SecureChatGuide.org
SecureChatGuide.org

Peer to Peer Apps

Step-by-step guides and detailed information on secure messaging apps for Android, iOS, Windows, Mac and Linux.

Apps are listed in order of "Highly Recommended" first, then "Worth a Try", then "Not Recommended" last. Apps within the same recommendation level are ordered alphabetically.

Application Platforms Communication types
Briar Project Android (via Google Play, F-Droid repo or APK) Text and forums
Version tested: 1.2.3
Country of origin: None
Encryption protocol: Bramble, SpongyCastle
Shared Secret exchange: ECDHC brainpoolp256r1
Message Encryption Cipher: AES-256
Business model: Free open source project, Bitcoin donations, other funding
Android app requires Google Play Services: false
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: Yes
Leaks files: No
Android app trackers (0): None
Websites: Source Code
Last tested: 7/7/2019
Notes:

7/7/2019- Update: You can now add remote contacts by exchanging Briar URLs. In the contacts list choose the "Add contact at a distance" option and enter the Briar URL of your remote contact which they will need to send you via another channel. This is also where you will see your own Briar URL to send to others.
In some places like Forums, you will see three ### symbols next to a contact's name which signifies their level of trust for you. One red # means that this contact is not known to you and was added to someplace like a forum by another member. Two yellow ## means that the person was added to your contacts remotely (at a distance). Three green ### means that you added the contact in person by scanning QR codes.
Now that the restriction of having to meet someone in person to create contacts has been removed, I think this app will have a much broader use than just small local groups.

Pros:
Secure P2P encryption
On F-Droid
Does not require Google Play services
Works over wifi, bluetooth or Tor
Cons:
Android only
Pro or Con:
Transferring to another Android phone: There does not seem to be a possible way to preserve your account or data, you can recreate another account with the same name on the new phone.

On Copperhead, the battery optimization settings need to be set to Off so that it will remain connected.
Android battery use is somewhat high, even with battery optimization turned on.

Encryption:
Public/private key pairs are generated on the device. Key exchange is performed in person by scanning the QRCode of the other person's public key on their device or by exchanging your Briar URLs. This establishes a trusted key pairing between devices.
A shared secret is calculated from a hash of the key pair (using Diffie-Hellman) which is then used to generate a master key. The shared secret is then erased.

My verdict: Great option for peer to peer communication.

There are still some limitations, such as being Android only and text only (though sending photos is being worked on). However being peer to peer, open source and able to be used without an internet connection makes this app very attractive. In my testing it has been very reliable, with the understanding of the nature of peer to peer communications.
SafeSwiss Android, iOS, Windows Text, group chat, voice, pictures, video, location
Version tested: 1.4.10
Country of origin: Switzerland
Encryption protocol: NaCl
Shared Secret exchange: ECDH25519
Message Encryption Cipher: XSalsa20
Business model: Digital communication security solutions
Android app requires Google Play Services: false
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: Yes
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: Yes
Leaks files: No
Android app trackers (2): Google CrashLytics, HockeyApp
Websites: Encryption
Last tested: 4/10/2019
Notes:

Registering your email or phone number is optional.
Messages are saved (encrypted) on the server if the recipient is not online, delivered and erased once they are online.
Self destruct messages, perfect forward secrecy

Encryption process (from the FAQ):
SafeSwiss uses the Box model of the NaCl Networking and Cryptography Library.
  • Diffie-Hellman key exchange using Curve25519
  • These keys are hashed to derive a shared secret
  • The shared secret is combined with a unique nonce to encrypt the message
  • Poly1305 is used to create a message authentication code
The asymmetric keys used in SafeSwiss have a length of 256 bits, and their effective ECC strength is 255 bits.
The shared secrets, which are used as symmetric keys for end-to-end message encryption (derived from the sender’s private key and the recipient’s public key using ECDH, and combined with a 192 bit nonce), have a length of 256 bits.
A unique session key is generated for each communication, which is used as input to the NaCl Box function to generate the encryption key. Thus SafeSwiss is able to create ephemeral messages that have perfect forward secrecy.
Silence Android SMS, MMS
Version tested: 0.15.12
Country of origin: No centralized servers
Encryption protocol: Signal
Shared Secret exchange: ECDH25519
Message Encryption Cipher: AES-256
Business model: Free open source project, Bitcoin donations
Android app requires Google Play Services: false
Requires a phone number: Yes
Requires an email address: No
Your ID contains personal information: Phone
Data is locally encrypted: Yes
Encrypted by default: No
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: Yes
Leaks files: No
Android app trackers (0): None
Websites:
Last tested: 4/3/2018
Notes:

Silence is an SMS application that adds the ability to send encrypted messages over SMS. It also saves your text SMS message in an encrypted database on the phone.

My Verdict:
This is an excellent replacement SMS application. If you don't want the extra features of Signal this is a great choice.
TwinMe Android, iOS Text, group chat, voice, photos, video, files, streaming music
Version tested: 9.1.1
Country of origin: France
Encryption protocol: WebRTC/TLS
Shared Secret exchange: ECDH
Message Encryption Cipher: AES-256
Business model: Pro version of the platform
Android app requires Google Play Services: false
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: No
Leaks files: No
Android app trackers (0): None
Websites: Encryption
Last tested: 11/28/2018
Notes:

TwinMe is easy to setup and to connect with another TwinMe user, you can either scan their QR code in person or send them an invite link.
This app is truly peer to peer, so sometime when you try to send a message it will just appear with a spinning circle next to it. This just means that the other person is not online. You can close the app and it will work in the background and deliver the message once the other person is online.
The interface is professional looking, though the iOS version seems more consistant with the host OS than the Android version.
One cool feature is the ability to stream music from your device to your contact's device.
On Android Google Play Services are not required. The Android version I first tried from the Amazon app store would not launch at all. The version from the Google Play Store (downloaded via Yalp) did run.
On Copperhead, the battery optimization settings need to be set to Off for TwinMe to stay connected when in the background.
Added in version 8.3.0 is the ability to delete messages you have sent from both your device and the device of your chat partner. Simply swipe the text to the left and the delete icon will appear.

Encryption:
TwinMe is a direct peer to peer connection between devices, so there is no middle server to need to protect information against. All encryption is done on the transport level with TLS.

My Verdict: One of the best peer to peer chat apps!

This app is very reliable and easy to use. It has a unique feature with its music streaming ability. I wish it had quoting of messages, ephemeral messages and contact verification. Not having a server in the middle handling messages makes this a very safe app to use.
The FAQ mentions that you can preserve your ID and contacts when changing to a new device by doing a full backup with iTunes or your PC, so just be conscious of having that information in any backups you may do.
With both iOS and Android apps this can be used by a majority of phone users.
Patchwork Linux (AppImage), MacOS, Windows Text
Version tested: 3.8.10
Country of origin: None
Encryption protocol: Scuttlebutt
Shared Secret exchange: ECDH25519
Message Encryption Cipher: Salsa20
Business model: Free open source project
Android app requires Google Play Services: N/A
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: No
Perfect forward secrecy: Yes
Messages stored on server: ?
Ephemeral messages: No
Puddle test: Data recoverable
Hammer test: Data recoverable Your data is saved in multiple feeds. https://www.scuttlebutt.nz/faq/basics/data-live.html https://www.scuttlebutt.nz/faq/basics/delete.html
Has contact verification: No
Leaks files: No
Websites: Scuttlebutt
Last tested: 4/24/2018
Notes:

[Submitted by Perflyst]

Decentralized messaging and sharing app built on top of Secure Scuttlebutt

My verdict: Great option for desktops, mobiles coming soon?
Private messages are end-to-end encrypted, always.
You have to follow somebody to get messages from them, so you won't get spammed.
The datastructure is a global mesh of append-only logs, which can support new types of data (not just "mail").
Users are not bound to one server/host (what we call "Pubs") and do not have to trust the servers.
Skred Android, iOS Text, image, sound, music, video
Version tested: 0.6.5
Country of origin: France
Encryption protocol: WebRTC/TLS
Shared Secret exchange: ECDH
Message Encryption Cipher: AES-256
Business model: Operated by SKRED SAS with a capital of €1,387,000
Android app requires Google Play Services: true
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: No
Leaks files: No
Android app trackers (0): None
Websites:
Last tested: 8/12/2018
Notes:

Skred is a variant of the TwinMe app with most of the same features. One additional function is that the alternate identities are secured with a PIN number. Each identity has its own profile, contacts and conversations. When the default identity in use the contacts, conversations and notifications from the other identities are not shown so the alternate identities are truly secret and silent unless you are actively using one.
Antox Android Text, files, avatars, partial A/V support
Version tested: 0.25.515
Country of origin: No centralized servers
Encryption protocol: NaCl
Shared Secret exchange: ECDH25519
Message Encryption Cipher: XSalsa20
Business model: Free open source project
Android app requires Google Play Services: false
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: ?
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data recoverable Client leaks files
Has contact verification: No
Leaks files: Android
Android app trackers (0): None
Websites:
Last tested: 12/01/2018
Notes:

Antox uses the Tox protocol.

On Copperhead, Antox needs battery optimizations set to Off to stay connected.
Android leaks files: found photos in Local Storage/Device Storage/Download/Tox Received Files

My verdict: Try it for non secure communications!

Tox has a lot of promise, the clients need more polishing but they are available for most platforms which will help adoptability.
Unfortunately the Antox client on Android leaks data, so this is a good option to try but I would not depend on it for secure communications.
This shows the weakness of having a strong communication protocol but no control over the client apps. The protocol may be excellent, but if the apps do not handle the information properly once decrypted, that compromises security. And with multiple clients available, even if I choose a client that I know is secure, someone else I am communicating with may be using a client which is not secure so they are compromising my security.
FireChat Android, iOS Text, private group chat, public chatrooms, photos
Version tested: 8.0.58
Country of origin: USA
Encryption protocol: Open Garden?
Shared Secret exchange: ?
Message Encryption Cipher: ?
Business model: Various investors??
Android app requires Google Play Services: true
Requires a phone number: No
Requires an email address: Yes
Your ID contains personal information: No
Data is locally encrypted: ?
Encrypted by default: No
Perfect forward secrecy: ?
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: No
Leaks files: No
Android app trackers (6): Amplitude, AppsFlyer, Facebook Login, Google Analytics, Google CrashLytics, Google Firebase Analytics
Websites: How it works
Last tested: 1/23/2018
Notes:

Note: I recently revoked my recommendation of this application after discovering that it includes 4 different analytics trackers and a Facebook login module.

FireChat is a unique P2P app that can work without an internet connection. It will use bluetooth or available wifi connection (even without internet access) to create a P2P mesh network. This can be used to communicate at social gatherings, in communities or in emergencies. You may also use it with an internet connection just as any other chat app.
You can create both private chat groups and join public chat rooms.
On my Android (without Google Play services) it seemed to work but it was constantly popping up a message that it required Google Play services. Also even when not using the app and logged out of it, my wifi connection would randomly become disabled. I determined it was FireChat, and I am not sure if that was because of missing Google Play services.
Only private messages are end to end encrypted. When logging in you will be sent a one time pin code to your email to authenticate yourself, this is used instead of a password.

My verdict: Nope
This app has way too much tracking in it, and it is not encrypted by default so there is too much risk of unintended leakage of information. The app also seems to want to take over the phones network and turn off wifi.
Jami Android, iOS, Linux, MacOS, Windows Text, group chat, voice, video, files, photos
Version tested: 200180629
Country of origin: Canada
Encryption protocol: GnuTLS
Shared Secret exchange: RSA 4096 PKI
Message Encryption Cipher: AES-256
Business model: Open source, side project of Savoir-faire Linux
Android app requires Google Play Services: true
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data recoverable MacOS leaks files
Has contact verification: No
Leaks files: MacOS
Android app trackers (1): Google Firebase Analytics
Websites: Source Code
Last tested: 12/26/2018
Notes:

Pros:
On F-Droid
Multiple platforms
Not dependent on a phone #
Cons:
Android and Mac app still have some usability issues, just out of beta. The Mac app saves images you receive into your Documents folder, no option to disable this.

Encryption:
Uses the GnuTLS library with RSA keys and X.509 certificates.

My verdict: Pass
This is being developed as a side project by Savoir-faire Linux so they know open source! The clients have a unified experience and are available for most platforms.
This was designed as a P2P app, so messages you send out are not synced between your multiple clients if you have them running simultaneously. However messages sent to you do appear on all your clients, making a somewhat confusing stream of conversation when using multiple clients.
The primary purpose of Jami is for video calling, but messaging (to individuals) does somewhat work. Several times during testing messages failed to be delivered even in the middle of a conversation. While the Android client does not appear to leak files (none that I could find) the Mac version saves files sent to you right in your Documents folder. This makes this app insecure for anyone using the Mac version or send to someone else who is.
Kripter Android Text, voice, pictures, files, location
Version tested: 1.3
Country of origin: UK
Encryption protocol: OTR
Shared Secret exchange: DH MODP1536
Message Encryption Cipher: AES-256
Business model: ?
Android app requires Google Play Services: false
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: ?
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: Yes
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data recoverable Android client automatically saves files to your Pictures folder (by design)
Has contact verification: Yes
Leaks files: Android
Android app trackers (1): Google CrashLytics
Websites:
Last tested: 11/26/2017
Notes:

Kripter is a secure P2P messenger app (they also have secure email). It features self destruct messages, group chats, PIN number for self-destruct.

Messages were sent very quickly. Unfortunately in practice there were too many serious bugs to make this worth keeping. Encrypted chats lost their OTR connection and we received errors that we needed an OTR plugin. Sometimes the app would just display a rotating circle and say "Loading..." and we would have to kill the app and restart it to get into existing chat sessions. Some messages failed to burn after the allotted time.
Until these bugs and issues are resolved (as of this writing Nov 26, 2017- version 1.3) I do not recommend using this application.

Photos are automatically saved in Local Storage/Device Storage/Pictures/Kripter. This is by design but does compromise security of data.
LinkCast Android, iOS Text, group chat, video chat, photos, videos, files, location
Version tested: Android- 3.0.5, iOS- 3.1.0
Country of origin: Japan
Encryption protocol: ?
Shared Secret exchange: ECDH
Message Encryption Cipher: AES-256
Business model: Purchasing of coins and stickers in the app
Android app requires Google Play Services: true
Requires a phone number: Yes
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: Yes
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data recoverable Android client leaks files
Has contact verification: No
Leaks files: Android
Android app trackers (3): Google Analytics, Google CrashLytics, Google Firebase Analytics
Websites: FAQ
Last tested: 11/03/2018
Notes:

When first setting up the app on Android, after signup I kept getting an error about no connection being available. I was able to sign in using an iPhone, then later was able to successfully login with the Android device. On Android contacts' avatars do not display, but they do on iPhone.

I know this is a P2P app but I was able to login with both an Android and iPhone at the same time and participate in a chat. Some messages were not received on my Android device but they were received on my iPhone.

Photos were found unencrypted in public storage on Android, in device/com.btdstudio.linkcast/Param

If you log out or restart your device, you must first put in your phone number to receive a 2FA code to input into the app. Then you must provide your PIN to login. While this security feature is good, it would be appreciated if one of those could be turned off in settings. However I think the PIN is used for encrypting the local database, so probably the only option would be to have the 2FA feature on/off.

The website has many misspelled or obviously missing words on the website, especially on the FAQ page.

Encryption:
Key pairs are negotiated using Curve25519 with Diffie-Hellman, and a shared secret is derived. Data is then encrypted using AES 256. Message authentication is ensured using HMAC-SHA512.

My verdict: Too many problems with Android

While the iOS app works very well, the Android app has a few bugs and also leaks data. While it is meant as a P2P app you can log in with multiple devices and that may be the reason for messages not being properly synced between devices.

The Android app also does not display avatars, and photos are saved unencrypted in public storage. If it weren't for this unfortunate security issue I would have given this app a "Worth a try" rating.

While it does require a phone number to sign up and log in, this number is not shown to other users so your privacy is protected.
Pinngle Android, iOS Text, group chat, voice, photos, audio clips, files, location
Version tested: 2.1.9
Country of origin: Latvia
Encryption protocol: ?
Shared Secret exchange: ?
Message Encryption Cipher: ?
Business model: Fee for calling out to phone numbers
Android app requires Google Play Services: true
Requires a phone number: Yes
Requires an email address: No
Your ID contains personal information: Phone
Data is locally encrypted: ?
Encrypted by default: Yes
Perfect forward secrecy: ?
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data recoverable Android client leaks files
Has contact verification: No
Leaks files: Android
Android app trackers (6): Facebook Analytics, Facebook Login, Facebook Share, Google Analytics, Google CrashLytics, Google Firebase Analytics
Websites:
Last tested: 4/21/2019
Notes:

This app requires access to your Contacts to work, without access it will not function at all.

The first registration attempt failed, however once I did get it registered messages seemed to be sent and received quickly. This is probably due to the peer to peer design.

Your phone number is required to register, and is used by others to search for you in the app. In effect your ID is directly linked to your phone number.

Unencrypted files were found in public storage on Android in the directories "/pinngle/.temp" and "/pinngle/Pinngle Files". There are also other folders that were empty but if they were already created they would probably be used at some point for various types of data. Some of the directory names are ".audiorecord", ".groupchat", ".stickers", ".profilepicture", and ".linktumb".

I was not able to find any whitepaper or any specific details about the design of the application or the encryption protocols used. The website only mentions that it is a "serverless architecture".

My verdict: Not enough details, Facebook trackers

I really don't know how the program works, and the saving of data unencrypted in public storage is a big concern. There are better applications available.
Ricochet Windows, MacOS, Linux (many) Text
Version tested: 1.1.4
Country of origin: No centralized servers
Encryption protocol: Tor hidden services/TLS
Shared Secret exchange: ECDH25519
Message Encryption Cipher: AES-128
Business model: Free open source project
Android app requires Google Play Services: N/A
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: ?
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: Yes
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: No
Leaks files: No
Websites: Source Code, Technical design
Last tested: 3/23/2019
Notes:

Update on 3/23/2019:
It looks like this project will not be developed any further. The primary developer has moved to focus on the Cwtch messenger. See issue #578 and issue #555.

Works over Tor. Creates a hidden Tor service to connect P2P.

Encryption:
The built in encryption in Tor hidden services is used, Diffie-Hellman key exchange with RSA 1024 keys.
From the spec:For legacy purposes, we specify compatibility with older versions of the Tor introduction point and rendezvous point protocols. These used RSA1024, DH1024, AES128, and SHA1, as discussed in rend-spec.txt.

Ricochet is consider experimental. Do not use for anything you want to truely be secure.
This software is an experiment. Security and anonymity are difficult topics, and you should carefully evaluate your risks and exposure with any software. Do not rely on Ricochet for your safety unless you have more trust in my work than it deserves. That said, I believe it does more to try to protect your privacy than any similar software, and is the best chance you have of withholding your personal information.

My verdict: Nice concept to try, no longer in development
I love that it is based on Tor hidden services. The base Ricochet protocol is now being used in the Cwtch application and further development of Ricochet has ceased.
Sid Android, iOS, MacOS, Windows, Linux (Ubuntu) Text, group chat, pictures, audio, files
Version tested: 0.9.7
Country of origin: Germany
Encryption protocol: NaCl
Shared Secret exchange: ECDH25519
Message Encryption Cipher: Salsa20
Business model: Sid is a demonstration of Spherebox technology
Android app requires Google Play Services: false
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: No
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable You may be able to see historical messages that were send to other devices, but there is no way to import from another device to restore messages
Hammer test: Data recoverable Android and Mac clients leak files
Has contact verification: No
Leaks files: Android, Mac
Android app trackers (1): Matomo (Piwik)
Websites: Security by Design
Last tested: 7/14/2019
Notes:

This is a peer-to-peer application but it is unique in that you can connect multiple devices to the same account and they will sync all data to all devices. You can also choose to send data only to one specific device, making this a very nice file transfer platform.
This application is still in beta (as of version 0.9.4, January 2018)
Android leaks files: found photos in "Local Storage/Device Storage/Sid/Sid Images" and files in "Local Storage/Device Storage/Sid/Files". Also leaks files on the Windows client.

Encryption:
  • Random numbers are generated using a Whirlpool512 hash with a 4096 bit entropy pool.
  • Diffie-Hellman key exchange using Curve25519
  • These keys are hashed to derive a shared secret
  • The shared secret is combined with a unique nonce to encrypt the message
  • Poly1305 is used to create a message authentication code
My verdict:

I want to really love this app. It combines P2P communication with syncing across multiple devices. It also features sending files or messages to only one of your registered devices making this very nice for transferring files or notes between devices. Also a plus is it is based in Germany.
Unfortunately it leaks files like images that are sent. So this would not be considered a secure messaging app. However I do find it useful for sending files which already exist on my devices to other devices, since those files already are not encrypted or protected.
Status Android, iOS, MacOS, Windows, Linux Text, group chat
Version tested: 0.12.2
Country of origin: Switzerland
Encryption protocol: Signal
Shared Secret exchange: ECDH P256
Message Encryption Cipher: AES-256
Business model: Self-funded, grants
Android app requires Google Play Services: true
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable multi-device message and contact sync is currently in development
Hammer test: Data not recoverable Messages saved only on device
Has contact verification: Yes
Leaks files: No
Android app trackers (1): Google Firebase Analytics
Websites: Status Developers Portal
Last tested: 5/26/2019
Notes:

Status does not require any personal information to signup. Once your account is created you are assigned a 3 word phrase that can be given to other contacts as a verification phrase.

Adding another contact is a little different than most messengers. You must either scan their QR code or acquire their code in text form which they can send to you in another messaging app or through email. To find your code go to your profile, then select "Share my profile" and select "Share link". To connect another Status user start a new chat then scan their QR code or enter the long code that they ent you. When first connected you will see their 3 word verification phrase, which you should confirm is correct. Note that their profile name will not appear yet. Once confirmed and a chat is started then you will see their chosen profile name.

Status sends messages by connecting directly to the devices of other Status users directly, creating a very large mesh network. When you send a message, it gets encrypted for only the recipients, but the encrypted message gets broadcast to all devices in the entire Status mesh network. Eventually all devices receive the message, but only those that have the right private keys can decrypt it. Status claims this strategy prevents anyone monitoring the network from knowing exactly who is communicating since all devices get all messages.
This is an interesting setup, however I see some potential issues with it:
  • Scale: What kind of network traffic will this produce if Status becomes popular and there are many users? Any single device will be receiving every single message sent to all other users in the network, which could put a strain on endpoint networks or use up lots of data on mobile plans.
  • Related to the first point, every message needs to be tried to be decrypted by each device. This could use up a lot of CPU time and battery power on mobile devices.
  • Since every device receives every message, recording and saving every encrypted message will be easy, and a flaw in the cryptographic protocol could have widespread consequences.

I did not find any files saved directly into public file storage on my Android device (good). But sending files and photos isn't even a feature in chats yet so it remains to be seen if this is true when and if those items can be sent in chats.

My Verdict: Very basic right now, concerns about encrypted data distribution

From a usability standpoint this app is very basic with only text in chats (no photos, videos, audio or files). Other secure apps have so many more features.
Security-wise, my concerns are with the fact that all messages, while encrypted, do get sent to every single device. Also this could cause issues with network congestion, lots of wasted mobile data, and increased CPU usage.
StealthChat Android, iOS Text, group chat, voice, pictures
Version tested: 1.3.7
Country of origin: USA
Encryption protocol: OTR
Shared Secret exchange: ?
Message Encryption Cipher: AES-?
Business model: A project of Rockliffe software.
Android app requires Google Play Services: false
Requires a phone number: Yes
Requires an email address: No
Your ID contains personal information: Phone
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: Yes
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: Yes
Leaks files: No
Android app trackers (2): Google Analytics, Google Tag Manager
Websites:
Last tested: 2/2/2018
Notes:

Self destruct messages
Requires a phone number to register, uses the phone numbers in your contacts list to search for others, exposes your phone number to others.
Available on the Amazon app store, but it is an older version.
During testing there were several delays in messages being delivered, and some messages not burning.

Encryption:
StealthChat uses OTR encryption which has limitations to single device to device communication.

My verdict:
Among the P2P applications this one is basic and has some reliability issues. There are other P2P apps that have better features and do not expose your phone number, so I do not recommend this one
Tok Android, iOS Text, group chat, photos, videos, files
Version tested: 1.5.2
Country of origin: None
Encryption protocol: NaCl
Shared Secret exchange: ECDH25519
Message Encryption Cipher: XSalsa20
Business model: Open source project
Android app requires Google Play Services: false
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: No
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages:
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification:
Leaks files: Android
Android app trackers (1): Bugly
Websites: Source
Last tested: 6/30/2019
Notes:

Tok is a new client written to use the Tox transport protocol.
Currently all profile data is stored in publicly accessible storage on Android so that makes this a no-go full stop. There is an issue ticket (User profile information leaked to (essentially) every other app on Android) about this where this issue is on their to do list.

My verdict: Not yet

The data leakage issue is serious, this is not even worth trying at this point until this basic security measure is resolved.
Zangi Android, iOS (MacOS, Windows and web coming soon) Text, VOIP, photos, video, audio, files, location
Version tested: 4.3.5
Country of origin: USA
Encryption protocol: ?
Shared Secret exchange: RSA 2048 PKI
Message Encryption Cipher: RC4+
Business model: Enterprise messenger solutions
Android app requires Google Play Services: true
Requires a phone number: Yes
Requires an email address: No
Your ID contains personal information: Phone
Data is locally encrypted: No
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data recoverable Android client leaks files
Has contact verification: No
Leaks files: Android
Android app trackers (3): Google Analytics, Google CrashLytics, Google Firebase Analytics
Websites:
Last tested: 1/27/2018
Notes:

Even though the Play Store says this app requires Google Play services I had only one issue using this application with them disabled.
Caution: Requires a phone number to register, uses the phone numbers in your contacts list, exposes your phone number to your Zangi contacts.
Sending all types of files- audio clips, music, video, location- worked perfectly with the exception that animated gifs do not play. Location does not work however without Google Play services.
New message notifications work, and there is also a "Quick Chat" mode that allows responses to messages outside the application.
Video call quality is very good even over VPN connection. You can even continue a video call and bring up the text chat so that you still see both video feeds (you and the other person) while sending text, pictures etc.
Search in chats for text.
Unfortunately Zangi leaks message data, for example photos were found in /zangi/.temp and videos in /zangi/Zangi Files.
Android leaks files: found photos in Local Storage/Device Storage/zangi/Zangi Files

Encryption:
Zangi uses RC4+ which is based on RC4 which has known weaknesses.

My verdict:
I am impressed with this application. I encountered no bugs and the interface is very professional. Tons of features and very easy to use.
That all said, this does expose your phone number and requires that the app has access to your contacts list to search for other Zangi users. Also the leaking of message data makes this app unsafe to use.