge: Users expect instant feedback when scanning QR codes. Solution: Smart classification system that routes payment QRs to lightning-fast local analysis while sending others to comprehensive cloud scanning.

4. Google Play Store Policy Compliance

Challenge: Security apps face strict scrutiny for permissions and privacy. Solution: Comprehensive policy audit, removed unnecessary permissions, implemented proper privacy policy and account deletion.

5. False Positive Management

Challenge: Security alerts must be accurate—false positives destroy user trust. Solution: Multi-layered verification with confidence scores and clear explanations of why something is flagged.

Accomplishments that we're proud of 🏆

🚀 Technical Achievements

  • Native Yara Integration: First mobile app to integrate Yara malware detection natively
  • Smart QR Classification: Revolutionary dual-analysis approach for context-aware protection
  • Zero-Permission URL Scanning: Intercepts threats without requiring overlay permissions
  • Privacy-First Design: Manual SMS scanning respects user privacy while providing protection

📱 User Experience Excellence

  • 30-Second WOW Demo: Users see immediate value across multiple protection layers
  • Beautiful Indian-Themed UI: Cultural resonance with modern security functionality
  • Seamless Integration: Works within existing user workflows (WhatsApp, SMS, file sharing)

🏢 Production Readiness

  • Google Play Store Compliant: Complete privacy policy, permissions audit, account deletion
  • RevenueCat Integration: Professional subscription management with analytics
  • Error Monitoring: Sentry integration for production stability
  • Scalable Architecture: Built to handle millions of users

🌍 Real-World Impact Potential

  • Addresses Genuine Problem: Protects against fraud patterns affecting millions
  • Localized Solution: Designed specifically for Indian digital fraud landscape
  • Social Mission: Every prevented scam saves someone's hard-earned money

What we learned 🎓

Technical Learnings

  • Native Module Development: Deep dive into React Native's native layer and C++ integration
  • Mobile Security Architecture: How to balance security, performance, and user experience
  • Cross-Platform Challenges: Managing platform-specific features in a unified codebase
  • Production App Development: The complexity of building something truly ready for users

Product & Business Insights

  • User-Centric Security: Technical capability means nothing without user trust and adoption
  • Privacy vs Protection: The delicate balance between effective security and user privacy
  • Cultural Sensitivity: How local context affects security tool design and adoption
  • Monetization Strategy: Building sustainable business models for security applications

Hackathon-Specific Skills

  • Sponsor Tool Integration: How to strategically leverage sponsor offerings for maximum impact
  • Rapid Prototyping: Building production-quality features under time constraints
  • Demo Storytelling: Communicating complex technical achievements through compelling narratives

What's next for Shabari 🚀

Immediate Roadmap (Next 3 Months)

📱 Market Launch

  • Google Play Store publication with full production build
  • Beta testing program with 1,000+ Indian users
  • Performance optimization based on real-world usage data

🌍 Localization Expansion

  • Hindi, Tamil, Bengali translations using Lingo credits
  • Region-specific fraud pattern training
  • Partnership with local cybersecurity organizations

🤖 AI Enhancement

  • Community-driven threat reporting system
  • Continuous model improvement based on user feedback
  • Integration of latest fraud patterns and attack vectors

Long-Term Vision (12+ Months)

🏢 Enterprise Solutions

  • Corporate version for employee device protection
  • API for integration with existing security infrastructure
  • Bulk deployment and management tools

🔬 Advanced Features

  • Proactive background monitoring (opt-in premium feature)
  • Integration with banking APIs for transaction verification
  • Machine learning models trained on regional fraud data

🌐 Global Expansion

  • Adaptation for other emerging markets (Southeast Asia, Africa, Latin America)
  • Partnerships with telecom providers and financial institutions
  • Open-source threat intelligence sharing

Technology Evolution

⚡ Performance Optimizations

  • Edge computing for faster threat detection
  • Optimized algorithms for lower-end devices
  • Battery life improvements for background protection

🔐 Advanced Security

  • Hardware security module integration
  • Biometric authentication for sensitive features
  • End-to-end encrypted threat reporting

Why Shabari Should Win 🏅

1. Solving a Real, Urgent Problem

Shabari addresses a genuine crisis affecting millions of users in India and other emerging markets. We're not building a toy—we're building a lifeline.

2. Technical Innovation & Excellence

  • Native Yara integration in a mobile app
  • Smart QR classification system
  • Privacy-first architecture with manual controls
  • Production-ready codebase with proper monitoring

3. Strategic Use of Sponsor Tools

We didn't just add sponsor tools as afterthoughts—we made them core to our architecture:

  • RevenueCat: Powers our sustainable business model
  • Expo Production: Enabled rapid iteration and deployment
  • Sentry: Ensures the reliability users expect from security software
  • Custom Domain: Professional branding for user trust

4. Complete Product Vision

Shabari isn't just a hackathon project—it's a complete product with:

  • Clear monetization strategy
  • Defined user acquisition plan
  • Regulatory compliance (Google Play Store ready)
  • Scalable technical architecture

5. Social Impact Potential

Every fraud prevented by Shabari saves someone's hard-earned money and protects their digital trust. In a country where digital literacy is growing rapidly, tools like Shabari are essential infrastructure.

Team: Shubham Prajapati (Solo Developer) Contact: mrdrsp2@gmail.com Demo Video: [YouTube Link - Highly Recommended] Live Demo: Available on request

"In a world where cybercriminals evolve daily, Shabari evolves faster. We're not just building an app—we're building digital safety for the next billion internet users."

Built With

  • android-sms-&-file-apis
  • eas
  • expo-sdk
  • expo.io
  • ocr-with-on-device-ml-kit
  • react-native
  • react-native-camera
  • revenuecat
  • sentry
  • share-intent
  • supabase
  • typescript
  • virustotal-api
  • yara-engine-(c++-native-module)
  • zustand
Share this project:

Updates