CyberBuddy is a gamified Android app that guides everyday users through personal cybersecurity using a Gemini A2A agent. Here's the full build story.
๐ ๐ฏ๐๐ถ๐น๐ ๐๐ต๐ถ๐ ๐ฏ๐ฒ๐ฐ๐ฎ๐๐๐ฒ ๐๐ผ๐บ๐ฒ๐ผ๐ป๐ฒ ๐ฎ๐๐ธ๐ฒ๐ฑ ๐บ๐ฒ ๐ฎ ๐พ๐๐ฒ๐๐๐ถ๐ผ๐ป ๐ ๐ฐ๐ผ๐๐น๐ฑ๐ป'๐ ๐ฎ๐ป๐๐๐ฒ๐ฟ ๐ถ๐ป ๐ฎ ๐ช๐ต๐ฎ๐๐๐๐ฝ๐ฝ ๐บ๐ฒ๐๐๐ฎ๐ด๐ฒ.
"How do I know if I am safe online?"
She was a student I mentor through Linfy Academy in Strand, Cape Town. Smart. Motivated. Using the same password for her email, her banking app, and her school portal.
There was no simple answer. So I built one.
CyberBuddy is an Android app that acts as a personal cybersecurity coach.
It guides users through building their own ๐ฃ๐ฒ๐ฟ๐๐ผ๐ป๐ฎ๐น ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ ๐ฃ๐น๐ฎ๐ป (PSP) - covering password health, device security, and two-factor authentication. It tracks daily security habits through streaks and badges. And it monitors whether your email has appeared in known data breaches.
The AI coaching layer is powered by ๐๐ฒ๐บ๐ถ๐ป๐ถ via an ๐๐ฎ๐ (๐๐ด๐ฒ๐ป๐-๐๐ผ-๐๐ด๐ฒ๐ป๐) ๐ฎ๐ฟ๐ฐ๐ต๐ถ๐๐ฒ๐ฐ๐๐๐ฟ๐ฒ. More on that below.
Most cybersecurity tools are built for enterprises with IT departments and budgets.
CyberBuddy is built for three people:
These are the people who get phished. These are the people whose credentials appear in breach databases. These are the people nobody is building for.
Language: Kotlin
UI: Jetpack Compose (Material3)
Architecture: Clean Architecture + MVVM
Database: Room (offline-first)
DI: Hilt
AI Layer: Gemini API via A2A Protocol
Testing: JUnit5 + Kotest (property-based)
Dev Tools: Gemini in Android Studio + Claude Code (JetBrains)
The architecture was designed to be offline-first from day one. Room handles all local state. Gemini enhances the experience - it does not gate it.
Instead of calling the Gemini API directly from every screen, I built a ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐๐ข๐ฟ๐ฐ๐ต๐ฒ๐๐๐ฟ๐ฎ๐๐ผ๐ฟ class that acts as the host agent.
It delegates structured tasks to a Gemini-powered coaching agent using Google's A2A protocol.
data class SecurityAgentTask(
val taskType: String, // "psp_guidance" | "breach_explain" | "daily_tip"
val userRole: String, // "student" | "professional" | "educator"
val context: Map<String, Any>
)
The benefit: the AI backend is completely decoupled from the Android layer. I can upgrade the Gemini model, swap the agent, or change the coaching logic without touching a single Compose screen.
That is the architectural decision I am most proud of.
๐ญ. ๐ ๐ฝ๐ฟ๐ผ๐ฝ๐ฒ๐ฟ๐๐-๐ฏ๐ฎ๐๐ฒ๐ฑ ๐๐ฒ๐๐ ๐๐ต๐ฎ๐ ๐๐ฎ๐๐ด๐ต๐ ๐บ๐ฒ ๐บ๐ผ๐ฟ๐ฒ ๐๐ต๐ฎ๐ป ๐ฎ๐ป๐ ๐น๐ถ๐ป๐๐ฒ๐ฟ.
I was using Arb.string(minSize = 1, maxSize = 100)
to generate random test inputs for the source
field in breach results. The test asserted breach.source.isNotBlank()
. It kept failing.
Turns out Kotest's string generator happily produces strings made entirely of whitespace. A string of spaces has a length of 1. It is not blank. Except it is.
One line fixed it:
val arbNonEmptyString = Arb.string(minSize = 1, maxSize = 100).filter { it.isNotBlank() }
74 tests passed before that fix. 75 after.
๐ฎ. ๐๐ ๐ณ๐ฒ๐ฎ๐๐๐ฟ๐ฒ๐ ๐๐ฎ๐ป๐ ๐ฐ๐ผ๐ป๐ป๐ฒ๐ฐ๐๐ถ๐๐ถ๐๐. ๐ฌ๐ผ๐๐ฟ ๐๐๐ฒ๐ฟ๐ ๐ฑ๐ผ๐ป'๐ ๐ฎ๐น๐๐ฎ๐๐ ๐ต๐ฎ๐๐ฒ ๐ถ๐.
Designing for offline-first while shipping AI features is a real tension. My solution: Room is the source of truth. Gemini is the upgrade. If the agent call fails, the app still works.
I used two AI tools at different stages:
๐๐ฒ๐บ๐ถ๐ป๐ถ ๐ถ๐ป ๐๐ป๐ฑ๐ฟ๐ผ๐ถ๐ฑ ๐ฆ๐๐๐ฑ๐ถ๐ผ for scaffolding. Boilerplate, A2A setup, Compose screens. Gemini knows the Android ecosystem deeply and moves fast.
๐๐น๐ฎ๐๐ฑ๐ฒ ๐๐ผ๐ฑ๐ฒ (๐๐ฒ๐๐๐ฟ๐ฎ๐ถ๐ป๐ ๐ฝ๐น๐๐ด๐ถ๐ป) for polish. Edge cases, accessibility, ProGuard rules, test coverage gaps. Claude reads the full codebase and reasons about architecture, not just the current file.
Neither tool replaced thinking. Both tools compressed the time between thinking and shipping.
Before either tool touched the codebase, I wrote three spec files: mission.md
, techstack.md
, and roadmap.md
. That is what kept the agents grounded.
CyberBuddy is being presented at ๐ฃ๐ฒ๐ ๐ฃ๐ฟ๐ผ๐ท๐ฒ๐ฐ๐๐: ๐ง๐ต๐ฒ ๐ฎ๐ฌ๐ฎ๐ฒ ๐๐ฑ๐ถ๐๐ถ๐ผ๐ป - GDG Cape Town's mid-year showcase on 30 June 2026.
After that: Play Store release, closed beta with users from Strand and the IUS Africa youth network, and Supabase MCP integration for cross-device PSP sync.
๐๐ณ ๐๐ผ๐ ๐ฎ๐ฟ๐ฒ ๐ฏ๐๐ถ๐น๐ฑ๐ถ๐ป๐ด ๐๐ผ๐บ๐ฒ๐๐ต๐ถ๐ป๐ด ๐ณ๐ผ๐ฟ ๐ฝ๐ฒ๐ผ๐ฝ๐น๐ฒ ๐๐ต๐ผ ๐ป๐ฒ๐ฒ๐ฑ ๐ถ๐, ๐๐ฒ๐ฒ๐ฝ ๐ฏ๐๐ถ๐น๐ฑ๐ถ๐ป๐ด.
El Roi sees the work.
๐๐ถ๐ป๐ณ๐ผ๐ฟ๐ฑ ๐ ๐๐๐ถ๐๐ฎ๐บ๐ฏ๐ผ๐ฑ๐๐ฎ
Founder, Linfy Tech Solutions | Strand, Cape Town