Breaking the Sandbox

Web-to-Native Bridge & Security

Engineering Hazard: Orion is built with Web technologies. Standard web apps cannot install APKs or revoke permissions. We cheated.

1. The Worker Core (Thread Offloading)

The Bottleneck: Modern web applications are single-threaded by default. Parsing strict JSON schemas for 10,000 apps and verifying cryptographic signatures on the main UI thread would be disastrous. It would cause "jank"—visible stutters—and make the app feel like a laggy webpage rather than a native tool.

The Solution: Orion spawns a dedicated Web Worker context at launch. This acts as a secondary thread that lives in parallel to the UI. We offload all heavy computation—hashing, parsing, and searching—to this worker.

This architecture allows the UI to render animations at a locked 120Hz while the "Brain" crunchs megabytes of data in the background. The user perceives zero latency, even during heavy workloads.

2. Shizuku Integration (The System Guardian)

Orion implements a specialized Bridge to Shizuku, an advanced Android tool that allows normal user-installed apps to access system-level APIs via the adb process.

Typically, only "Rooted" devices can perform actions like silent installation. Shizuku allows us to bypass this requirement by proxying commands through the Android Debug Bridge. This gives Orion "Superuser-lite" powers without compromising the device's security model:

Silent Install: We can stream the APK byte-data directly to the Package Installer session, bypassing the "Confirm?" prompt for seamless updates.
Permission Revoke: Orion can audit installed apps and forcefully revoke sensitive permissions (like Location or Camera) if an app is abusing them.
System App Debloater: We can pm disable-user carrier bloatware, effectively hiding it from the system without needing write-access to the /system partition.

Security Model: Orion requests access to specific adb shell commands. Unlike Root, which grants absolute power, Shizuku relies on the Android permissions system. If you restart your device, Shizuku access is revoked until you re-authorize it, ensuring no permanent backdoor exists.

3. Orion Sentinel (Distributed Intelligence)

Traditional antiviruses work by sending your file list to a cloud server for scanning. We consider this a privacy breach. Orion Sentinel is a "Local-First" threat scanner.

Instead of sending your data to us, we send the threat database to you. Orion downloads a highly compressed "Bloom Filter" of known malicious hashes and tracker signatures. The app then scans your installed packages entirely On-Device.

Orion can inform you if an installed calculator app contains 50 hidden ad-trackers or a known malware signature, without Orion's servers ever knowing you installed it. Privacy is not a setting; it's the architecture.