Most messengers need the internet and trust a server with your data. MeshCipher works over Bluetooth, WiFi, Tor, or the internet, and encrypts everything so only you and your contact can read it.
Your messages stay encrypted, your identity stays on your device, and your conversations keep working even when the internet doesn't.
Signal Protocol with X3DH key agreement and Double Ratchet for perfect forward secrecy on every message.
Direct relay, Tor relay, WiFi Direct, Bluetooth mesh, and P2P Tor hidden services. Works with or without internet.
ECDSA P-256 keys generated and stored in Android Keystore TEE/StrongBox. Keys never leave secure hardware.
All local data encrypted at rest with SQLCipher AES-256. Database key derived from hardware-backed Android Keystore.
Configurable auto-delete with multiple retention periods. Messages and media cleaned from both database and filesystem.
Tor modes hide IP addresses. Offline modes leave no network trace. The relay server sees only sender/recipient IDs and encrypted blobs, never plaintext or contacts.
Images, video, and voice messages encrypted with per-message AES-256-GCM keys before transport.
Fully auditable codebase under Apache 2.0 license. Every line of code is public and verifiable.
Coordinate without relying on infrastructure that can be shut down or surveilled. Bluetooth mesh and WiFi Direct work even during internet blackouts.
Stay connected in areas with no cell coverage. MeshCipher's offline modes let you message nearby teammates without any network infrastructure.
No phone number, no email, no account required. Your identity is a key stored on your device's secure hardware, not on someone else's server.
Protect source confidentiality with Tor hidden service mode. Both sides stay anonymous: no IP addresses, no server logs, no metadata trail.
Choose your transport based on your threat model. All modes deliver the same Signal Protocol-encrypted payload.
MeshCipher's security claims are backed by open source code and public documentation. We invite scrutiny.
The relay server only stores encrypted blobs and sender/recipient device IDs. It cannot read message content, see your contact list, or correlate conversations. The server code is open source and self-hostable.
View relay server source ->Direct mode: relay sees sender/recipient IDs and IP. Tor Relay: relay sees IDs only, IP hidden by Tor. WiFi Direct / BLE Mesh: no server, no network log. P2P Tor: no server, both parties anonymous via .onion addresses.
Read networking docs ->Full documentation of all cryptographic primitives, key generation, storage, and protocol flows. ECDSA P-256 identity keys, X3DH key agreement, Double Ratchet, AES-256-GCM, SQLCipher.
Read crypto docs ->MeshCipher has not yet undergone a formal third-party security audit. If you are a security researcher, we welcome and encourage independent review of the codebase and protocol implementation.
Report a VulnerabilityNo phone number. No email. No account. Your device is your identity.
Open the app and your device generates a unique cryptographic identity stored in secure hardware. Nothing leaves your phone.
Scan a QR code when you're together in person, or share your contact card over any channel you trust. In-person is strongest, but not required.
Choose your transport mode and send. Signal Protocol encrypts everything end-to-end regardless of how it travels.
MeshCipher exists because private communication shouldn't depend on a single company's infrastructure or require an internet connection.
Every transport mode, every encryption layer, every line of code is open source and auditable.