I've been building Beacon, an open-source end-to-end encrypted messenger
for Android designed for adversarial environments.
Why I built it
I wanted a messenger where the server is genuinely dumb — it routes sealed
envelopes and knows nothing about their contents. No phone number, no email
required. Contacts are added only via ECDSA-signed invite links with a 7-day TTL.
Crypto stack
- ECDH P-256 key agreement + AES-256-GCM for messages
- X3DH-style one-time prekey bundles for forward secrecy
- ECDSA for key signatures
- Double encryption at rest (EncryptedSharedPreferences + Storage Master Key, PBKDF2-SHA256 300k iterations)
Self-hosting
One command:
bash
No APK recompile needed — add your server in-app via Profile → Servers.
## Anti-forensics
- Three-level wipe: soft / hard / nuclear
- Decoy mode (presents a clean account under coercion)
- Dead man's switch
- Panic password
- Intrusion detection: proxy, user-installed CAs, ADB, developer options
## Links
GitHub: https://github.com/MoRoKonst/beacon-messenger
Happy to answer questions about the threat model or crypto design.
android, security, privacy, opensource
Top comments (0)