Secure Android messenger powered by Signal Protocol, SQLCipher, JWT, WebSocket, and advanced client protection mechanisms.
- End-to-end encryption (Signal Protocol: X3DH, Double Ratchet)
- Encrypted database (SQLCipher + Android Keystore)
- Secure key storage (hardware-backed Keystore)
- Server communication via REST & WebSocket
- Private contact discovery (SGX)
- Sealed Sender (sender anonymity)
- Anti-analysis mechanisms (root, debug, ptrace detection)
- Duress PIN (fake environment / secure wipe)
- App icon hiding mode
- Safety Numbers (key verification with QR)
- Encrypted group chats & file sharing
- Threat modeling using STRIDE
crypto/– Signal Protocol logicnetwork/– server comms, SGX, Sealed Sendersecurity/– Keystore, SQLCipher, root/debug detection, JWT, Duress PINui/– activities, views, Safety Numbers, LockScreengroup/– group chat logicfile/– file sharingdb/– Room encrypted database
- Open the project in Android Studio.
- Install dependencies (Gradle).
- Build and run on Android device (minSdk 23).
- Run unit tests:
./gradlew test
- Sample backend lives in
backend/folder - Run:
cd backend && npm install && npm start - REST: publish/retrieve keys, send messages
- WebSocket: push messages in real-time, JWT auth
- Data persistence: in-memory (for testing only)
- Keys always stored in hardware-backed Keystore
- SQLCipher for all local data
- Code obfuscation (R8), root/debug/ptrace detection
- Duress PIN – secure wipe & reset functionality
- STRIDE threat model in
ui/ThreatModeling.kt
- Message composed in UI (
ChatActivity.kt) - Encrypted with Signal (
SignalSessionManager.kt) - Sent via REST/WebSocket (
ServerCommunicator.kt) - Stored in encrypted Room database (
MessageDao.kt)
- Android 6.0+ (minSdk 23)
- Node.js (for demo backend)
Demo project – open for further development and security audit.
📧 Contact: If you have questions or want to contribute, open an issue or reach out via GitHub.