Decentralized end-to-end encrypted messaging. No phone number. No server. No metadata. Built for people who refuse to be watched.
No tech knowledge needed. If you can send a letter, you understand this.
When you send a normal message on WhatsApp or Telegram, it's like writing on a postcard. The postman can read it. The post office can read it. Anyone who asks can read it.
SecureChat is different. Your message is sealed in an envelope on YOUR phone — before it even leaves your hand. Only the person you sent it to has the key to open it. Not us. Not anyone else. Just them.
When you first open the app, your phone quietly creates a unique lock and key — just for you. This happens on YOUR phone. We never see it. Nobody does.
You don't need to give anyone your phone number. You show them a QR code — like at a supermarket. They scan it. You're connected. Done. No account. Nothing personal.
Before your message travels, it locks itself with your friend's key. Even if someone catches it on the way — all they see is a jumble of random letters. Completely unreadable.
Your message arrives. Your friend reads it. Then it disappears from the delivery point. No copy. No backup. No record. Like it was never there.
Your StealthX ID works in SecureCall AND SecureChat. Share it once — your contact can reach you on both. No second setup. No second QR code.
Normal apps keep copies of your messages on their computers. If those computers get hacked — your messages get stolen. SecureChat keeps nothing. There's nothing to steal.
Most apps know who you talk to and when. That tells them a lot about your life. SecureChat doesn't know who you are. At all.
Other private apps still ask for your phone number. That's already personal information. SecureChat asks for nothing.
What if my phone gets stolen?
Tap the logo 5 times. Everything on the app disappears in under a second. Messages, contacts, everything. Gone.
Can you read my messages?
No. Not possible. Your messages are locked with a key only you and your friend have. We never have that key. Ever.
Can I use the GitHub source directly?
No. The source is visible for transparency and security review. Building, running, distributing, or using SecureChat requires permission from Vendetta Labs.
Every architectural decision puts your privacy first. No compromises, no backdoors, no exceptions.
XChaCha20-Poly1305 AEAD with X25519 key exchange. Every message gets a unique session key. We can never read your messages.
StealthX ID is generated from your cryptographic key bundle. Kaspa BlockDAG identity anchoring remains a roadmap hardening layer.
Signal-grade Double Ratchet protocol. Compromising one key exposes nothing about past or future messages. Every message is independent.
Messages are encrypted on-device and delivered as ratchet payloads through the StealthX relay. Kaspa relay incentives remain roadmap.
Roadmap feature. Current release focuses on one-to-one E2E messaging, QR contact exchange, and emergency broadcast.
5-tap instant wipe destroys all messages, keys, and contacts. The app resets to factory state in under a second. Leave no trace.
Roadmap feature. The current APK ships encrypted text messaging and QR message import/export.
The encryption layer that makes SecureChat invisible. Automatic overlay encryption, location-based rules, decoy profiles. Part of the SecureChat ecosystem. Learn more →
Hold IFR tokens in your wallet for lifetime Pro or Elite access. No subscriptions. No renewals. Your tokens stay yours.
Send an encrypted alert to ALL your contacts at once. One tap. Every contact notified. No group server. Each message individually encrypted.
Two apps. One mission. Total privacy.
E2E messaging with StealthX ID, QR contact exchange, and relay delivery. No phone number required.
Context-aware encryption overlay for Android. Makes SecureChat — and every other app — automatically private.
Auditable device-side crypto, local identity, and relay delivery today; Kaspa identity anchoring remains roadmap.
We don't ask for trust. We provide proof. Every claim is auditable in source code.
| Layer | Algorithm | Specification | Library |
|---|---|---|---|
| Symmetric Encryption | XChaCha20-Poly1305 | 256-bit key, 192-bit nonce, AEAD | lazysodium-android |
| Key Exchange | X25519 ECDH | Curve25519 Diffie-Hellman, ephemeral | lazysodium-android |
| Forward Secrecy | Double Ratchet | HKDF-SHA256 ratchet, RFC 5869 | lazysodium-android |
| Identity Signing | Ed25519 | 64-byte signatures, key bundles | lazysodium-android |
| Key Derivation | Argon2id | 64MB memory, 3 iterations, 4 threads | lazysodium-android |
| Key Storage | Android Keystore | StrongBox/TEE, per-use auth | Android API 26+ |
| Identity Layer | Kaspa BlockDAG | GHOSTDAG, PoW, 10 BPS | kaspa-wasm32-sdk |
| Message Padding | PKCS7-style | 256-byte block boundaries | Custom |
The only encrypted messenger with decentralized identity, no server, and blockchain-native architecture.
| Feature | SecureChat | Signal | SimpleX | Telegram |
|---|---|---|---|---|
| No phone number required | ✓ | ✗ | ✓ | ✗ |
| No phone number required | ✓ | ✗ | ✓ | ✗ |
| Decentralized identity | Roadmap | ✗ | ✗ | ✗ |
| Double Ratchet E2E | ✓ | ✓ | ✓ | ⚠️ opt-in |
| XChaCha20-Poly1305 | ✓ | ✗ AES | ✗ | ✗ |
| STEALTH-DELETE | ✓ | ✗ | ✗ | ✗ |
| Blockchain identity anchor | Roadmap | ✗ | ✗ | ✗ |
| IFR Token lifetime access | ✓ | ✗ | ✗ | ✗ |
| Chameleon overlay compatible | ✓ | ✗ | ✗ | ✗ |
| Source-Available | ✓ | ✓ | ✓ | ✗ |
| Reduced metadata | ✓ | ⚠️ | ✓ | ✗ |
From architecture to decentralized deployment. Each phase builds on the last.
XChaCha20-Poly1305 + Double Ratchet + Argon2id. StealthX platform architecture. IFR Token integration design. Threat model.
Local E2E encrypted messenger. QR contact exchange. X25519 key management. Room + SQLCipher local storage. Chameleon integration path for overlay protection.
Public key anchoring on Kaspa BlockDAG. Contact discovery by Kaspa address. Ephemeral relay node protocol (SMP-style). KAS micropayment incentives.
Encrypted group chats. XFTP-style file transfer. Onion routing for transport anonymity. Kaspa relay node network launch.
Full migration to StealthX Layer 1 protocol. iOS client (shared Rust crypto core). External security audit. F-Droid + Play Store release.
Hold IFR tokens. Unlock forever. Works across all StealthX products — one wallet balance, lifetime benefit.
IFR token contract: 0x77e99917Eca8539c62F509ED1193ac36580A6e7B (Ethereum Mainnet)
· Buy $IFR on Uniswap →
No IFR tokens needed. Pay once. Yours forever.
Price rises with every sale → max €14.99 at sellout
Price rises with every sale → max €23.99 at sellout
SecureCall Premium + SecureChat Elite + Chameleon Elite. Everything. Forever.
OR: Hold ≥ 8,000 IFR for the same access.
All lifetime prices limited to 100 licenses at launch price. Price rises with every sale. Holding IFR is always the most cost-effective option.
SecureChat Android APK v0.1.1-alpha is available on GitHub Releases.
Requires Android 8.0+ · Source-Available · No account required