have i been pwned? Xamarin.Forms app

The past few weeks I have been busy creating a new app based on the haveibeenpwned.com API. And it is ready!


The website haveibeenpwned.com is a website by security MVP Troy Hunt which focuses on data leaks, hacks and website breaches in all forms and shapes. While entering my usernames and passwords in there, I noticed there was also an API available.
Because I’m a big supporter of creating secure software ánd needed a new app project to try out push notifications, I took up this project to create a multi-platform app which leverages this API.

I does almost everything you can do on the website. It shows you which sites are indexed, read background information about the hacks, search through breaches and pastes for your own data and enable push notifications to be notified on new breaches.


The techniques I have used include, but are not limited to:

  • Azure Mobile Services
  • PortableRest NuGet
  • Xamarin.Forms 2.0 with some CustomRenderers
  • FreshMvvm

Over the coming time I will describe some new things I have learned while creating this app. Probably starting with push notifications, which is going to be a big one divided into more posts.

have i been pwned app iOS screenshothave i been pwned Android screenshot


You can check it out yourself for iPhone (Universal iPhone and iPad) and Android. Taking advantage of all that Xamarin has to offer there is of course also a Windows Phone version but this is giving me some troubles right now, so it will come soon.

Let me know if you like it, want to know how I did specific things or you can think of any more features I could add!

6 thoughts on “have i been pwned? Xamarin.Forms app”

    • Thanks for checking out my app!

      I have actually though of doing that, and even started out with a GitHub repository but after my first check-in I realised that I posted my super secret Azure credential things on a public website.
      So I have to find a solution for that first before I can post it there!

      If you have any tips regarding sensitive code on a open repository please let me know!

      • Check out how Xamarin did it for their CRM demo app:


        They provide a way for you to use their online demo services or create your own Azure mobile services. Perhaps you could provide the code to create the demo services in Azure rather than provide the super secret key to your services. Otherwise, you could create a clone of your Azure services and make that key public? Just thinking out loud.

Comments are closed.