Skip to content

Latest commit

 

History

History
495 lines (365 loc) · 23.5 KB

File metadata and controls

495 lines (365 loc) · 23.5 KB
🇫🇷 Français | 🇬🇧 English

🔐 Fialka

End-to-end encrypted chat for Android — free, anonymous, serverless


🔐    🧅    📬    🛡️    🔑    📷    📱


Android Kotlin E2E Version License Terms Privacy


Tor Fialka-Core SQLCipher Room Material3 ZXing Coroutines


  Messages are encrypted BEFORE they are sent.
  No one can read them. No central server.

  No phone number. No email. No Google.
  Just a key and Tor.


⚡ At a Glance

🔐 Crypto

  • 1 Ed25519 seed → everything: identity, .onion, X25519, ML-KEM, fingerprint
  • PQXDH: X25519 + ML-KEM-1024 (post-quantum hybrid)
  • ML-DSA-44: PQ signature on handshake
  • SPQR: periodic PQ re-encapsulation (every 10 msgs)
  • AES-256-GCM / ChaCha20-Poly1305 (auto) + Double Ratchet with PFS + healing
  • Fingerprint emojis 96-bit anti-MITM + QR code scanner
  • BIP-39 backup (24 words) → restores entire identity
  • One-shot photos — view once, 2-phase secure deletion
  • Seed in Android Keystore (StrongBox when available)
  • Encrypted local DB SQLCipher
  • Message padding fixed-size (256/1K/4K/16K)
  • Dummy traffic (per-conversation cover traffic)
  • E2E file sharing AES-256-GCM (P2P transfer via Tor)
  • Ed25519 signatures per-message anti-forgery
  • Zero Google, zero Firebase — full P2P via Tor Hidden Services

🎨 UI/UX

  • Material Design 3 — Full migration of all 5 themes
  • 5 themes: Midnight · Hacker · Phantom · Aurora · Daylight
  • Fluid animations — transitions, bubbles, cascade
  • Inline attachment icons — Session-style, slide-up animation
  • Tor Bootstrap screen — Tor/Normal choice, animated progress, 5 themes
  • Scrollable toolbar + auto-hide FAB
  • Dynamic bubbles colored by theme
  • App Lock PIN + biometrics
  • Disappearing messages (30s → 1 month)
  • One-shot photos view once 🔥
  • In-app language selector — FR / EN (dedicated screen, persistent, instant reload)

✨ Features

🔒 Security & Crypto
Feature Details
🌱 1 Seed → Everything Ed25519 seed → identity, .onion, X25519, ML-KEM, fingerprint
🔐 E2E Encryption PQXDH: X25519 + ML-KEM-1024 + AES-256-GCM / ChaCha20-Poly1305 + SPQR
🤝 ML-DSA-44 Handshake Post-quantum signature on session establishment
🔄 Perfect Forward Secrecy Double Ratchet (DH + KDF chains)
🔏 Fingerprint emojis + QR 96-bit, 16 emojis + QR code SHA-256, built-in scanner
🧅 Tor P2P .onion to .onion — zero relay, zero middleman
📬 Fialka Mailbox Distinct server mode (requires 2 phones) — 4 modes (Personal, Private, Public) — E2E store/transit/purge — ZERO decryption
🛡️ DeviceSecurityManager StrongBox detection, MAXIMUM/STANDARD level
🕵️ Sealed Sender Tor Hidden Services — recipient cannot see sender IP
🔑 Keystore-backed Ed25519 seed in Android Keystore (StrongBox when available)
🗄️ SQLCipher Room DB encrypted with AES-256
🧹 Memory zeroing Intermediate keys filled with zeros
📏 Message padding Fixed-size (256/1K/4K/16K) anti-traffic analysis
👻 Dummy traffic Periodic cover messages (configurable toggle)
📎 E2E file sharing Per-file AES-256-GCM, P2P transfer via Tor
✍️ Ed25519 Signatures Every message signed, ✅/⚠️ badge anti-forgery
📸 One-shot photos View once (sender + receiver), 2-phase secure deletion
💰 Monero (XMR) Wallet Local, non-custodial — private keys on device only, XMR in-chat payments, Stagenet/Mainnet switchable network (Section 6, TERMS.md)
🚫 Zero Google No Firebase, no FCM, no Google services
💬 Messaging
Feature Details
📷 QR Code Scan → auto-fill public key & nickname (deep link v2)
📨 Contact requests Invite → notification → accept/reject
🔴 Unread messages Badge counter + separator in chat
🔄 Real-time Receive messages even in background (Tor P2P)
🔔 Push notifications UnifiedPush + ntfy.sh, zero message content
⏱️ Disappearing msgs 10 durations (30s → 1 mo)
📁 E2E file sharing AES-256-GCM encrypted, P2P via Tor
👻 Dummy traffic Indistinguishable cover messages to mask activity
📬 Fialka Mailbox Distinct server mode (requires 2 phones) — 4 modes — E2E store/transit/purge — ZERO decryption
💀 Dead convo detection Auto-detect + clean up + re-invite
🎨 Interface
Feature Details
🌙 5 themes Midnight · Hacker · Phantom · Aurora · Daylight
Animations Slide/fade transitions, animated bubbles
📜 Scrollable toolbar Collapses on scroll, snaps back
🔽 Auto-hide FAB Hides when scrolling down
🫧 Dynamic bubbles Colors adapt to the active theme
🎭 Visual selector MaterialCardView grid with preview
📎 Inline icons Session-style attachment (file/photo/camera) animated
🌍 Language selector FR / EN in-app, instant switch, persistent preference
🔒 Protection
Feature Details
🔒 App Lock 6-digit PIN + opt-in biometrics
Auto-lock Configurable timeout (5s → 5min)
🔑 BIP-39 Backup 24 words to backup identity key
♻️ Restore Autocomplete 24-word grid + recover on new device
💾 .fialka Backup E2E encrypted export/import (identity + wallet + contacts) — AES-256-GCM, PBKDF2 600K
🗄️ Storage Management Real-time DB/cache stats, purge cache/files/messages
🗑️ Full deletion Wipes local data + Mailbox + signing keys
📵 Anonymous Zero number, zero email, zero Google, zero tracking

🏗 Architecture

┌──────────────────────────────────────────────────┐
│                    UI Layer                       │
│         Fragments · ViewModels · Adapters         │
├──────────────────────────────────────────────────┤
│               Repository Layer                    │
│      ChatRepository — single source of truth      │
├────────────────┬────────────────┬────────────────┤
│    Room DB     │     Crypto     │   Transport     │
│   (SQLCipher)  │ PQXDH + DR +   │ Tor P2P .onion  │
│                │ ML-DSA-44      │ + Mailbox       │
├────────────────┴────────────────┴────────────────┤
│              JNI Bridge (FialkaNative)            │
│         Fialka-Core — native Rust library         │
│  AES-GCM · ChaCha20 · Ed25519 · X25519 · ML-KEM  │
│  ML-DSA · HKDF · Double Ratchet · Onion          │
└──────────────────────────────────────────────────┘

📖 DetailsFull Architecture · Crypto Protocol · Project Structure


🛠 Quick Start

⚠️ Requires Android 13+ (API 33) — Fialka requires Android 13 minimum to guarantee access to StrongBox (hardware security module) and robust Keystore APIs that protect the SQLCipher passphrase. Approximately 60% of active Android devices are compatible. Devices running Android 12 or lower cannot install the app.

# 1. Clone
git clone https://github.com/FialkaApp/Fialka-Android.git
cd Fialka-Android

# 2. Build
./gradlew assembleDebug

📖 Full GuideInstallation & Build


🔐 Security

View all security measures (34 items)
Measure Status
Identity: 1 Ed25519 seed → everything (Account ID, .onion, X25519, ML-KEM, fingerprint)
Zero central server — all communication P2P via Tor Hidden Services
Zero Google, zero Firebase — no FCM, no RTDB, no Cloud Functions
E2E Encryption (PQXDH: X25519 + ML-KEM-1024 + AES-256-GCM / ChaCha20)
ML-DSA-44 post-quantum signature on handshake
Double Ratchet with PFS + healing
SPQR: ML-KEM re-encapsulation every 10 messages
ChaCha20-Poly1305 alternative (auto hardware AES detection)
Tor Hidden Services P2P (.onion → .onion, zero relay)
Fialka Mailbox (4 modes: Direct P2P, Personal, Private Node, Public Node)
UnifiedPush + ntfy.sh (self-hostable, replaces FCM)
Sealed Sender via Tor (recipient cannot see sender IP)
Memory zeroing (intermediate keys)
Conversation Mutex (thread-safe)
SQLCipher (local DB AES-256 encrypted)
Fixed-size message padding (anti traffic analysis)
Per-conversation dummy traffic (cover traffic)
E2E file sharing (AES-256-GCM, P2P via Tor)
R8/ProGuard obfuscation + complete log stripping (d/v/i/w/e/wtf)
Fingerprint emojis 96-bit anti-MITM + QR code SHA-256 scanner
App Lock (PIN + biometrics)
BIP-39 backup/restore (24 words → full identity)
allowBackup=false, zero sensitive logs
Ed25519 per-message signatures (anti-forgery)
StrongBox hardware key storage (when available)
DeviceSecurityManager (StrongBox probe + user profile)
One-shot photos (view once, 2-phase secure deletion)
HKDF memory zeroing (IKM, PRK, expandInput)
MnemonicManager memory zeroing (encode + decode)
FLAG_SECURE (MainActivity, LockScreen, RestoreFragment, dialogs)
Tapjacking protection (filterTouchesWhenObscured)
Deep link hardening (whitelist, limits, anti-injection)
Clipboard EXTRA_IS_SENSITIVE + 30s auto-clear
SecureFileManager (2-pass wipe: random + zeros)
V3.4.1 Security Audit — 42+ vulnerabilities fixed

📖 Full AnalysisSECURITY.md · Crypto Protocol


🗺 Roadmap

Version Theme Status
V1 Core — E2E, contacts, chats, push, fingerprint, SQLCipher, App Lock, ephemeral ✅ Done
V2 Crypto Upgrade — Full Double Ratchet X25519, native Curve25519 ✅ Done
V2.1 Account Lifecycle — BIP-39 backup, restore, delete, dead convo ✅ Done
V2.2 UI Modernization — 5 themes, animations, CoordinatorLayout, zero hardcoded colors ✅ Done
V3 Security Hardening — R8, delete-after-delivery, padding, HMAC UID, dummy traffic, E2E files ✅ Done
V3.1 Settings Redesign — Signal-like settings, 6-digit PIN, Privacy sub-screen ✅ Done
V3.2 Ed25519 Signing — Per-message signatures, ✅/⚠️ badge ✅ Done
V3.3 Material 3 + Tor + Attachment UX — M3 migration, full Tor integration, Session-style icons ✅ Done
V3.4 PQXDH + Security — Post-quantum ML-KEM-1024, deep link v2, DeviceSecurityManager StrongBox, fingerprint verification ✅ Done
V3.4.1 One-Shot + Security Audit — Ephemeral photos, BIP-39 grid, comprehensive security audit (42+ fixes) ✅ Done
V3.5 SPQR + ChaCha20 — PQ Triple Ratchet (ML-KEM re-encapsulation), ChaCha20-Poly1305 alternative, documented threat model ✅ Done
V4.0 Kill Firebase — P2P .onion + Mailbox store-and-forward, invite QR, deep links ✅ Done
V4.0.1 Direct Keystore (FialkaSecurePrefs), SQLCipher 4.14.1, transport reliability (15s retry, Mailbox fallback, adaptive fetch) ✅ Done
V4.0.2 Fialka-Core Rust JNI — 30-function JNI bridge, BouncyCastle removed, 100% native Rust crypto, git submodule ✅ Done
V4.1.0 Ed25519 contact auth, unit tests, DB migration warning ✅ Done
V4.2.0 Non-custodial Monero XMR wallet, XMR in-chat payments, donation address, advanced Tor settings, wallet seed backup ✅ Done
V4.3.0-alpha .fialka E2E encrypted backup, Stagenet/Mainnet switchable network, StorageFragment, CATEGORY_DATA, App disguise (calculator cover), XMR wallet legality (TermsManager V5) 🚧 Alpha
V4.3.x Dual PIN + Panic Button, E2E voice messages (Opus), reply/quote 🔜
V4.4 Real Sealed Sender (VXEdDSA), multi-device Sesame, third-party security audit (Cure53 / Trail of Bits) 🔜
V5.0 Long-term — Falcon-512 per-message PQ signatures, decentralized Mailbox network, Bluetooth/WiFi fallback 🔮

📖 DetailsFull Changelog


🤝 Contributing

  1. Fork the repo
  2. Create your branch (git checkout -b feature/my-feature)
  3. Commit (git commit -m 'Add my feature')
  4. Push (git push origin feature/my-feature)
  5. Open a Pull Request

⚠️ For any crypto modification, please open an issue first to discuss it.


📖 Documentation

Document Content
Architecture Patterns, layers, request flows, lifecycle
Crypto Protocol X25519, Double Ratchet, fingerprint, threat model
Setup Prerequisites, build, dependencies
Structure Full project tree
Changelog V1 → V4.0.1 history
Security Full audit, known limitations


🙏 Acknowledgments — Libraries & Dependencies

🔐 Cryptography

Library Version Role
Fialka-Core (Rust) submodule All native crypto: AES-256-GCM, ChaCha20-Poly1305, Ed25519, X25519, ML-KEM-1024, ML-DSA-44, HKDF, Double Ratchet, .onion
Android Keystore (AOSP) Ed25519 seed in hardware (StrongBox)
Security Crypto 1.1.0-alpha06 EncryptedSharedPreferences, MasterKey
Biometric 1.1.0 Biometric authentication (fingerprint, face)

🧅 Networking & Anonymity

Library Version Role
tor-android — Guardian Project 0.4.9.5 Embedded Tor binary, v3 Hidden Services
jtorctl — Guardian Project 0.4.5.7 Tor daemon control (Java)
socks-socket — Briar Project 0.1 SOCKS5 connections through Tor
lyrebird-android — Briar Project 0.6.2 obfs4/Snowflake transports (anti-censorship)
moat-api — Briar Project 0.4 Tor bridge bootstrapping

🗄️ Database

Library Version Role
Room 2.8.4 SQLite ORM (local persistence)
SQLCipher — Zetetic 4.14.1 AES-256 encryption of the Room database
KSP — Google Compile-time Room code generation

📱 Android SDK & UI

Library Version Role
AndroidX Core KTX 1.15.0 Kotlin extensions for Android
AppCompat 1.7.0 Backwards compatibility
Fragment / Activity KTX 1.8.6 / 1.10.1 Screen lifecycle and navigation
Navigation 2.8.9 Fragment navigation + Deep Links
Lifecycle 2.8.7 ViewModel, LiveData, coroutines
RecyclerView 1.4.0 Message lists
ConstraintLayout 2.2.1 Complex layouts
Material Design 3 — Google 1.12.0 M3 components, 5 themes
Splash Screen 1.0.1 Startup screen

📷 QR Code & Async

Library Version Role
ZXing Android Embedded — JourneyApps 4.3.0 QR code generation + scanning
Kotlinx Coroutines — JetBrains 1.10.2 Non-blocking async, structured concurrency
Kotlin — JetBrains 2.3.0 Primary programming language

📋 Cryptographic Standards & Protocols

Standard Reference Usage in Fialka
ML-KEM-1024 NIST FIPS 203 Post-quantum Key Encapsulation Mechanism (hybrid PQXDH)
ML-DSA-44 NIST FIPS 204 Post-quantum digital signature (handshake)
Ed25519 RFC 8032 Per-message signature + identity seed
X25519 RFC 7748 Elliptic Curve Diffie-Hellman key exchange
PQXDH Signal Specification Post-quantum hybrid key agreement protocol
Double Ratchet Signal Specification Perfect Forward Secrecy + auto-healing
ChaCha20-Poly1305 RFC 8439 Authenticated symmetric encryption (AES fallback)
AES-256-GCM NIST SP 800-38D Authenticated symmetric encryption (primary)
HKDF RFC 5869 Cryptographic key derivation
PBKDF2 RFC 8018 PIN-based key derivation (600,000 iterations)
BIP-39 Bitcoin Core 24-word mnemonic for identity backup

This project is licensed under GPLv3. See the Terms of Service and Privacy Policy before use.


⚠️ Disclaimer : Fialka is a tool. The developers do not operate any infrastructure, do not store any user data, and cannot access any messages. The cryptographic implementation has NOT been audited by a third-party security firm. No guarantee of absolute security is provided. Use of this software is at your own risk and under your sole responsibility. See TERMS.md.


📜 Cryptography Export Notice

This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country’s laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See https://www.wassenaar.org/ for more information.

The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.

European Union — Regulation (EU) 2021/821 (Dual-Use Regulation): This software falls under Category 5, Part 2 ("Information Security") of Annex I of Regulation (EU) 2021/821. As publicly available open-source software (GPLv3 licence, available on GitHub), it is exempt from export control requirements under the General Software Note (GSN) and the Cryptography Note (Note 3), which exclude software "generally available to the public" from control. No specific export authorisation is required within the European Union for this software.

France — LCEN 2004 (Art. 30, Law No. 2004-575 of 21 June 2004): In France, the use of cryptographic means has been freely permitted since the Law for Confidence in the Digital Economy (LCEN) of 21 June 2004, now codified in the French Postal and Electronic Communications Code. No prior declaration or authorisation is required to use this software in France.

© 2024-2026 FialkaApp Contributors. Licensed under GPLv3.




"Your messages, your keys, your privacy."