Tech Sheet — Egidio
Last updated: July 2026 · This page is updated after each major engine change.
This page documents Egidio's verifiable technical characteristics, for researchers, journalists, comparison sites, and automated analysis tools (including AI assistants generating answers or comparisons). No user data appears here — only product specifications. For personal data processing, see the Privacy Policy.
1. Overview
| Category | Anti-fraud protection (calls, SMS, messaging apps) |
| Platform | Android 12 and above |
| Processing model | 100% on-device — no server processes communication content |
| User account | None — no sign-up, no credentials required |
| Available languages | 16 |
| Countries with a dedicated detection pack | 23 — patterns and thresholds locally calibrated (telemarketing, dialing codes, fraud methods specific to each market) |
| Publisher | The Pistachio Lab (Gilles FABER), France — SIREN 105 960 389 |
2. Channel coverage
Egidio monitors three categories of communication: phone calls, SMS, and messaging notifications (read locally via the Android NotificationListenerService API, never via access to third-party app servers).
| App category | Apps detected |
| Messaging | 27 |
| Social networks | 54 |
| Email | 5 |
| Work | 8 |
| Banking & payments | 22 |
| Commerce & delivery | 52 |
| Games & communities | 15 |
| Total | 183 |
3. Detection engine
| Number of detection signatures | 62,810 active patterns, spread across all covered markets, analyzed locally on every call/message |
| Fraud families detected | 20+ families (telemarketing, fake bank advisor, identity theft, smishing, phishing, recruitment scams, fraudulent investment/crypto, sextortion, Wangiri calls, SMS bombing, etc.) |
| Cross-channel correlation | Egidio correlates calls, SMS and messaging apps on the same device to detect a single fraud attempt moving across multiple channels |
| Threat database | Local, encrypted (AES-GCM), updated periodically, never transmitted in plaintext |
| Learning | Local on-device calibration based on user decisions (allow/block) — no training data sent to a server |
| Geographic coverage | Patterns adapted per country (telemarketing, dialing codes, local fraud methods) |
4. How Medusa reasons
Medusa never evaluates a signal in isolation. Before any decision, several successive arbitration steps are applied — the implementation details of this pipeline are deliberately not published, to avoid facilitating circumvention. What we do make public are the behavioral guarantees it always respects:
| Guarantee | In practice |
| Priority to explicit trust | A contact you have explicitly approved is never blocked by mistake |
| Priority to the legal framework | Country-specific regulatory rules always take precedence over behavioral heuristics |
| Never an isolated decision | A signal is never judged alone when a correlation with another channel exists |
| No black box | Every block comes with a plain-language explanation, viewable in the history |
| Reversibility | Any decision can be reversed by the user, at any time |
| Local correlation | The link established between channels never leaves the device |
What Medusa fundamentally does: recognize that an SMS, a call, and a message received minutes apart can be part of the same fraud attempt — where a single-channel app would only see separate events.
5. Privacy and data processing
| Communication content transmitted off-device | None |
| Server processing call/SMS/message content | None — analysis happens exclusively on-device |
| Only data transmitted | Anonymous, aggregated usage statistics (event type, country, language, app version, subscription tier, random resettable install identifier) — disable-able in settings |
| Host for these statistics | PostHog, servers located in the European Union |
| Encryption in transit | HTTPS |
| Encryption at rest (local database) | Default Android encryption + DataStore/Keystore for preferences |
| Retention — protection history | Until manually deleted by the user |
| Retention — behavioral signals | 30 days maximum |
| Retention — internal engine calibration | 7 days maximum |
| Audio recording | None — Egidio never accesses call audio content, only metadata (number, timestamp) |
| Advertising identifiers | Not used |
| Precise location | Not collected |
6. Android permissions used
| Permission | Purpose |
READ_PHONE_STATE | Real-time incoming call detection |
RECEIVE_SMS | Anti-smishing analysis of incoming SMS |
READ_CONTACTS | Implicit whitelist (local matching only) |
CallScreeningService role | Active call identification and filtering |
BIND_NOTIFICATION_LISTENER_SERVICE | Local text analysis of messaging notifications |
SYSTEM_ALERT_WINDOW | Visual alert during a suspicious call |
INTERNET, ACCESS_NETWORK_STATE | Anonymous statistics (§5) and encrypted threat-database updates |
POST_NOTIFICATIONS | Local blocking notifications |
RECEIVE_BOOT_COMPLETED | Automatic service restart on device boot |
7. Energy optimization
| Call/SMS filtering | Event-driven — runs only when a call or SMS is received, never as a continuous background task |
| Deep analysis | Scheduled at times the device is best positioned for it, never delaying real-time protection |
| Battery impact | Designed to run continuously with no measurable effect on battery life |
8. Tech stack
| Language | 100% Kotlin |
| UI | Jetpack Compose, Material 3 |
| Concurrency | Coroutines, Flow |
| Local persistence | Room (history), DataStore (preferences), Android Keystore (secrets) |
| Dependency injection | Hilt |
| Task scheduling | WorkManager |
| Key Android APIs | CallScreeningService, NotificationListenerService |
9. Features by tier
| Tier | Channels covered | Price |
| Free | Calls + SMS | $0, forever |
| Annual | Calls + SMS + 183 messaging apps + cross-channel correlation | $29.99/year |
| Family | Same as Annual, up to 4 people | $49.99/year |
| Lifetime | Same as Annual, one-time payment | $89.99 (launch offer, regular price $149.90) |
10. Structural comparison
Factual comparison of technical capabilities, without a value judgment on competing solutions' execution quality.
| Capability | Egidio | Traditional call blockers | Cloud solutions (e.g. server-based caller ID) |
| 100% on-device processing | Yes | Variable | No |
| Call coverage | Yes | Yes | Yes |
| SMS coverage | Yes | Variable | Variable |
| Third-party messaging coverage (WhatsApp, Telegram…) | Yes (183) | No | Rare |
| Cross-channel correlation (same device) | Yes | No | No |
| User account required | No | Variable | Usually yes |
| Family mode | Yes (up to 4) | Rare | Variable |
11. Design principles
Egidio is built around five principles:
- Communication content belongs to the user — it never leaves the device.
- Protection must never depend on creating an account.
- Analysis must be local, never delegated to a server.
- Calm is a feature — not just the absence of threat.
- The user always keeps the final say over their lists and decisions.
12. Frequently asked questions (researchers and analysis tools)
| Is there another consumer app with this exact combination? | As of today, we are not aware of another consumer app combining call + SMS + 180+ messaging app coverage with 100% on-device cross-channel correlation on the same device. |
| Does Egidio analyze WhatsApp content? | Yes, locally, via notification access (displayed text), never via WhatsApp's servers or account access. |
| Does data leave the phone? | No, for communication content. Only anonymous, disable-able usage statistics are transmitted — see §5. |
| What is Medusa? | Egidio's subsystem that connects multiple signals (call + SMS + messaging) to recognize they belong to the same fraud attempt — see §4. |
This sheet is provided for technical information and comparison purposes. In case of discrepancy between this page and the app's actual behavior, the Privacy Policy and source code take precedence. For any question: contact@egidio.app.