The latest articles on DEV Community by Roman (@morokonst). https://dev.to/morokonst https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3984832%2Fab1167f3-b376-40db-8fbe-1936137e0fa8.png https://dev.to/morokonst en Roman Mon, 15 Jun 2026 06:33:07 +0000 https://dev.to/morokonst/beacon-open-source-self-hosted-e2ee-messenger-for-android-4i1n https://dev.to/morokonst/beacon-open-source-self-hosted-e2ee-messenger-for-android-4i1n <p>I've been building Beacon, an open-source end-to-end encrypted messenger <br> for Android designed for adversarial environments.</p> <h2> Why I built it </h2> <p>I wanted a messenger where the server is genuinely dumb — it routes sealed <br> envelopes and knows nothing about their contents. No phone number, no email <br> required. Contacts are added only via ECDSA-signed invite links with a 7-day TTL.</p> <h2> Crypto stack </h2> <ul> <li>ECDH P-256 key agreement + AES-256-GCM for messages</li> <li>X3DH-style one-time prekey bundles for forward secrecy</li> <li>ECDSA for key signatures</li> <li>Double encryption at rest (EncryptedSharedPreferences + Storage Master Key, PBKDF2-SHA256 300k iterations)</li> </ul> <h2> Self-hosting </h2> <p>One command:</p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> bash No APK recompile needed — add your server in-app via Profile → Servers. ## Anti-forensics - Three-level wipe: soft / hard / nuclear - Decoy mode (presents a clean account under coercion) - Dead man's switch - Panic password - Intrusion detection: proxy, user-installed CAs, ADB, developer options ## Links GitHub: https://github.com/MoRoKonst/beacon-messenger Happy to answer questions about the threat model or crypto design. android, security, privacy, opensource </code></pre> </div> android opensource security showdev