DEV Community

Cover image for AegisLink is now installable — shipping a zero-metadata messenger to Android Closed Testing"
gabinotech22-cmyk
gabinotech22-cmyk

Posted on

AegisLink is now installable — shipping a zero-metadata messenger to Android Closed Testing"

For months this project lived on an emulator on my desk. As of this week, it lives on other people's phones: AegisLink is now in Closed Testing on Google Play — the first build someone who isn't me can actually install.

If you're new here: AegisLink is an open-source, end-to-end encrypted messenger built around one obsession — the server should learn as close to nothing as possible. No account (no email, phone, or name), sealed sender so the relay never sees who a message is from, an embedded Tor path, Double Ratchet + X3DH with a hybrid post-quantum handshake, and a fully encrypted local DB. The earlier posts in this series go deep on each piece.

This post is about the less glamorous part: what it actually takes to ship something like this, honestly.

The Data Safety form is a feature, not a chore

Google Play makes you fill in a "Data Safety" section — enumerate, row by row, exactly what your app collects and shares. For most apps it's an exercise in phrasing data collection as gently as possible.

For AegisLink the honest answer to almost every row is "no data collected, no data shared" — because there genuinely is nothing on the server to declare. No IP logs, no access timestamps, no message sizes, no analytics SDK. Zero metadata stops being a slogan the moment a platform forces you to state, under policy, exactly what you keep.

I dropped 32-bit, and I'll say the floor out loud

I tested on a genuinely low-end device (2GB RAM, 32-bit ARM). The result was honest and useful: identity generation didn't freeze, the crypto ran — but the device swapped itself into uselessness and the OS killed the process repeatedly. That's not a bug in the app; it's a hardware floor.

So the minimum supported spec is now arm64 with ~3GB+ RAM, and I dropped the 32-bit ABIs. I'd rather state the floor plainly than ship a "supported" build that quietly isn't. Most phones from the last few years clear it easily.

The crypto runs in JS — on purpose, with eyes open

The primitives run in JavaScript (Hermes). That's a deliberate trade-off: one auditable codebase over raw KDF speed. It works, but it's a known performance ceiling on low-end hardware, and I'm not going to pretend otherwise.

What's still not done

Being honest is the whole point of doing this in the open: the crypto has not had an independent third-party audit yet. That's a planned next step. Until it happens, every claim here is something to verify in the source — not to take on faith.

Want to break it? Be a tester

That's exactly what Closed Testing is for — real phones, real feedback, before anything gets called done. Two steps:

  1. Join the testers group: https://groups.google.com/g/aegislink-testers
  2. Then install from Play: https://play.google.com/store/apps/details?id=com.aegislink.app

(Order matters — Play only shows "Install" once you're in the group.)

Code, protocol docs, and threat model: https://github.com/gabinotech22-cmyk/AegisLink

If you find something wrong — in the app or the code — that's the best thing you can do for the project. Tell me in the comments.

Top comments (0)