SecureChatGuide.org
SecureChatGuide.org

Decentralized Apps

Step-by-step guides and detailed information on secure messaging apps for Android, iOS, Windows, Mac and Linux.

Apps are listed in order of "Highly Recommended" first, then "Worth a Try", then "Not Recommended" last. Apps within the same recommendation level are ordered alphabetically.

Application Platforms Communication types
Riot Android (on F-Droid), iOS, MacOS, Windows, Linux (Debian, Ubuntu), Web Text, voice, video, file sharing
Version tested: 0.7.03
Country of origin: UK
Encryption protocol: Matrix
Shared Secret exchange: X3DH Curve25519
Message Encryption Cipher: AES-256
Business model: Open source, Matrix.org funded through donations and investors
Android app requires Google Play Services: false
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: N/A (Android app is a web app)
Encrypted by default: No
Perfect forward secrecy: Yes
Messages stored on server: Yes
Ephemeral messages: No
Puddle test: Data not recoverable Messages are saved on the server, however if the session keys are lost then they cannot be decrypted.
Hammer test: Data not recoverable When you delete all session keys from all your devices and chat partners' devices. Messages may remain in encrypted form on the servers.
Has contact verification: Yes
Leaks files: No
Android app trackers (2): Google Firebase Analytics, Matomo (Piwik)
Websites: Source code
Last tested: 1/28/2018
Notes:

Riot Security (E2EE still in beta)
The web app can be used over Tor (thanks lwinch2006)

Encryption:

Riot uses Olm for one on one chats and Megolm for group chats. It implements a double ratchet key algorithm similar to Signal but is a distinct product.
  • The setup takes four Curve25519 inputs: Identity keys for Alice and Bob, IA and IB, and one-time keys for Alice and Bob, EA and EB.
  • A shared secret, S, is generated using Triple Diffie-Hellman.
  • The initial 256 bit root key, R0, and 256 bit chain key, C0, 0, are derived from the shared secret using an HMAC-based Key Derivation Function using SHA-256 as the hash function (HKDF-SHA-256) with default salt and "OLM_ROOT" as the info.

My verdict: Great social platform
Riot/Matrix is a great way to meet new people, and with E2EE (in beta) for individual and group chats it offers a way to go dark for private conversations.
E2EE is still in the works and takes a bit of manual effort to get setup in chats, but that should be improving with time.
BabelNet Android, iOS, MacOS, Windows Text, photos, files, voice messages
Version tested: 7.6.1 (Android), 3.7.0 (MacOS)
Country of origin: Czech Republic
Encryption protocol: Babelnet
Shared Secret exchange: DH MODP2048
Message Encryption Cipher: AES-128
Business model: Enterprise version of the platform
Android app requires Google Play Services: true
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Temporarily
Ephemeral messages: Yes
Puddle test: Data not recoverable Messages not saved on the server.
Hammer test: Data not recoverable When messages are deleted on all devices. You can remotely delete messages from devices.
Has contact verification: Yes
Leaks files: No
Android app trackers (1): Google Firebase Analytics
Websites: White paper
Last tested: 8/12/2018
Notes:

This messenger provides syncing of messages across multiple platforms, messages are not saved on the server so you do not get past messages when you connect a new device. The user interface is very consistant between platforms.
A nice feature is that when you are sending messages from different devices, messages you send from other devices will have a note next to the time indicating which device it was sent from.

Sent and read receipts appear on each message. Pictures have a fuzzy preview until they fully download from the server. Pictures are not automatically saved to your device but you can export them from the application to your device manually. I really like this and think more applications should follow this model. There is also a section of the app to view all attachments.

I did have problems getting the app to connect to the server when trying to setup on new LineageOS devices. The app connects fine on standard Android but it may have problems with unofficial Google implementations.

A bit of confusion in the interface is when creating new chats, there is an option for "New chat", which is for communicating with one person, then there is "New conversation" which is for communicating with a group.

The contact verification codes are a series of 15 random words. This may be easier when comparing keys than what many apps use (long strings of characters). However there does not seem to be a way in the app to mark that you have successfully verified a contact, so if you have lots of contacts you may forget which ones you have verified already.

Another point of confusion is what the setting "Message expiration" actually does. This means that if messages are not delivered within that time frame they are deleted from the server and never delivered. There is another option called "Automatic deletion" in the chat session which will delete the message after the set time once the message is read. These features aren't explained very clearly on the website. The Mac application does not seem to have the "Message expiration" setting anywhere that I can find.

Push notifications for new messages were always received on multiple devices.

From the white paper section 3.1:
3.1 BASIS FOR THE CRYPTOGRAPHY DESIGN
During the cryptography design, we worked with the
following requirements:
• The major goal was to secure the content of the
communication, not the fact that the communication
actually took place.
• Application encryption will be used in between the
end-points during the data transfer.
• Application encryption will be used for data storage
on devices.
• User public key certificates or device certificates will
not be used.
• The server will be used for:
- user account administration
- distribution and synchronization of public keys
- asynchronous communication among devices with
Babelnet application
• Server does not poses any keys that can be used to
decrypt messages.
• Server can only access information about users,
devices and message metadata
• Transported messages will not be stored on Babelnet
servers for a longer period of time than it is necessary
for successful message delivery
• Servers are under the organisations’ own
administrations
• Users can have more than one device (e.g. smartphone,
tablet, PC, laptop…) – messages will always be sent
from one device but synchronized to other devices
under the account
• Standard strong cryptography algorithms and
recommended parameters and operation modes will
be used
• Techniques for elimination of active attacks will be used
– checks of integrity, authenticity and message sequence
– strictly before any attempt to decrypt messages
Encryption protocol (Whitepaper section 3.5):
Diffie-Hellman key exchange using 2048 bit MODP
The shared secret is derived from the negotiated keys
A 128 bit random message key is generated
AES-128 encryption using the message key encrypts the message
A 128 bit "Contact Key" is generated from a hash of the shared secret and other info
The message key is encrypted by the contact key using AES-128
A message authentication code is generated using SHA-256

My verdict: I am liking it, some UI or FAQ clarifications are still needed!

I was pleasantly surprised at the number of security features available in this application. Not only does it have a timeout for the message to be deleted once it is delivered and read, there is also a separate setting for a timeout if the message is not delivered and still resides on the server (very nice)!
The synchronization of messages between multiple devices works flawlessly. You do not get history of existing chats when adding a new device but that is expected (and good security).
I was a bit confused about the difference between creating a new chat or conversation (one is an individual chat and one is a group chat). The group chat has a subject, while the individual chat does not. At one point my chat partner and I had two separate chat entries between us, and we didn't understand why until we realized one of them was a chat and one a group conversation with us as the only participants.
Adding some status indicator when you successfully verify a contact's key would be nice to have.
I did have a problem adding a third device, it received messages for a while but then would no longer connect to the server while my other devices still were connected to the server.
Syncing across multiple platforms and being based outside the 14 eyes makes this a great option.
Conversations (XMPP) Android Text, group chat, video, files, images
Version tested: 2.3.5
Country of origin: Germany
Encryption protocol: Signal
Shared Secret exchange: ECDH25519
Message Encryption Cipher: AES-128
Business model: Funded through one time purchase of app and subscriptions to the conversations.im xmpp server
Android app requires Google Play Services: false
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: No (Unless OMEMO Encyption is set to Always)
Perfect forward secrecy: Yes
Messages stored on server: Yes
Ephemeral messages: No
Puddle test: Data recoverable Messages are saved on the server
Hammer test: Data recoverable You can leave a conversation but this does not delete it. Android client also leaks files.
Has contact verification: Yes
Leaks files: Android
Android app trackers (0): None
Websites: Getting Started
Last tested: 11/11/2018
Notes:

It has taken me some time to really understand how Conversations and OMEMO works, and so I have to start by saying that if you are concerned about message confidentiality I feel this app is only for those who are technically advanced and have an understanding of the technologies involved and the limitations. Using OMEMO is not foolproof at all and so can easily be used incorrectly if you are looking for a truly secure system.

Here is some good reading on the issues with OMEMO encryption and contact trust and verification. These are not easy concepts for the normal person to grasp: Blind Trust Before Verification. OMEMO encryption only works in private (members only) conferences and individual chats, so it will not work in open group chats.

Here are some settings to make Conversations more secure:

Settings->OMEMO Encryption: Set to "Always"


Settings->Expert Settings->Blind Trust Before Verification: Disable


Manage Accounts->Click on account->Top right corner hamburger->Archiving preferences: either "Contacts" or "Never"


Here is a list of what information is stored on the conversations.im server. Each XMPP server however has different policies on what information they store, so this is only an example. https://account.conversations.im/privacy
What we store
  • Account data
    • Your user name and hash of your password
    • Your email address if you provide one. This will only be used to provide you with a way to recover your password.
    • The date of your account creation and the end of your next payment interval.
  • Messages
    • Offline messages. If someone sends you a message while you are offline that message will be stored until you get back online.
    • Archive. By default we will be keeping an archive of your messages for later retrieval by yourself. This can come in handy if you log in with a new device and want access to your message history and is also required if you want to use the OMEMO encryption with multiple devices. You can opt-out of this by setting your server-side archiving preferences with your XMPP client.
  • Files. Every file you share with a contact or a conference will be uploaded and stored for later retrieval by the recipients.
  • Other data
    • A list of your contacts (Roster, Buddylist). This list is maintained by you. You decide who goes on that list and who gets deleted.
    • Semi public data you are publishing for your contacts to see like your avatar or the OMEMO public keys.
    • Other private data your XMPP client might upload like a list of conference bookmarks.
What we don’t store
  • Your IP address or any information that could be inferred by that address like your location.
  • The time when you login. - Or more general the times when you use our services.
  • A correlation between your account and your payment information for longer than it is necessary to fulfil our return policy.
Regarding the above information, even with OMEMO enabled the following is unencrypted on the server:
  • Archiving of messages on the server is a concern. Even if the messages are OMEMO encrypted it is only the message contents that are encrypted. Other meta data with the message is not encrypted. Some goes for the files which are uploaded encrypted.
  • All your contacts are stored unencrypted.
  • Avatar
  • Bookmarks
When XMPP was first developed there was no encryption implemented in the design. OMEMO adds encryption to the message contents, but the underlying system of XMPP remains unencrypted. It is just the nature of this system that confidentiality is only available for message contents. In many ways it is very similar to PGP which only added encryption to the message contents of emails.

The verifying of a contact's OMEMO keys is done through the exchange of QR codes that are scanned. Once verified any messages from the contact will show a shield icon. If a contact has multiple devices then a key for each device will need to be individually verified. Also if you have more than one device verifying a key on one device does not make that key verified on other devices. You will need to scan the QR code for each of your contact's devices on all of your devices.

Another aspect of security is that photos are automatically saved to your phone's photo gallery where they are saved unencrypted. And if you have any backup or cloud syncing setup for your photos then these photos from Conversations wil also show up in your online storage. You can turn off Storage access for the app, thus preventing any photos or files from being able to be saved to the device, but that also prevents them from being downloaded and viewed in the app as well, essentially making Conversations a text only messenger. Photos are saved in Local Storage/Device Storage/Conversations/Media.

The application does have Google analytics trackers listed in its manifest file however these look to be disabled since May 2018. This is just something to be aware of that a change in the default settings could turn these back on. See Conversations/src/playstore/AndroidManifest.xml.

My Verdict: The best XMPP app, but security is a fundamental afterthought in the XMPP system.

XMPP was not designed with security at it's core. Therefore be careful of data leakage. I would only recommend this app to people who have a full understanding of the limitations of XMPP. It is not foolproof at all and is very easy to leak information by mistake.
Pix-Art (XMPP) Android Text, group chat, video, files, images
Version tested: 2.1.4
Country of origin: Germany
Encryption protocol: Signal
Shared Secret exchange: ECDH25519
Message Encryption Cipher: AES-128
Business model: This service is privately financed
Android app requires Google Play Services: false
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: No (Unless OMEMO Encyption is set to Always)
Perfect forward secrecy: Yes
Messages stored on server: Yes
Ephemeral messages: No
Puddle test: Data recoverable Messages are saved on the server
Hammer test: Data recoverable You can leave a conversation but this does not delete it. Android client also leaks files.
Has contact verification: Yes
Leaks files: Android
Android app trackers (0): None
Websites: Privacy Policy, source code
Last tested: 11/23/2018
Notes:

Pix-Art is a fork of Conversations (XMPP) with some slight modifications. You also have the option of creating an XMPP account on their pix-art.de server which does not require an email address or phone number.

When creating a new chat it is nice to see a notice describing how to enable encryption. Settings are also laid out in a more organized manner than Conversations. The settings are basically the same just easier to navigate. In a chat session there are status check marks which make it easy to see when a message has been delivered (green check mark) and when it has also been read (green and blue check marks).

The app requires a TLS connections to any XMPP server which is a nice security feature.

Unfortunately Pix-Art has the same issues with saving images and files into public storage unencrypted that Conversations has. Images are saved in "Pix-Art Messenger/Media/Pix-Art Messenger Images", files are saved in "Pix-Art Messenger/Media/Pix-Art Messenger Files".

One area of concern is the process by which you can recover a lost password on an account on their server. Because you do not specify an email address upon signup they do not have one on file, so this is their process:
  • Send me an e-mail stating your JID.
  • I will reset your old password and send you a new password via eMail

  • They basically need to trust that you truly own that xmpp ID and email. I see the possibility of someone who knows someone else's pix-art.de address email them and having a new password sent to their own email address, thus hijacking another person's pix-art.de xmpp account.

    My verdict: Tweaks make it easier to use than Conversations

    Just a few things here and there are enough to make this a more pleasant experience, however there are still some fundamental issues with the XMPP protocol that create security issues.
    Quicksy (XMPP) Android Text, group chat, video, files, images
    Version tested: 2.3.6+pcr
    Country of origin: Germany
    Encryption protocol: Signal
    Shared Secret exchange: ECDH25519
    Message Encryption Cipher: AES-128
    Business model: Funded through the the quicksy.im directory service
    Android app requires Google Play Services: false
    Requires a phone number: Yes
    Requires an email address: No
    Your ID contains personal information: Phone
    Data is locally encrypted: Yes
    Encrypted by default: No (Unless OMEMO Encyption is set to Always)
    Perfect forward secrecy: Yes
    Messages stored on server: Yes
    Ephemeral messages: No
    Puddle test: Data recoverable Messages are saved on the server
    Hammer test: Data recoverable You can leave a conversation but this does not delete it. Android client also leaks files.
    Has contact verification: Yes
    Leaks files: Android
    Android app trackers (0): None
    Websites:
    Last tested: 11/23/2018
    Notes:

    Quicksy is based on the same code as the Conversations (XMPP) app, so all notes on Conversations also applies to this app. Additionally there are a few other unique features:

    Quicksy.im also offers a Quicksy Directory service which allows other non Quicksy users to add their own XMPP ID and their phone number so that Quicksy users can look them up using a phone number. This service requires a one time fee to register, which helps provide the Quicksy app for free.

    Note that a phone number is required to sign up for an account in Quicksy (which automatically uses the quicksy.im server) and the phone number will be your ID for the service. So this does make it easier to signup in the app instead of having to go search for an XMPP server to use. It also makes it easier to find other Quicksy users (or other XMPP users who registered in the directory) by looking up their phone number. However that does mean that you are exposing your phone number so you lose some anonymity. Also the app will at regular intervals upload the phone numbers from your address book to search for matches with other registered Quicksy users or directory entries.

    This app does not allow you to add other XMPP accounts that you may own, it can only be used by one quicksy.im account. However you can add contacts that use any other XMPP server as well as Quicksy.im users.

    My verdict: Worth a try for beginners

    This app is a way for those new to encrypted messaging to get started without much hassle. Using this app gives them access to contact anyone in the entire XMPP federated system. The compromise for ease of use however is the exposure of a phone number as part of the XMPP ID. Just about all other features of the app are exactly the same as Conversations which would make it easier to transition to a non-phone number XMPP ID in the future.

    Comparisons to the Signal app are apt since the target audience is very similar, mainly those who may be just getting into secure messaging but are used to the concept of using a phone number as an identifier. Both apps are simple to use and signup for an account. There are some differences however:

    Signal:
    • Advantages:
      • Also acts as the standard SMS app and encrypts messages at rest
      • Most metadata is now encrypted
      • Messages are stored on mobile devices, not a server
      • Encryption to other Signal users is automatic, less likely to send a message unencrypted by mistake
    • Disadvantages:
      • Can only connect to Signal users
    Quicksy:
    • Advantages:
      • Access to the entire XMPP system and users
    • Disadvantages:
      • You still need a separate SMS app
      • Messages are stored on XMPP servers
      • Metadata and contacts may be stored unencrypted on servers
      • Concepts of encryption and using OMEMO correctly still requires some attention, it is possible to send unencrypted messages if someone is not careful
    RetroShare Windows, MacOS, Linux (many), FreeBSD Text, voice, video, email, file sharing
    Version tested:
    Country of origin: None
    Encryption protocol: OpenPGP
    Shared Secret exchange: RSA 2048 PKI
    Message Encryption Cipher: ?
    Business model: Free open source project
    Android app requires Google Play Services: N/A
    Requires a phone number: No
    Requires an email address: No
    Your ID contains personal information: No
    Data is locally encrypted: ?
    Encrypted by default: Yes
    Perfect forward secrecy: Yes
    Messages stored on server: Yes
    Ephemeral messages: No
    Puddle test: Recoverable?
    Hammer test: Recoverable?
    Has contact verification: No
    Leaks files: No
    Websites: Source code
    Last tested:
    Notes:

    [Information provided by JR]

    What is leaked to the world when using the DHT.
    - Your IP address.
    - The IP addresses that you are connecting to.
    Optionally, Retroshare may be configured to tunnel through I2P or Tor with friend finding turned off to function as a true darknet. This however, is slow, unreliable, high-latency, and very difficult to set up.

    - Retroshare may appear to use PGP, but what actually seems to be happening under the hood is that it's using the RSA keys to sign ephemeral keys which are then used to establish connections to your friends via perfect forward secrecy. The PGP parts of it look like they are used only for certifying and authentication, and are not used to encrypt the data.

    - Certificate authorities are not used, the networks are fully friend-to-friend. This is markedly different from peer-to-peer because it is expected in a friend-to-friend network, you already know, and already trust the people you will be connecting and routing for. This is a VERY important distinction in the differences between peer-to-peer and friend to friend.

    - Key signing or setting up a PGP web of trust model is in some cases mandatory.

    - Retroshare is difficult to set up for the average user. Every user on the Retroshare network MUST know how to port forward or the friend lookup will not function.

    - Because it is assumed you already trust the people that you will be using retroshare to connect to, Retroshare makes no effort to disguise or hide your IP address from them. In fact, if your IP address changes, they will get a warning message.
    - When operating through the regular Internet, it looks like Retroshare uses a Distributed Hash Table for IP address lookups and friend finding. If this is correct this may present a source of metadata leakage. I will need to look into this some more and find out how it works, because I don't want to spread F-U-D.

    - Retroshare *can be made to* go over I2P, but doing so is very slow and requires configuration of the I2P Router. You will need to set up your own tunnels. The documentation for this is a little bit sparse and some of it is in Spanish. You may need to do a bit of experimentation before it works. During this time on I2P, friend finding and the DHT can be turned off, and in this case, Retroshare will function as a true Darknet which will allow for TLS-secured traffic to be wrapped up within I2P's native encryption functions. But this is extremely slow and difficult.

    - Retroshare is loaded with features and probably hands down has the most features of any instant messaging bundle. It is VERY good at distributing large files among friends who trust each other.

    - Retroshare's trust model is transitory. Friends-of-friends have a certain amount of privilege in some areas. For the rest, a lot of it uses the PGP web of trust.

    - The code base has not recently been audited (if ever?). This is the same situation with I2P, where the weak link might be the client software and not the protocol.

    - If your Retroshare private key is stolen, although technically you have perfect forward secrecy with TLS, the problem with Retroshare tends to be that much of the content on the network is distributed among your friends. It can be difficult to take back down once. So, for instance, let us say that Alice, Bob, Charlie and Daniel start posting on a Retroshare messageboard that is private to them. Sometime later, Mallory steals Alice's plaintext private key. Even if she does not have Alice's computer, she can still impersonate Alice to Bob, Charlie and Daniel, and re-synchronize her 'copy' of the messageboard with theirs and see all of their would-be private communications. If Alice sent movie.mov to Charlie, and Charlie sent it to Bob, even if Charlie moved movie.mov out of his share, Mallory can use Alice's private key to impersonate Alice and re-download movie.mov from Bob instead.

    - The more friends you have on your Retroshare network, the more routing your computer must do and the more bandwidth and processing power the program will need to function comfortably.

    - There is a commandline version of Retroshare that is intended to be used as a retroshare server. I have never used it, so I cannot comment on it.
    Zom Android, iOS Text, group chat, photos, stickers, audio
    Version tested: 15.8.0-RC-2 (Android), 1.0.24 (iOS)
    Country of origin: USA
    Encryption protocol: OTR, BouncyCastle
    Shared Secret exchange: ECDH448
    Message Encryption Cipher: XSalsa20
    Business model: ?
    Android app requires Google Play Services: true
    Requires a phone number: No
    Requires an email address: No
    Your ID contains personal information: No
    Data is locally encrypted: Yes
    Encrypted by default: Yes
    Perfect forward secrecy: Yes
    Messages stored on server: Yes
    Ephemeral messages: No
    Puddle test: Data recoverable Messages are saved on the server
    Hammer test: Data recoverable You can leave a conversation but this does not delete it.
    Has contact verification: Yes
    Leaks files: No
    Android app trackers (0): None
    Websites: Source code, Fork announcement
    Last tested: 4/23/2019
    Notes:

    Zom is an XMPP client that is derived from the ChatSecure open source client. This app aims to be easy to use and respects your privacy. Zom is very easy to signup a new account on- just pick a username and that is it. No requirement for email or phone number.

    There are no trackers included in this app, which is very nice!

    You can chat with fellow Zom users, but also with any other person who has an XMPP account on other servers. Although I did find sometimes that transferring text or photos with my account on a non-Zom server resulted in an undecryptable data object. But most of the time text and photos were received just fine. Zom also has stickers you can send to other Zom users.

    This app uses the otr4j library, which is still in development, so some caution is advised:
    As OTRv4 is still in draft, the implementation of this otr4j implementation itself is not stable (or secure). Status: In active development Current work should be considered at most prototype-quality and guaranteed insecure. The development follows the master branch of OTRv4, but may lag behind in areas that currently lack development focus.
    The elliptical curve used is a slightly older one, and other apps are currently using the newer and faster ECDH25519 but the ECDH448 is still plenty strong enough.

    On Android I could find no evidence of any files or folders saved by Zom onto public storage where other apps could access them. This is quite rare and the developers should be congratulated for such attention to security.

    My verdict: Overall excellent work

    I am impressed be the quality of the work in making this app secure and easy to use at the same time. There are no trackers, no leaked files, and mostly a smooth experience chatting with even XMPP users on other servers. One caution is the status of the OTRv4 implementation which is not final yet. But overall very good work and it just needs a little more polishing.
    Adamant iOS, Web Text, cryptocurrency
    Version tested:
    Country of origin: Republic of Ireland
    Encryption protocol: NaCl
    Shared Secret exchange: ECDH25519
    Message Encryption Cipher: Salsa20
    Business model: Per message cryptocurrency fee
    Android app requires Google Play Services: N/A
    Requires a phone number: No
    Requires an email address: No
    Your ID contains personal information: No
    Data is locally encrypted: Yes
    Encrypted by default: Yes
    Perfect forward secrecy: No
    Messages stored on server: Yes
    Ephemeral messages: No
    Puddle test: Data recoverable All messages stored on public blockchain
    Hammer test: Data recoverable All messages stored on public blockchain
    Has contact verification: No
    Leaks files: ?
    Android app trackers (N/A): N/A
    Websites: Roadmap
    Last tested:
    Notes:

    Adamant is a messaging app that is based on blockchain technology. Messages are encrypted and stored onto the blockchain which is stored in duplicate on many computers connected to the internet. The advantage of this is that your messages are accessible to you anywhere from any device. You can also leave a message for someone else on the blockchain and they can be offline and retrieve it later. One big disadvantage of this system is that your messages (while encrypted) are stored in permanance. So while the encryption methods used now are secure they may not be in the future and all your messages may be decripherable.

    This application is also very immature in that is has few features outside of texting and cryptocurrency exchange. At this time it is not mature enough to use as a primary messaging system.

    My verdict: Limited use, future security concerns

    Lack of basic features like sending photos and group chat make this a very limited use app, and having messages live permanantly on a blockchain is not a good security habit.
    Cwtch Android, Windows, Linux Text, group chat
    Version tested: Alpha 0.1.1
    Country of origin: Canada
    Encryption protocol: Tor hidden services/TLS
    Shared Secret exchange: ECDH25519
    Message Encryption Cipher: AES-128
    Business model: Free open source project
    Android app requires Google Play Services: false
    Requires a phone number: No
    Requires an email address: No
    Your ID contains personal information: No
    Data is locally encrypted: ?
    Encrypted by default: Yes
    Perfect forward secrecy: ?
    Messages stored on server: Never
    Ephemeral messages: Yes
    Puddle test: Data not recoverable Messages saved only on device.
    Hammer test: Data not recoverable Messages saved only on device.
    Has contact verification: ?
    Leaks files: ? Needs more testing
    Android app trackers (?): ?
    Websites: Releases
    Last tested: 3/1/2019
    Notes:

    Cwtch is based on the Ricochet platform and uses Tor onion services.
    From https://openprivacy.ca/blog/2019/02/14/cwtch-alpha/:
    Cwtch is an experimental concept and prototype. We do not recommend you use Cwtch today if you require secure communication.
    This project looks very interesting being built upon Ricochet protocols, I am interesting in seeing how it develops. On stock Android the application would open for a few seconds then crash so I was not able to test it. However I do like the concept of a decentralized network and using Tor. Give this one some time to develop.

    My verdict: Still alpha, keep an eye on this one

    I like the concepts, it just needs time to develop.