End-to-end encrypted messaging · iOS
SecureChat is a privacy-first iOS messenger. The relay is a blind packet dropbox: it stores and forwards opaque, client-encrypted, client-signed payloads. It never sees your plaintext, your keys, or your message bodies. No phone number. No email. No analytics. No media cloud. Source-available; self-hostable relay on a $5/month VPS.
Status: Public Beta. The relay, the iOS app, and the production-hardening story are shipping. Security audit is recommended before high-assurance claims.
Three layers, each with one job. The cryptography is the same one you would write yourself if you were starting from Apple's CryptoKit and a clean spec.
On first launch the app generates a Curve25519 keypair (signing + agreement) and stores the private key in the iOS Keychain. The public key is your identity; you share it as a base64 fingerprint. No email, no phone, no server-issued token.
Outgoing messages are sealed with AES-GCM using a per-message symmetric key, which itself is encrypted to the recipient's Curve25519 public key. The result is signed with your signing key, then handed to the relay.
The relay accepts the packet (signed + sealed, plus metadata: sender, recipient, expiry), stores it for up to 24 h, and delivers it when the recipient next asks. The relay cannot read the payload; it cannot forge a sender; it cannot replay an old packet.
The relay is designed so that a successful subpoena, a server-side breach, or a curious operator is structurally incapable of reading user messages. The list below is the negative space we have engineered out of the system.
Plaintext message bodies, plaintext keys, decrypted attachments, contact lists, message timestamps in any client-readable form beyond packet expiry, group membership, your identity fingerprint history.
Opaque, base64-encoded sealed payloads, signed envelopes, packet IDs, sender and recipient peer IDs (64-hex), and a TTL. All of this is opaque to the operator without the recipient's private key.
Crash reports, analytics events, IDFA, contacts, location, device identifiers, push tokens to third-party services, location of the user's phone number, push-notification content (the relay never receives it; only opaque packets).
The Curve25519 private key (iOS Keychain, ThisDeviceOnly), encrypted local message store, encrypted draft store, biometric app-lock state, Safety Number verifications.
SecureChat ships with an on-device Security Sentinel that continuously checks whether the device you're using is in a state that matches our threat model. It scores your current posture from 0 to 100 and surfaces a list of typed findings with concrete recommendations.
The Sentinel inspects:
The Sentinel is fully local, deterministic, and source-inspectable. It is not a machine-learning model and it does not phone home. It does not replace an external security audit, and we say so explicitly in ADR-004.
The score and findings appear in the Dashboard, in a dedicated Sentinel view, and as part of the Production-Readiness check.
iPhone or iPad, iOS 16 or newer. The first public beta is invite-only; tap to open TestFlight.
The relay is a single Fastify container. Run it on a $5 VPS, point the iOS app at it, and you own the full stack.
Both the iOS app and the relay are source-available under a fair license. The repo is the canonical source for the public beta.