Peer to Peer Apps

Step-by-step guides and detailed information on secure messaging apps for Android, iOS, Windows, Mac and Linux.

Apps are listed in order of "Highly Recommended" first, then "Worth a Try", then "Not Recommended" last. Apps within the same recommendation level are ordered alphabetically.

Briar Project

Platforms: Android (via Google Play, F-Droid repo or APK)
Communication types: Text and forums
Country of origin: None
Source code: open
Encryption protocol: Bramble, SpongyCastle
Shared Secret exchange: ECDHC brainpoolp256r1
Message Encryption Cipher: AES-256
Business model: Free open source project, Bitcoin donations, other funding
Android app requires Google Play Services: No
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: Yes
Leaks files: No
Android app trackers (0): None
Websites: Source Code
Version tested: 1.2.3
Last tested: 7/7/2019
Notes:

7/7/2019- Update: You can now add remote contacts by exchanging Briar URLs. In the contacts list choose the "Add contact at a distance" option and enter the Briar URL of your remote contact which they will need to send you via another channel. This is also where you will see your own Briar URL to send to others.
In some places like Forums, you will see three ### symbols next to a contact's name which signifies their level of trust for you. One red # means that this contact is not known to you and was added to someplace like a forum by another member. Two yellow ## means that the person was added to your contacts remotely (at a distance). Three green ### means that you added the contact in person by scanning QR codes.
Now that the restriction of having to meet someone in person to create contacts has been removed, I think this app will have a much broader use than just small local groups.

Pros:
Secure P2P encryption
On F-Droid
Does not require Google Play services
Works over wifi, bluetooth or Tor
Cons:
Android only
Pro or Con:
Transferring to another Android phone: There does not seem to be a possible way to preserve your account or data, you can recreate another account with the same name on the new phone.

On Copperhead, the battery optimization settings need to be set to Off so that it will remain connected.
Android battery use is somewhat high, even with battery optimization turned on.

Encryption:
Public/private key pairs are generated on the device. Key exchange is performed in person by scanning the QRCode of the other person's public key on their device or by exchanging your Briar URLs. This establishes a trusted key pairing between devices.
A shared secret is calculated from a hash of the key pair (using Diffie-Hellman) which is then used to generate a master key. The shared secret is then erased.

My verdict: Great option for peer to peer communication.

There are still some limitations, such as being Android only and text only (though sending photos is being worked on). However being peer to peer, open source and able to be used without an internet connection makes this app very attractive. In my testing it has been very reliable, with the understanding of the nature of peer to peer communications.

TwinMe

Platforms: Android, iOS
Communication types: Text, group chat, voice, photos, video, files, streaming music
Country of origin: France
Source code: closed
Encryption protocol: WebRTC/TLS
Shared Secret exchange: ECDH
Message Encryption Cipher: AES-256
Business model: Pro version of the platform
Android app requires Google Play Services: No
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: No
Leaks files: No
Android app trackers (0): None
Websites: Encryption
Version tested: 9.1.1
Last tested: 11/28/2018
Notes:

TwinMe is easy to setup and to connect with another TwinMe user, you can either scan their QR code in person or send them an invite link.
This app is truly peer to peer, so sometime when you try to send a message it will just appear with a spinning circle next to it. This just means that the other person is not online. You can close the app and it will work in the background and deliver the message once the other person is online.
The interface is professional looking, though the iOS version seems more consistant with the host OS than the Android version.
One cool feature is the ability to stream music from your device to your contact's device.
On Android Google Play Services are not required. The Android version I first tried from the Amazon app store would not launch at all. The version from the Google Play Store (downloaded via Yalp) did run.
On Copperhead, the battery optimization settings need to be set to Off for TwinMe to stay connected when in the background.
Added in version 8.3.0 is the ability to delete messages you have sent from both your device and the device of your chat partner. Simply swipe the text to the left and the delete icon will appear.

Encryption:
TwinMe is a direct peer to peer connection between devices, so there is no middle server to need to protect information against. All encryption is done on the transport level with TLS.

My Verdict: One of the best peer to peer chat apps!

This app is very reliable and easy to use. It has a unique feature with its music streaming ability. I wish it had quoting of messages, ephemeral messages and contact verification. Not having a server in the middle handling messages makes this a very safe app to use.
The FAQ mentions that you can preserve your ID and contacts when changing to a new device by doing a full backup with iTunes or your PC, so just be conscious of having that information in any backups you may do.
With both iOS and Android apps this can be used by a majority of phone users.

Patchwork

Platforms: Linux (AppImage), MacOS, Windows
Communication types: Text
Country of origin: None
Source code: open
Encryption protocol: Scuttlebutt
Shared Secret exchange: ECDH25519
Message Encryption Cipher: Salsa20
Business model: Free open source project
Android app requires Google Play Services: N/A
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: No
Perfect forward secrecy: Yes
Messages stored on server: ?
Ephemeral messages: No
Puddle test: Data recoverable
Hammer test: Data recoverable Your data is saved in multiple feeds. https://www.scuttlebutt.nz/faq/basics/data-live.html https://www.scuttlebutt.nz/faq/basics/delete.html
Has contact verification: No
Leaks files: No
Websites: Scuttlebutt
Version tested: 3.8.10
Last tested: 4/24/2018
Notes:

[Submitted by Perflyst]

Decentralized messaging and sharing app built on top of Secure Scuttlebutt

My verdict: Great option for desktops, mobiles coming soon?
Private messages are end-to-end encrypted, always.
You have to follow somebody to get messages from them, so you won't get spammed.
The datastructure is a global mesh of append-only logs, which can support new types of data (not just "mail").
Users are not bound to one server/host (what we call "Pubs") and do not have to trust the servers.

Silence

Platforms: Android
Communication types: SMS, MMS
Country of origin: No centralized servers
Source code: open
Encryption protocol: Signal
Shared Secret exchange: ECDH25519
Message Encryption Cipher: AES-256
Business model: Free open source project, Bitcoin donations
Android app requires Google Play Services: No
Requires a phone number: Yes
Requires an email address: No
Your ID contains personal information: Phone
Data is locally encrypted: Yes
Encrypted by default: No
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: Yes
Leaks files: No
Android app trackers (0): None
Websites:
Version tested: 0.15.13
Last tested: 4/4/2021
Notes:

Silence is an SMS application that adds the ability to send encrypted messages over SMS. It also saves your text SMS message in an encrypted database on the phone.

It looks like there haven't bee any code updates for over a year now. So if this is no longer maintained that is a concern.
Gitlab source repository moved to their own instance in 2019: https://silence.im/contribute/
Last merge was in 2020: here

My Verdict:
As a plain SMS app this at least encrypts the local database. But this appears not to be maintained anymore and now there are so many excellent alternatives that encrypt both message contents and meta data.

Skred

Platforms: Android, iOS
Communication types: Text, image, sound, music, video
Country of origin: France
Source code: closed
Encryption protocol: WebRTC/TLS
Shared Secret exchange: ECDH
Message Encryption Cipher: AES-256
Business model: Operated by SKRED SAS with a capital of €1,387,000
Android app requires Google Play Services: Yes
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: No
Leaks files: No
Android app trackers (0): None
Websites:
Version tested: 0.6.5
Last tested: 8/12/2018
Notes:

Skred is a variant of the TwinMe app with most of the same features. One additional function is that the alternate identities are secured with a PIN number. Each identity has its own profile, contacts and conversations. When the default identity in use the contacts, conversations and notifications from the other identities are not shown so the alternate identities are truly secret and silent unless you are actively using one.

Antox

Platforms: Android
Communication types: Text, files, avatars, partial A/V support
Country of origin: No centralized servers
Source code: open
Encryption protocol: NaCl
Shared Secret exchange: ECDH25519
Message Encryption Cipher: XSalsa20
Business model: Free open source project
Android app requires Google Play Services: No
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: ?
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data recoverable Client leaks files
Has contact verification: No
Leaks files: Android
Android app trackers (0): None
Websites:
Version tested: 0.25.515
Last tested: 12/01/2018
Notes:

Antox uses the Tox protocol.

On Copperhead, Antox needs battery optimizations set to Off to stay connected.
Android leaks files: found photos in Local Storage/Device Storage/Download/Tox Received Files

My verdict: Try it for non secure communications!

Tox has a lot of promise, the clients need more polishing but they are available for most platforms which will help adoptability.
Unfortunately the Antox client on Android leaks data, so this is a good option to try but I would not depend on it for secure communications.
This shows the weakness of having a strong communication protocol but no control over the client apps. The protocol may be excellent, but if the apps do not handle the information properly once decrypted, that compromises security. And with multiple clients available, even if I choose a client that I know is secure, someone else I am communicating with may be using a client which is not secure so they are compromising my security.

Jami

Platforms: Android, iOS, Linux, MacOS, Windows
Communication types: Text, group chat, voice, video, files, photos
Country of origin: Canada
Source code: open
Encryption protocol: GnuTLS
Shared Secret exchange: RSA 4096 PKI
Message Encryption Cipher: AES-256
Business model: Open source, side project of Savoir-faire Linux
Android app requires Google Play Services: Yes
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data recoverable MacOS leaks files
Has contact verification: No
Leaks files: MacOS
Android app trackers (0): None
Websites: Source Code
Version tested: 1.49 (MacOS), 20190824-01 (Android)
Last tested: 11/23/2019
Notes:

Pros:
On F-Droid
Multiple platforms
Not dependent on a phone #

Cons:
The Mac app saves images you receive onto disk, no option to disable this.
You can look up any contact just by typing in names randomly.
Based in Canada

Encryption:
Uses the GnuTLS library with RSA keys and X.509 certificates.

Since my last review in 2018 this app has improved. Using multiple devices is much less confusing, the process for adding multiple devices to an account is all new and very easy to complete. Messages seem to sync up a little better but there are still problems when using the same account on multiple devices. Messages you send out do not get synced to your other devices, and messages are not always received on every device. One strange thing though is I could add myself as a contact and send myself messages.
On the Mac, pictures are no longer saved directly in your Documents folder as they were in previous versions, they are somewhat more hidden in your user Library but still not encrypted. Any files sent to you are saved in /Users/[your account]/Library/Containers/com.savoirfairelinux.ring.macos/Data/Documents/. If you delete your Jami account the files are not deleted. If you then add a new account, any files sent to the new account are also saved in this same directory. So you now have files sent to multiple Jami accounts saved in the same directory together, with no encryption or other controls to prevent access.

Battery usage on a LineageOS based Android device is very high, over 1% per hour. On iOS this is not the case, battery usage was too low to measure.

My verdict: Pass
This is being developed as a side project by Savoir-faire Linux so they know open source! The clients have a unified experience and are available for most platforms.
This was designed as a P2P app, and multiple clients can be linked to one account but the messages are not synced up properly to all devices. So this app really is only usable with a separate account for each device.
While the Android client does not appear to leak files (none that I could find) the Mac version saves files sent to you in your user Library. This makes this app insecure for anyone using the Mac version or sending to someone else who is.

LinkCast

Platforms: Android, iOS
Communication types: Text, group chat, video chat, photos, videos, files, location
Country of origin: Japan
Source code: closed
Encryption protocol: ?
Shared Secret exchange: ECDH
Message Encryption Cipher: AES-256
Business model: Purchasing of coins and stickers in the app
Android app requires Google Play Services: Yes
Requires a phone number: Yes
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: Yes
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data recoverable Android client leaks files
Has contact verification: No
Leaks files: Android
Android app trackers (3): Google Analytics, Google CrashLytics, Google Firebase Analytics
Websites: FAQ
Version tested: Android- 3.0.5, iOS- 3.1.0
Last tested: 11/03/2018
Notes:

When first setting up the app on Android, after signup I kept getting an error about no connection being available. I was able to sign in using an iPhone, then later was able to successfully login with the Android device. On Android contacts' avatars do not display, but they do on iPhone.

I know this is a P2P app but I was able to login with both an Android and iPhone at the same time and participate in a chat. Some messages were not received on my Android device but they were received on my iPhone.

Photos were found unencrypted in public storage on Android, in device/com.btdstudio.linkcast/Param

If you log out or restart your device, you must first put in your phone number to receive a 2FA code to input into the app. Then you must provide your PIN to login. While this security feature is good, it would be appreciated if one of those could be turned off in settings. However I think the PIN is used for encrypting the local database, so probably the only option would be to have the 2FA feature on/off.

The website has many misspelled or obviously missing words on the website, especially on the FAQ page.

Encryption:
Key pairs are negotiated using Curve25519 with Diffie-Hellman, and a shared secret is derived. Data is then encrypted using AES 256. Message authentication is ensured using HMAC-SHA512.

My verdict: Too many problems with Android

While the iOS app works very well, the Android app has a few bugs and also leaks data. While it is meant as a P2P app you can log in with multiple devices and that may be the reason for messages not being properly synced between devices.

The Android app also does not display avatars, and photos are saved unencrypted in public storage. If it weren't for this unfortunate security issue I would have given this app a "Worth a try" rating.

While it does require a phone number to sign up and log in, this number is not shown to other users so your privacy is protected.

Pinngle

Platforms: Android, iOS
Communication types: Text, group chat, voice, photos, audio clips, files, location
Country of origin: Latvia
Source code: closed
Encryption protocol: ?
Shared Secret exchange: ?
Message Encryption Cipher: ?
Business model: Fee for calling out to phone numbers
Android app requires Google Play Services: Yes
Requires a phone number: Yes
Requires an email address: No
Your ID contains personal information: Phone
Data is locally encrypted: ?
Encrypted by default: Yes
Perfect forward secrecy: ?
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data recoverable Android client leaks files
Has contact verification: No
Leaks files: Android
Android app trackers (6): Facebook Analytics, Facebook Login, Facebook Share, Google Analytics, Google CrashLytics, Google Firebase Analytics
Websites:
Version tested: 2.1.9
Last tested: 4/21/2019
Notes:

This app requires access to your Contacts to work, without access it will not function at all.

The first registration attempt failed, however once I did get it registered messages seemed to be sent and received quickly. This is probably due to the peer to peer design.

Your phone number is required to register, and is used by others to search for you in the app. In effect your ID is directly linked to your phone number.

Unencrypted files were found in public storage on Android in the directories "/pinngle/.temp" and "/pinngle/Pinngle Files". There are also other folders that were empty but if they were already created they would probably be used at some point for various types of data. Some of the directory names are ".audiorecord", ".groupchat", ".stickers", ".profilepicture", and ".linktumb".

I was not able to find any whitepaper or any specific details about the design of the application or the encryption protocols used. The website only mentions that it is a "serverless architecture".

My verdict: Not enough details, Facebook trackers

I really don't know how the program works, and the saving of data unencrypted in public storage is a big concern. There are better applications available.

Ricochet

Platforms: Windows, MacOS, Linux (many)
Communication types: Text
Country of origin: No centralized servers
Source code: open
Encryption protocol: Tor hidden services/TLS
Shared Secret exchange: ECDH25519
Message Encryption Cipher: AES-128
Business model: Free open source project
Android app requires Google Play Services: N/A
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: ?
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: Yes
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: No
Leaks files: No
Websites: Source Code, Technical design
Version tested: 1.1.4
Last tested: 3/23/2019
Notes:

Update on 3/23/2019:
It looks like this project will not be developed any further. The primary developer has moved to focus on the Cwtch messenger. See issue #578 and issue #555.

Works over Tor. Creates a hidden Tor service to connect P2P.

Encryption:
The built in encryption in Tor hidden services is used, Diffie-Hellman key exchange with RSA 1024 keys.
From the spec:For legacy purposes, we specify compatibility with older versions of the Tor introduction point and rendezvous point protocols. These used RSA1024, DH1024, AES128, and SHA1, as discussed in rend-spec.txt.

Ricochet is consider experimental. Do not use for anything you want to truely be secure.
This software is an experiment. Security and anonymity are difficult topics, and you should carefully evaluate your risks and exposure with any software. Do not rely on Ricochet for your safety unless you have more trust in my work than it deserves. That said, I believe it does more to try to protect your privacy than any similar software, and is the best chance you have of withholding your personal information.

My verdict: Nice concept to try, no longer in development
I love that it is based on Tor hidden services. The base Ricochet protocol is now being used in the Cwtch application and further development of Ricochet has ceased.

Status

Platforms: Android, iOS, MacOS, Windows, Linux
Communication types: Text, group chat
Country of origin: Switzerland
Source code: open
Encryption protocol: Signal
Shared Secret exchange: ECDH P256
Message Encryption Cipher: AES-256
Business model: Self-funded, grants
Android app requires Google Play Services: Yes
Requires a phone number: No
Requires an email address: No
Your ID contains personal information: No
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable multi-device message and contact sync is currently in development
Hammer test: Data not recoverable Messages saved only on device
Has contact verification: Yes
Leaks files: No
Android app trackers (1): Google Firebase Analytics
Websites: Status Developers Portal
Version tested: 0.12.2
Last tested: 5/26/2019
Notes:

Status does not require any personal information to signup. Once your account is created you are assigned a 3 word phrase that can be given to other contacts as a verification phrase.

Adding another contact is a little different than most messengers. You must either scan their QR code or acquire their code in text form which they can send to you in another messaging app or through email. To find your code go to your profile, then select "Share my profile" and select "Share link". To connect another Status user start a new chat then scan their QR code or enter the long code that they sent you. When first connected you will see their 3 word verification phrase, which you should confirm is correct. Note that their profile name will not appear yet. Once confirmed and a chat is started then you will see their chosen profile name.

Status sends messages by connecting directly to the devices of other Status users directly, creating a very large mesh network. When you send a message, it gets encrypted for only the recipients, but the encrypted message gets broadcast to all devices in the entire Status mesh network. Eventually all devices receive the message, but only those that have the right private keys can decrypt it. Status claims this strategy prevents anyone monitoring the network from knowing exactly who is communicating since all devices get all messages.
This is an interesting setup, however I see some potential issues with it:

I did not find any files saved directly into public file storage on my Android device (good). But sending files and photos isn't even a feature in chats yet so it remains to be seen if this is true when and if those items can be sent in chats.

My Verdict: Very basic right now, concerns about encrypted data distribution

From a usability standpoint this app is very basic with only text in chats (no photos, videos, audio or files). Other secure apps have so many more features.
Security-wise, my concerns are with the fact that all messages, while encrypted, do get sent to every single device. Also this could cause issues with network congestion, lots of wasted mobile data, and increased CPU usage.

StealthChat

Platforms: Android, iOS
Communication types: Text, group chat, voice, pictures
Country of origin: USA
Source code: closed
Encryption protocol: OTR
Shared Secret exchange: ?
Message Encryption Cipher: AES-?
Business model: A project of Rockliffe software.
Android app requires Google Play Services: No
Requires a phone number: Yes
Requires an email address: No
Your ID contains personal information: Phone
Data is locally encrypted: Yes
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: Yes
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data not recoverable When messages are deleted on both sending and receiving devices
Has contact verification: Yes
Leaks files: No
Android app trackers (2): Google Analytics, Google Tag Manager
Websites:
Version tested: 1.3.7
Last tested: 2/2/2018
Notes:

Self destruct messages
Requires a phone number to register, uses the phone numbers in your contacts list to search for others, exposes your phone number to others.
Available on the Amazon app store, but it is an older version.
During testing there were several delays in messages being delivered, and some messages not burning.

Encryption:
StealthChat uses OTR encryption which has limitations to single device to device communication.

My verdict:
Among the P2P applications this one is basic and has some reliability issues. There are other P2P apps that have better features and do not expose your phone number, so I do not recommend this one

Zangi

Platforms: Android, iOS (MacOS, Windows and web coming soon)
Communication types: Text, VOIP, photos, video, audio, files, location
Country of origin: USA
Source code: closed
Encryption protocol: ?
Shared Secret exchange: RSA 2048 PKI
Message Encryption Cipher: RC4+
Business model: Enterprise messenger solutions
Android app requires Google Play Services: Yes
Requires a phone number: Yes
Requires an email address: No
Your ID contains personal information: Phone
Data is locally encrypted: No
Encrypted by default: Yes
Perfect forward secrecy: Yes
Messages stored on server: Never
Ephemeral messages: No
Puddle test: Data not recoverable Messages saved only on device
Hammer test: Data recoverable Android client leaks files
Has contact verification: No
Leaks files: Android
Android app trackers (3): Google Analytics, Google CrashLytics, Google Firebase Analytics
Websites:
Version tested: 4.3.5
Last tested: 1/27/2018
Notes:

Even though the Play Store says this app requires Google Play services I had only one issue using this application with them disabled.
Caution: Requires a phone number to register, uses the phone numbers in your contacts list, exposes your phone number to your Zangi contacts.
Sending all types of files- audio clips, music, video, location- worked perfectly with the exception that animated gifs do not play. Location does not work however without Google Play services.
New message notifications work, and there is also a "Quick Chat" mode that allows responses to messages outside the application.
Video call quality is very good even over VPN connection. You can even continue a video call and bring up the text chat so that you still see both video feeds (you and the other person) while sending text, pictures etc.
Search in chats for text.
Unfortunately Zangi leaks message data, for example photos were found in /zangi/.temp and videos in /zangi/Zangi Files.
Android leaks files: found photos in Local Storage/Device Storage/zangi/Zangi Files

Encryption:
Zangi uses RC4+ which is based on RC4 which has known weaknesses.

My verdict:
I am impressed with this application. I encountered no bugs and the interface is very professional. Tons of features and very easy to use.
That all said, this does expose your phone number and requires that the app has access to your contacts list to search for other Zangi users. Also the leaking of message data makes this app unsafe to use.