The company's own Android app for the six-digit codes that prove it's really you at sign-in — so your team never has to install Google's. Industry-standard codes that work with any service, secrets sealed in the phone's secure hardware, and not a single network permission.
A sign-in platform that ends with "now go install Google Authenticator" hands the final, most personal step of its security story to someone else's brand. Synergy Authenticator closes that loop: setting up, signing in, and the app generating the codes are all one product family.
The codes are the same industry-standard six-digit codes used across the internet — exactly what the SynergyAuth server checks — so there's no lock-in in either direction. The code math is verified against the standard's official published test cases, and the pairing is proven end to end: a code generated on the phone was accepted by the live server, same account, same moment.
It also works both ways — because the app speaks the universal otpauth:// standard every code-based service uses, it can hold codes for your bank, your email, anything that offers them — not just Synergy.
The threat model for an authenticator is simple: the secrets must never leave the device. This app enforces that at the operating-system level, not as a policy promise.
The app asks for zero network permissions — even the ones bundled software usually sneaks in were stripped out. The QR scanner works fully offline. There is simply no way for the app to send a secret anywhere.
Secrets rest encrypted, sealed by a master key that lives in the phone's dedicated security hardware — not in app storage where other software could reach for it.
Secrets are explicitly excluded from cloud backup and phone-to-phone transfer. Your sign-in codes don't ride along to whatever device signs in next.
Even links are handled with care: after a one-tap otpauth:// setup, the link is wiped so the secret isn't left sitting in history — the same discipline the SynergyAuth setup page applies on its side.
This is a real native app, not a website in a wrapper: the dark Synergy look, a live countdown ring around every code, and tap-to-copy. It supports the strict, standard, and legacy variants of the code format, so it works with older services as smoothly as new ones.
It ships alongside a browser-based companion — an installable authenticator that runs entirely on your own device, even offline — so people on any phone or computer have a first-party option while the iPhone version and app-store listing are on the roadmap.
KotlinJetpack ComposeCameraX + ML Kit (offline)Android KeystoreEncryptedSharedPreferencesRFC 6238 TOTP