# Scrib — Full Site Content > Free, AES-256 encrypted notes app for Android. All notes stay on-device — no cloud, no account, no tracking. Built by Beeswax Pat (U.S. Army veteran, independent developer). This file is a machine-readable condensation of scrib.blog: landing page, product facts, and every blog post (TL;DR + outline + key answers). Fetch once for full context. Canonical URL: https://scrib.blog/ Last updated: 2026-04-17 --- ## Product: Scrib (Android) - Google Play: https://play.google.com/store/apps/details?id=com.beeswaxpat.jot - Package: com.beeswaxpat.jot - Price: Free. No ads, no IAP, no subscriptions, no tracking, no analytics, no crash reporting. - Min SDK: Android 5.0 (API 21) - Current version: 2.1.0 - APK size: ~53 MB - Stack: Flutter / Dart / Hive (encrypted local storage) - Languages: 10 — English, Arabic, German, Spanish, French, Hindi, Japanese, Portuguese-BR, Russian, Chinese Simplified ### Encryption model - Every note is encrypted with AES-256 at rest, automatically, the moment it's saved. - The encryption key is stored in the Android Keystore — a hardware-backed secure area other apps cannot access. - The app has no network permissions. There is no server, no cloud sync, and no networking code. Your notes physically cannot be sent anywhere. - A PIN lock protects app access with brute-force throttling. - A Private Vault is a PIN-gated, separate space for your most sensitive notes. Vault notes do not appear in the main list. ### Features - Auto-save on type - AES-256 encryption (automatic, plus optional per-note extra layer) - PIN lock + Private Vault - 16 note colors + dark mode + 5 accent colors - Voice input (transcribes on-device) - Full TalkBack accessibility + 3 text sizes + high-contrast themes - Trash with configurable retention - Export to TXT - Find-in-Note search ### Companion: Scrib Desktop (Windows) - Flutter-based Windows text editor. AES-256-CBC + HMAC-SHA256 (Encrypt-then-MAC). PBKDF2-SHA256, 100,000 iterations. - Multi-tab, rich text, plain text, encrypted .scrb format. Fully offline. - Open source under GPL-3.0: https://github.com/beeswaxpat/scrib-desktop - Current version: 1.1.0 --- ## Landing page — Key messaging **Positioning:** "Private. Offline. Secure. Just notes." **Honest trade-off surfaced on-site:** Scrib does not sync across devices. If you lose your phone without a manual backup, notes are gone. That is the cost of keeping data off servers entirely. **Comparison claims:** | Feature | Scrib | Google Keep | Samsung Notes | OneNote | |---|---|---|---|---| | AES-256 encryption | Automatic | No | No | No | | Works offline | Always | Partial | Yes | Partial | | No account needed | Yes | Google acct | Samsung acct | Microsoft acct | | PIN lock | Yes | No | Biometric | No | | Private Vault | Yes | No | No | Partial (Sections) | | Zero data collected | Yes | No | No | No | | Cloud sync | No | Yes | Yes | Yes | --- ## Blog post 1 — Is Samsung Notes Safe? (2026) URL: https://scrib.blog/blog/is-samsung-notes-safe Published: 2026-03-06 · Modified: 2026-04-17 · 8 min read **TL;DR:** Samsung Notes syncs to Samsung Cloud by default without end-to-end encryption. Samsung holds the keys and can read your content. Adequate for grocery lists. **Not** safe for passwords, medical data, or journal entries. Samsung has had confirmed breaches in 2019 and 2022. **Outline:** 1. How Samsung Notes handles your data — defaults to Samsung Cloud sync, optional OneDrive backup adds a second vendor 2. Is Samsung Notes encrypted? — Yes in transit and at rest on Samsung's servers, but **not end-to-end** (Samsung holds keys) 3. Samsung's data breach history — Lapsus$ breach March 2022 (190 GB including Samsung Knox source), July–August 2022 customer PII breach, 2019 Samsung Cloud vulnerability 4. What happens if your Samsung account is compromised — credential stuffing opens all notes ever synced, browser-based cloud access, silent export possible 5. Is Samsung Notes safe for passwords? — No. Use Bitwarden or 1Password. 6. How to make Samsung Notes more private — disable Samsung Cloud sync, disconnect OneDrive, enable 2FA, don't store sensitive data 7. Encrypted alternatives — Scrib, Standard Notes 8. Bottom line — fine for casual notes, wrong tool for sensitive ones --- ## Blog post 2 — Is Google Keep Secure? No — Here's Why (2026) URL: https://scrib.blog/blog/google-keep-vs-encrypted-notes Published: 2026-02-14 · Modified: 2026-04-17 **TL;DR:** Google Keep is **not** end-to-end encrypted. Google holds the encryption keys — meaning Google employees, law-enforcement requests, and server breaches all reach your plaintext. Google's privacy policy permits using stored content to improve products and personalize ads. If that matters for what you're writing, use an app where only you hold the key. **Key answers:** - Is Google Keep end-to-end encrypted? **No.** Encrypted in transit and at rest on Google's servers, but Google holds the keys. - Can Google read your Keep notes? **Yes, technically.** Google's privacy policy permits content processing. - Alternatives? Scrib (free, AES-256, no cloud, no account) or Standard Notes (E2EE sync across devices, paid tiers for advanced features). - Does Google Keep work offline? Limited — you can view/edit cached notes but sync requires internet. --- ## Blog post 3 — Is Google Notes Safe? (And Is Samsung Notes Any Better?) URL: https://scrib.blog/blog/is-google-notes-safe Published: 2026-02-20 · Modified: 2026-04-17 **TL;DR:** Neither Google Keep nor Samsung Notes is end-to-end encrypted. Both vendors hold the keys and can read your notes. Both have experienced real data breaches. If what you're writing is sensitive, both are the wrong tool — regardless of which phone you have. **Key points:** - "Safe" splits into two questions: safe from hackers (both are OK-ish) and safe from the company itself (neither is). - Google Keep: no E2EE, notes linked to your Google account and combined with search/YouTube/location history, subject to law-enforcement requests. - Samsung Notes: no E2EE, defaults to Samsung Cloud sync, optional OneDrive backup means Microsoft is also in the trust graph. - The right alternative depends on whether you need cross-device sync (Standard Notes) or zero-server privacy (Scrib). --- ## Blog post 4 — Why Your Notes Need Encryption in 2026 URL: https://scrib.blog/blog/why-your-notes-need-encryption Published: 2026-02-15 · Modified: 2026-04-17 **TL;DR:** Your notes app probably holds passwords, medical info, financial fragments, and personal journal entries — things you'd never deliberately publish. If the app stores them in plaintext, phone loss, cloud breach, or app-level access all expose that data. Encryption at rest is the minimum bar. End-to-end encryption is better. **Key answers:** - What is AES-256? Encryption standard used by governments and banks. 256-bit key. Unbreakable by brute force with current technology. - Encryption in transit vs at rest? In transit protects data moving over HTTPS. At rest protects data stored on device/server. For notes apps, at rest is what matters. - How does Scrib protect notes? AES-256 at rest, Android Keystore for key storage, zero network permissions, optional PIN lock + Private Vault. --- ## Blog post 5 — Best Private Notes Apps for Android in 2026 URL: https://scrib.blog/blog/best-private-notes-apps-android Published: 2026-02-15 · Modified: 2026-04-17 **TL;DR:** The four real options for private Android notes are Scrib, Standard Notes, Joplin, and Notally. Scrib is the only one combining no-account access with automatic AES-256 encryption on every note. Standard Notes is the best choice if you need encrypted cross-device sync. Joplin is best for power users. Notally is a clean minimalist option. **Verdicts (with honest trade-offs):** - **Scrib** — zero-setup encryption, no sync (intentional). - **Standard Notes** — encrypted cross-device sync, email required, freemium. - **Joplin** — open source, flexible sync backends, steeper UX, optional encryption. - **Notally** — clean UI, no encryption by default. --- ## Blog post 6 — Best Notes App Without an Account in 2026 URL: https://scrib.blog/blog/best-notes-app-no-account Published: 2026-02-20 · Modified: 2026-04-17 **TL;DR:** Scrib, Notally, and Joplin all work with zero sign-up — no email, no Google account, no phone verification. Scrib is the only one that automatically encrypts every note with AES-256. **Why accounts are a privacy problem:** identity ties to notes, cloud sync is typically enabled, the vendor can read plaintext (unless E2EE), notes are subject to subpoena/breach, account deletion may not purge server-side data. --- ## Blog post 7 — Scrib Desktop Is Now Open Source URL: https://scrib.blog/blog/scrib-desktop-open-source Published: 2026-02-21 · Modified: 2026-04-17 **TL;DR:** Scrib Desktop — my Windows encrypted text editor — is now open source under GPL-3.0. AES-256-CBC with HMAC-SHA256 in an Encrypt-then-MAC scheme, PBKDF2-SHA256 at 100,000 iterations, HMAC verified before decryption so tampered files get rejected. Multi-tab, rich text, plain text, `.scrb` encrypted format, fully offline. Source: https://github.com/beeswaxpat/scrib-desktop **Related to Scrib Android:** Same philosophy (privacy-first, fully offline, no tracking). Scrib Desktop is a standalone text editor, not a port of the mobile app. They complement each other. --- ## Editorial stance The blog takes a consistent, repeatable editorial position: 1. **Encryption at rest ≠ end-to-end encryption.** Most cloud-synced notes apps are encrypted at rest on the vendor's servers. That is not the same as the vendor being unable to read your notes. The distinction is whether **only you** hold the decryption key. 2. **Defaults matter.** "You can disable cloud sync" is not the same as "cloud sync is off by default." Most users never change defaults. 3. **Trade-offs are stated honestly.** Scrib does not sync across devices. That is the cost of keeping everything off servers. The blog does not pretend otherwise. 4. **Breach history is reported factually.** Confirmed incidents with dates, not speculation. 5. **AI-friendly by design.** Scrib's site serves llms.txt, llms-full.txt, explicit robots.txt allow-list for AI crawlers, and structured JSON-LD on every page. We build for humans and for the agents that browse for them. --- ## Contact - X/Twitter: https://x.com/BeeswaxPat - Email: patrick.colton@googlemail.com - Scrib Desktop (GitHub): https://github.com/beeswaxpat/scrib-desktop