🔐 🧅 📬 🛡️ 🔑 📷 📱
|
- 1 Ed25519 seed → everything: identity, .onion, X25519, ML-KEM, fingerprint
- PQXDH: X25519 + ML-KEM-1024 (post-quantum hybrid)
- ML-DSA-44: PQ signature on handshake
- SPQR: periodic PQ re-encapsulation (every 10 msgs)
- AES-256-GCM / ChaCha20-Poly1305 (auto) + Double Ratchet with PFS + healing
- Fingerprint emojis 96-bit anti-MITM + QR code scanner
- BIP-39 backup (24 words) → restores entire identity
- One-shot photos — view once, 2-phase secure deletion
- Seed in Android Keystore (StrongBox when available)
- Encrypted local DB SQLCipher
- Message padding fixed-size (256/1K/4K/16K)
- Dummy traffic (per-conversation cover traffic)
- E2E file sharing AES-256-GCM (P2P transfer via Tor)
- Ed25519 signatures per-message anti-forgery
- Zero Google, zero Firebase — full P2P via Tor Hidden Services
- Material Design 3 — Full migration of all 5 themes
- 5 themes: Midnight · Hacker · Phantom · Aurora · Daylight
- Fluid animations — transitions, bubbles, cascade
- Inline attachment icons — Session-style, slide-up animation
- Tor Bootstrap screen — Tor/Normal choice, animated progress, 5 themes
- Scrollable toolbar + auto-hide FAB
- Dynamic bubbles colored by theme
- App Lock PIN + biometrics
- Disappearing messages (30s → 1 month)
- One-shot photos view once 🔥
- In-app language selector — FR / EN (dedicated screen, persistent, instant reload)
🔒 Security & Crypto
💬 Messaging
🎨 Interface
🔒 Protection
|
┌──────────────────────────────────────────────────┐
│ UI Layer │
│ Fragments · ViewModels · Adapters │
├──────────────────────────────────────────────────┤
│ Repository Layer │
│ ChatRepository — single source of truth │
├────────────────┬────────────────┬────────────────┤
│ Room DB │ Crypto │ Transport │
│ (SQLCipher) │ PQXDH + DR + │ Tor P2P .onion │
│ │ ML-DSA-44 │ + Mailbox │
├────────────────┴────────────────┴────────────────┤
│ JNI Bridge (FialkaNative) │
│ Fialka-Core — native Rust library │
│ AES-GCM · ChaCha20 · Ed25519 · X25519 · ML-KEM │
│ ML-DSA · HKDF · Double Ratchet · Onion │
└──────────────────────────────────────────────────┘
📖 Details — Full Architecture · Crypto Protocol · Project Structure
⚠️ Requires Android 13+ (API 33) — Fialka requires Android 13 minimum to guarantee access to StrongBox (hardware security module) and robust Keystore APIs that protect the SQLCipher passphrase. Approximately 60% of active Android devices are compatible. Devices running Android 12 or lower cannot install the app.
# 1. Clone
git clone https://github.com/FialkaApp/Fialka-Android.git
cd Fialka-Android
# 2. Build
./gradlew assembleDebug📖 Full Guide — Installation & Build
View all security measures (34 items)
| Measure | Status |
|---|---|
| Identity: 1 Ed25519 seed → everything (Account ID, .onion, X25519, ML-KEM, fingerprint) | ✅ |
| Zero central server — all communication P2P via Tor Hidden Services | ✅ |
| Zero Google, zero Firebase — no FCM, no RTDB, no Cloud Functions | ✅ |
| E2E Encryption (PQXDH: X25519 + ML-KEM-1024 + AES-256-GCM / ChaCha20) | ✅ |
| ML-DSA-44 post-quantum signature on handshake | ✅ |
| Double Ratchet with PFS + healing | ✅ |
| SPQR: ML-KEM re-encapsulation every 10 messages | ✅ |
| ChaCha20-Poly1305 alternative (auto hardware AES detection) | ✅ |
| Tor Hidden Services P2P (.onion → .onion, zero relay) | ✅ |
| Fialka Mailbox (4 modes: Direct P2P, Personal, Private Node, Public Node) | ✅ |
| UnifiedPush + ntfy.sh (self-hostable, replaces FCM) | ✅ |
| Sealed Sender via Tor (recipient cannot see sender IP) | ✅ |
| Memory zeroing (intermediate keys) | ✅ |
| Conversation Mutex (thread-safe) | ✅ |
| SQLCipher (local DB AES-256 encrypted) | ✅ |
| Fixed-size message padding (anti traffic analysis) | ✅ |
| Per-conversation dummy traffic (cover traffic) | ✅ |
| E2E file sharing (AES-256-GCM, P2P via Tor) | ✅ |
| R8/ProGuard obfuscation + complete log stripping (d/v/i/w/e/wtf) | ✅ |
| Fingerprint emojis 96-bit anti-MITM + QR code SHA-256 scanner | ✅ |
| App Lock (PIN + biometrics) | ✅ |
| BIP-39 backup/restore (24 words → full identity) | ✅ |
allowBackup=false, zero sensitive logs |
✅ |
| Ed25519 per-message signatures (anti-forgery) | ✅ |
| StrongBox hardware key storage (when available) | ✅ |
| DeviceSecurityManager (StrongBox probe + user profile) | ✅ |
| One-shot photos (view once, 2-phase secure deletion) | ✅ |
| HKDF memory zeroing (IKM, PRK, expandInput) | ✅ |
| MnemonicManager memory zeroing (encode + decode) | ✅ |
| FLAG_SECURE (MainActivity, LockScreen, RestoreFragment, dialogs) | ✅ |
| Tapjacking protection (filterTouchesWhenObscured) | ✅ |
| Deep link hardening (whitelist, limits, anti-injection) | ✅ |
| Clipboard EXTRA_IS_SENSITIVE + 30s auto-clear | ✅ |
| SecureFileManager (2-pass wipe: random + zeros) | ✅ |
| V3.4.1 Security Audit — 42+ vulnerabilities fixed | ✅ |
📖 Full Analysis —
SECURITY.md· Crypto Protocol
| Version | Theme | Status |
|---|---|---|
| V1 | Core — E2E, contacts, chats, push, fingerprint, SQLCipher, App Lock, ephemeral | ✅ Done |
| V2 | Crypto Upgrade — Full Double Ratchet X25519, native Curve25519 | ✅ Done |
| V2.1 | Account Lifecycle — BIP-39 backup, restore, delete, dead convo | ✅ Done |
| V2.2 | UI Modernization — 5 themes, animations, CoordinatorLayout, zero hardcoded colors | ✅ Done |
| V3 | Security Hardening — R8, delete-after-delivery, padding, HMAC UID, dummy traffic, E2E files | ✅ Done |
| V3.1 | Settings Redesign — Signal-like settings, 6-digit PIN, Privacy sub-screen | ✅ Done |
| V3.2 | Ed25519 Signing — Per-message signatures, ✅/ |
✅ Done |
| V3.3 | Material 3 + Tor + Attachment UX — M3 migration, full Tor integration, Session-style icons | ✅ Done |
| V3.4 | PQXDH + Security — Post-quantum ML-KEM-1024, deep link v2, DeviceSecurityManager StrongBox, fingerprint verification | ✅ Done |
| V3.4.1 | One-Shot + Security Audit — Ephemeral photos, BIP-39 grid, comprehensive security audit (42+ fixes) | ✅ Done |
| V3.5 | SPQR + ChaCha20 — PQ Triple Ratchet (ML-KEM re-encapsulation), ChaCha20-Poly1305 alternative, documented threat model | ✅ Done |
| V4.0 | Kill Firebase — P2P .onion + Mailbox store-and-forward, invite QR, deep links | ✅ Done |
| V4.0.1 | Direct Keystore (FialkaSecurePrefs), SQLCipher 4.14.1, transport reliability (15s retry, Mailbox fallback, adaptive fetch) | ✅ Done |
| V4.0.2 | Fialka-Core Rust JNI — 30-function JNI bridge, BouncyCastle removed, 100% native Rust crypto, git submodule | ✅ Done |
| V4.1.0 | Ed25519 contact auth, unit tests, DB migration warning | ✅ Done |
| V4.2.0 | Non-custodial Monero XMR wallet, XMR in-chat payments, donation address, advanced Tor settings, wallet seed backup | ✅ Done |
| V4.3.0-alpha | .fialka E2E encrypted backup, Stagenet/Mainnet switchable network, StorageFragment, CATEGORY_DATA, App disguise (calculator cover), XMR wallet legality (TermsManager V5) | 🚧 Alpha |
| V4.3.x | Dual PIN + Panic Button, E2E voice messages (Opus), reply/quote | 🔜 |
| V4.4 | Real Sealed Sender (VXEdDSA), multi-device Sesame, third-party security audit (Cure53 / Trail of Bits) | 🔜 |
| V5.0 | Long-term — Falcon-512 per-message PQ signatures, decentralized Mailbox network, Bluetooth/WiFi fallback | 🔮 |
📖 Details — Full Changelog
- Fork the repo
- Create your branch (
git checkout -b feature/my-feature) - Commit (
git commit -m 'Add my feature') - Push (
git push origin feature/my-feature) - Open a Pull Request
⚠️ For any crypto modification, please open an issue first to discuss it.
| Document | Content |
|---|---|
| Architecture | Patterns, layers, request flows, lifecycle |
| Crypto Protocol | X25519, Double Ratchet, fingerprint, threat model |
| Setup | Prerequisites, build, dependencies |
| Structure | Full project tree |
| Changelog | V1 → V4.0.1 history |
| Security | Full audit, known limitations |
| Library | Version | Role |
|---|---|---|
| Fialka-Core (Rust) | submodule | All native crypto: AES-256-GCM, ChaCha20-Poly1305, Ed25519, X25519, ML-KEM-1024, ML-DSA-44, HKDF, Double Ratchet, .onion |
| Android Keystore (AOSP) | — | Ed25519 seed in hardware (StrongBox) |
| Security Crypto | 1.1.0-alpha06 |
EncryptedSharedPreferences, MasterKey |
| Biometric | 1.1.0 |
Biometric authentication (fingerprint, face) |
| Library | Version | Role |
|---|---|---|
| tor-android — Guardian Project | 0.4.9.5 |
Embedded Tor binary, v3 Hidden Services |
| jtorctl — Guardian Project | 0.4.5.7 |
Tor daemon control (Java) |
| socks-socket — Briar Project | 0.1 |
SOCKS5 connections through Tor |
| lyrebird-android — Briar Project | 0.6.2 |
obfs4/Snowflake transports (anti-censorship) |
| moat-api — Briar Project | 0.4 |
Tor bridge bootstrapping |
| Library | Version | Role |
|---|---|---|
| Room | 2.8.4 |
SQLite ORM (local persistence) |
| SQLCipher — Zetetic | 4.14.1 |
AES-256 encryption of the Room database |
| KSP — Google | — | Compile-time Room code generation |
| Library | Version | Role |
|---|---|---|
| AndroidX Core KTX | 1.15.0 |
Kotlin extensions for Android |
| AppCompat | 1.7.0 |
Backwards compatibility |
| Fragment / Activity KTX | 1.8.6 / 1.10.1 |
Screen lifecycle and navigation |
| Navigation | 2.8.9 |
Fragment navigation + Deep Links |
| Lifecycle | 2.8.7 |
ViewModel, LiveData, coroutines |
| RecyclerView | 1.4.0 |
Message lists |
| ConstraintLayout | 2.2.1 |
Complex layouts |
| Material Design 3 — Google | 1.12.0 |
M3 components, 5 themes |
| Splash Screen | 1.0.1 |
Startup screen |
| Library | Version | Role |
|---|---|---|
| ZXing Android Embedded — JourneyApps | 4.3.0 |
QR code generation + scanning |
| Kotlinx Coroutines — JetBrains | 1.10.2 |
Non-blocking async, structured concurrency |
| Kotlin — JetBrains | 2.3.0 |
Primary programming language |
| Standard | Reference | Usage in Fialka |
|---|---|---|
| ML-KEM-1024 | NIST FIPS 203 | Post-quantum Key Encapsulation Mechanism (hybrid PQXDH) |
| ML-DSA-44 | NIST FIPS 204 | Post-quantum digital signature (handshake) |
| Ed25519 | RFC 8032 | Per-message signature + identity seed |
| X25519 | RFC 7748 | Elliptic Curve Diffie-Hellman key exchange |
| PQXDH | Signal Specification | Post-quantum hybrid key agreement protocol |
| Double Ratchet | Signal Specification | Perfect Forward Secrecy + auto-healing |
| ChaCha20-Poly1305 | RFC 8439 | Authenticated symmetric encryption (AES fallback) |
| AES-256-GCM | NIST SP 800-38D | Authenticated symmetric encryption (primary) |
| HKDF | RFC 5869 | Cryptographic key derivation |
| PBKDF2 | RFC 8018 | PIN-based key derivation (600,000 iterations) |
| BIP-39 | Bitcoin Core | 24-word mnemonic for identity backup |
This project is licensed under GPLv3. See the Terms of Service and Privacy Policy before use.
⚠️ Disclaimer : Fialka is a tool. The developers do not operate any infrastructure, do not store any user data, and cannot access any messages. The cryptographic implementation has NOT been audited by a third-party security firm. No guarantee of absolute security is provided. Use of this software is at your own risk and under your sole responsibility. See TERMS.md.
This distribution includes cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country’s laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See https://www.wassenaar.org/ for more information.
The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.
European Union — Regulation (EU) 2021/821 (Dual-Use Regulation): This software falls under Category 5, Part 2 ("Information Security") of Annex I of Regulation (EU) 2021/821. As publicly available open-source software (GPLv3 licence, available on GitHub), it is exempt from export control requirements under the General Software Note (GSN) and the Cryptography Note (Note 3), which exclude software "generally available to the public" from control. No specific export authorisation is required within the European Union for this software.
France — LCEN 2004 (Art. 30, Law No. 2004-575 of 21 June 2004): In France, the use of cryptographic means has been freely permitted since the Law for Confidence in the Digital Economy (LCEN) of 21 June 2004, now codified in the French Postal and Electronic Communications Code. No prior declaration or authorisation is required to use this software in France.
© 2024-2026 FialkaApp Contributors. Licensed under GPLv3.
"Your messages, your keys, your privacy."