GPL-3.0
What Aegis actually does
Aegis is a two-factor authenticator that keeps your codes in an encrypted vault on your own phone. The feature that matters most is the unglamorous one: you can export your tokens. Google Authenticator spent the better part of a decade refusing to do that, and people lost access to accounts permanently because of it.
At 6.3 MB it is the smallest app in this catalogue, and it works entirely offline. There is no account to create, no sync server, and nothing phoning home. It imports from Google Authenticator, Authy, andOTP and a dozen others, so moving in is a five-minute job.
The trade-off is that backups are your responsibility. There is no cloud safety net. Export the vault, put it somewhere you will still have access to if this phone falls in a river, and do it before you need it rather than after.
Why this app is on Apkoras
Aegis is licensed under the GPL-3.0, which explicitly permits redistribution. That licence is the written permission that lets us host the file at all.
The file we serve is the original binary from the project’s own release, with the developers’ signature untouched. We do not repackage, re-sign or modify it. The SHA-256 in the panel is the hash of that exact file, and the source is one click away if you would rather read it than trust us.
Version history
Older builds stay available. If a new release breaks something for you, roll back.
| Version | Released | Size | Source |
|---|---|---|---|
| 3.4.2 | 24 Feb 2026 | 6.3 MB | Release |
| 3.4.1 | 3 Aug 2025 | – | Release |
| 3.4 | 4 Jun 2025 | – | Release |
| 3.3.4 | 12 Jan 2025 | – | Release |
Common questions
Can I export my tokens out of Aegis?
Yes, and this is the main reason to use it. You can export the whole vault to an encrypted or plain file and import it anywhere. Nothing is locked in.
Does Aegis need an internet connection?
No. Two-factor codes are generated from a shared secret and the clock, so the app never needs the network to do its job.
Can I import from Google Authenticator?
Yes. Aegis reads exports from Google Authenticator, Authy, andOTP, FreeOTP and several others.
What happens if I lose my phone?
Whatever your backup says. Aegis has no cloud, so if you never exported the vault, those tokens are gone. Export it now and store it somewhere safe.
How do I check my download is genuine?
On Windows run certutil -hashfile aegis-v3.4.2.apk SHA256 in Command Prompt. On Linux or macOS use sha256sum. Compare the result to the SHA-256 on this page; they must match exactly.
