← projects
Bitchat logo

Bitchat

Standard
w3p explorer
OSINT Assessment

Bitchat OPSEC & Vulnerability Assessment

Project: Bitchat Assessment Date: 2026-01-22 Methodology: Constitutional Research Framework v3 Confidence Score: 0.90

Executive Summary

Bitchat is a novel P2P messaging app using BLE mesh networking with Nostr fallback. While the architecture minimizes server-side attack surface, critical application-layer vulnerabilities were publicly disclosed in July 2025. The creator (Jack Dorsey) acknowledged these issues and added security disclaimers, but fixes remain in progress.

Overall Risk Rating: HIGH (for users requiring security guarantees)

Critical Findings

| Finding | Severity | Status | Impact | |---------|----------|--------|--------| | Identity Authentication Bypass | CRITICAL | In Progress | Attacker can impersonate any contact | | Insufficient Forward Secrecy | HIGH | Acknowledged | Session key compromise exposes all session messages | | Master Key Single Point of Failure | HIGH | Design Limitation | Total permanent compromise if key leaked | | Buffer Overflow | MEDIUM | PATCHED | Memory corruption (fixed in 4 hours) |

Detailed Vulnerability Analysis

1. Identity Authentication Bypass (CRITICAL)

Discovered by: Alex Radocea (July 2025)

Technical Description:

The ephemeral keys aren't properly verified. In fact, they aren't
verified by a user's identity key at all!

The attack: send a private message to another user, present the
public key of whoever you're trying to impersonate, and include
new ephemeral encryption keys.

Even if your target has this remote user marked as a favorite,
the new encryption keys are trusted.

Attack Scenario:

  1. Attacker intercepts communication path
  2. Attacker presents victim's public key to target
  3. Attacker provides own ephemeral keys
  4. Target believes they're talking to victim
  5. Attacker reads/modifies all messages

Remediation Status:

  • Dorsey committed to migrating to Noise Protocol Framework
  • QR code / fingerprint verification being added
  • No timeline for completion

2. Insufficient Forward Secrecy (HIGH)

Technical Description: Forward secrecy is implemented at session level only, with static encryption keys per session. Industry standard (Signal Protocol / Double Ratchet) provides per-message forward secrecy.

Impact:

  • Compromise of one session key exposes ALL messages in that session
  • Unlike Signal, there's no continuous key rotation
  • Historical messages vulnerable if keys are later compromised

Comparison: | App | Forward Secrecy Level | |-----|----------------------| | Signal | Per-message (Double Ratchet) | | WhatsApp | Per-message (Double Ratchet) | | Bitchat | Per-session (static keys) |

3. Master Key Single Point of Failure (HIGH)

Technical Description: User identity is tied to a single master private key stored on device.

Impact:

  • Malware stealing master key = total, permanent compromise
  • No key rotation mechanism
  • No recovery mechanism
  • "A single piece of malware could harvest master private keys from thousands of users"

4. Buffer Overflow (PATCHED)

Status: Fixed within 4 hours of disclosure Note: Rapid response is a positive indicator of security posture

Infrastructure Analysis

Attack Surface Assessment

Bitchat has minimal server infrastructure by design:

┌─────────────────────────────────────────────────────────┐
│                    BITCHAT ARCHITECTURE                  │
├─────────────────────────────────────────────────────────┤
│                                                          │
│   ┌─────────┐     BLE Mesh      ┌─────────┐             │
│   │ Device A│◄──────────────────►│ Device B│             │
│   └────┬────┘    (30m range)    └────┬────┘             │
│        │                              │                  │
│        │         ┌─────────┐         │                  │
│        └────────►│ Device C│◄────────┘                  │
│                  │ (Bridge) │                            │
│                  └────┬────┘                             │
│                       │                                  │
│                       │ Nostr (Internet)                 │
│                       ▼                                  │
│              ┌─────────────────┐                         │
│              │ 290+ Nostr Relays │                       │
│              │ (3rd party, public)│                      │
│              └─────────────────┘                         │
│                                                          │
└─────────────────────────────────────────────────────────┘

What Bitchat DOESN'T operate:

  • Authentication servers
  • Message relay servers
  • User databases
  • API endpoints

What they DO operate:

  • GitHub repository
  • App Store listing
  • (Possibly) bitchat.io domain (unverified if official)

Domain Scan Results

| Domain | IP | Hosting | Notes | |--------|-----|---------|-------| | bitchat.free | 185.199.x.x | GitHub Pages | Official site | | bitchat.io | 185.53.179.128 | Unknown | Not official | | bitchat.app | 0.0.0.0 | N/A | Parked/unused |

Assessment: Infrastructure attack surface is minimal. Official site is on GitHub Pages (no custom server). Primary risks are in the application layer, not server infrastructure.

Privacy Features Analysis

Traffic Analysis Protections

| Feature | Implementation | Effectiveness | |---------|---------------|---------------| | Dummy messages | 30-120 second intervals | Good | | Timing jitter | 50-500ms random delays | Good | | Message padding | PKCS#7-style | Good | | Metadata minimization | No sender/recipient in headers | Good |

What Nodes Can See

  • TTL (time-to-live) counter
  • Message ID
  • Encrypted payload

What Nodes CANNOT See

  • Sender identity
  • Recipient identity
  • Message content
  • Timestamp of origin

Threat Model Assessment

Threats Bitchat Addresses Well

  • ✅ Network surveillance (no central server to monitor)
  • ✅ Internet shutdowns (BLE mesh works offline)
  • ✅ Account seizure (no accounts to seize)
  • ✅ Traffic analysis (dummy messages, timing jitter)
  • ✅ Metadata collection (minimal headers)

Threats Bitchat Does NOT Address Well

  • ❌ Targeted MITM attacks (identity auth bypass)
  • ❌ Device compromise (master key exposure)
  • ❌ Sophisticated adversaries (forward secrecy gaps)
  • ❌ Long-term key security (no rotation)

Comparison to Alternatives

| Feature | Bitchat | Signal | Briar | Meshtastic | |---------|---------|--------|-------|------------| | No internet required | ✅ (BLE) | ❌ | ✅ (Tor/WiFi) | ✅ (LoRa) | | No account required | ✅ | ❌ (phone #) | ✅ | ✅ | | E2E encryption | ✅* | ✅ | ✅ | ✅ | | Per-message forward secrecy | ❌ | ✅ | ✅ | ❌ | | External security audit | ❌ | ✅ | ✅ | Partial | | Open source | ✅ | ✅ | ✅ | ✅ |

*With known authentication vulnerabilities

Potential Improvements

For Users

DO NOT USE if:

  • You are a journalist protecting sources
  • You are an activist in a hostile state
  • You need verified identity of contacts
  • Message confidentiality is critical

ACCEPTABLE for:

  • Casual communication
  • Experimentation with mesh networking
  • Situations where availability > confidentiality
  • Backup communication during network outages

For the Bitchat Team

  1. Priority 1: Complete Noise Protocol migration with proper identity verification
  2. Priority 2: Implement Double Ratchet or similar for per-message forward secrecy
  3. Priority 3: Commission external security audit (Trail of Bits, NCC Group, etc.)
  4. Priority 4: Add key rotation mechanism

Sources

  • Security Research: https://blog.trailofbits.com/2025/07/18/building-secure-messaging-is-hard-a-nuanced-take-on-the-bitchat-security-debate/
  • Disclosure Coverage: https://techcrunch.com/2025/07/09/jack-dorsey-says-his-secure-new-bitchat-app-has-not-been-tested-for-security/
  • Official Repo: https://github.com/permissionlesstech/bitchat
  • Whitepaper: https://github.com/permissionlesstech/bitchat/blob/main/WHITEPAPER.md

Assessment conducted using passive OSINT methods only. No active exploitation or penetration testing performed.

Repository Analysis
Analysis performed using cargo audit, semgrep, and direct code inspection on cloned repositories.→ methodology

Code Review: Bitchat

Last Updated: 2026-01-22

Repository Overview

| Repository | URL | Primary Language | |------------|-----|------------------| | iOS/macOS | https://github.com/permissionlesstech/bitchat | Swift | | Android | https://github.com/permissionlesstech/bitchat-android | Kotlin |

GitHub Metrics

iOS Repository

| Metric | Value | |--------|-------| | Stars | 24,644 | | Forks | 2,302 | | Open Issues | 232 | | Created | 2025-07-04 | | Last Update | 2026-01-22 | | License | The Unlicense (Public Domain) |

Android Repository

| Metric | Value | |--------|-------| | Stars | 4,560 | | Forks | 636 | | Created | 2025-07-08 | | Last Update | 2026-01-22 | | License | The Unlicense (Public Domain) |

Contributor Analysis

iOS Top Contributors

| Rank | GitHub | Contributions | Identity | |------|--------|---------------|----------| | 1 | jackjackbits | 485 | Jack Dorsey (verified) | | 2 | nothankyou1 | 128 | Unknown | | 3 | qalandarov | 87 | Islam (Facebook/Meta) | | 4 | callebtc | 23 | Calle (Cashu creator) | | 5 | nadimkobeissi | 9 | Nadim Kobeissi (Cure53) |

Total Contributors: 30+

Android Top Contributors

| Rank | GitHub | Contributions | |------|--------|---------------| | 1 | callebtc | 286 | | 2 | moehamade | 9 | | 3 | yet300 | 8 | | 4 | hector6872 | 8 |

Total Contributors: 20+

Code Quality Assessment

Positive Indicators

  • ✅ Clear separation of concerns (Noise protocol files isolated)
  • ✅ Security-specific modules (Validator, RateLimiter)
  • ✅ Whitepaper documenting cryptographic decisions
  • ✅ Active development (daily commits)
  • ✅ Multi-platform support

Concerns

  • ⚠️ No formal security audit
  • ⚠️ Custom Noise Protocol implementation (not battle-tested library)
  • ⚠️ Security disclaimer in README
  • ⚠️ Rapid development pace may outpace review

Code Structure Review

iOS Security-Critical Files

bitchat/
├── Noise/
│   ├── NoiseProtocol.swift           ⚠️ Core crypto
│   ├── NoiseSession.swift            ⚠️ Session management
│   ├── NoiseSessionManager.swift     ⚠️ Multi-session
│   ├── NoiseEncryptionService.swift  ⚠️ Encrypt/decrypt
│   ├── NoiseSecurityValidator.swift  ✅ Input validation
│   ├── NoiseSecurityConstants.swift  ✅ Constants
│   └── NoiseRateLimiter.swift        ✅ DoS protection
├── Services/
│   ├── KeychainManager.swift         ⚠️ Key storage
│   ├── MessageDeduplicationService.swift ✅ Replay protection
│   └── VerificationService.swift     ⚠️ Identity
└── Transport/
    └── NostrTransport.swift          ⚠️ Network

Legend: ⚠️ Security-critical, ✅ Security-supportive

Dependency Analysis

iOS Dependencies

| Package | Version | Purpose | Risk | |---------|---------|---------|------| | swift-secp256k1 | 0.21.1 | ECC | Low - established | | Arti | Local | Tor | Medium - beta | | BitLogger | Local | Logging | Low |

Supply Chain Assessment

  • Direct dependencies: 3 significant
  • Transitive dependencies: Unknown (needs audit)
  • Known vulnerabilities: None detected

Development Activity

Commit Frequency

| Period | Commits | Notes | |--------|---------|-------| | July 2025 | High | Initial development | | Aug-Dec 2025 | Moderate | Feature development | | Jan 2026 | Active | Ongoing maintenance |

Release History

| Version | Date | Notes | |---------|------|-------| | v1.0 | 2025-07-29 | Initial App Store release | | v1.5.0 | 2026-01-14 | Latest |

Documentation Quality

| Document | Status | Quality | |----------|--------|---------| | README | ✅ Present | Good | | WHITEPAPER.md | ✅ Present | Detailed | | BRING_THE_NOISE.md | ✅ Present | Technical | | CODE_OF_CONDUCT | ❓ Unknown | - | | CONTRIBUTING | ❓ Unknown | - | | SECURITY.md | ❓ Unknown | - |

Testing Assessment

Test Coverage

  • Unit Tests: Unknown (not visible in quick analysis)
  • Integration Tests: Unknown
  • Security Tests: Unknown

Recommended Testing

  1. Noise Protocol handshake fuzzing
  2. Message parsing edge cases
  3. BLE mesh flooding scenarios
  4. Nostr relay failure handling

License Analysis

License: The Unlicense (Public Domain)

Implications:

  • Maximum permissiveness
  • No warranty or liability
  • Anyone can use, modify, distribute
  • No copyleft requirements

Assessment: Unusual choice for security software (most use GPL, MIT, or Apache). Public domain maximizes adoption but provides no protection.

Security Code Patterns

Positive Patterns Observed

// Rate limiting present
NoiseRateLimiter.swift

// Input validation
NoiseSecurityValidator.swift

// Key storage via platform keychain
KeychainManager.swift

// Replay attack mitigation
MessageDeduplicationService.swift

Concerning Patterns

// Custom Noise implementation rather than established library
// Forward secrecy at session level only
// No visible Double Ratchet implementation

Recommendations

For Users

  1. Review open issues before production use
  2. Monitor security-labeled issues
  3. Track contributor activity for signs of abandonment

For Auditors

  1. Focus on Noise protocol implementation
  2. Test BLE message handling edge cases
  3. Verify key derivation correctness
  4. Assess Nostr relay trust model

For Contributors

  1. Add comprehensive test suite
  2. Document security model thoroughly
  3. Consider using established Noise library
  4. Implement Double Ratchet

Risk Summary

| Category | Risk Level | Notes | |----------|------------|-------| | Maintainer Risk | Low | Dorsey has resources | | Abandonment Risk | Medium | Personal project status | | Security Risk | High | No audit, known vulns | | Dependency Risk | Low | Few dependencies | | License Risk | Low | Public domain |

Sources

| Source | Type | |--------|------| | GitHub - iOS | Primary | | GitHub - Android | Primary | | GitHub API | Metrics |

Constitutional Research Note: The codebase shows signs of experienced development but lacks the formal security review process expected for a messenger handling sensitive communications. The presence of security-experienced contributors (Kobeissi) is positive, but no substitute for a formal audit.

Team Research

Team Analysis: Bitchat

Last Updated: 2026-01-22

Leadership & Founder

Jack Dorsey

Role: Creator, Primary Developer GitHub: @jackjackbits (485 contributions)

Background:

  • Co-founder of Twitter/X (2006)
  • Co-founder and CEO of Block, Inc. (formerly Square)
  • Prominent Bitcoin advocate
  • Creator of Cash App

Verification Level: High - extensively documented public figure

Core Contributors (iOS)

| GitHub | Name | Contributions | Background | Verified | |--------|------|---------------|------------|----------| | jackjackbits | Jack Dorsey | 485 | Twitter/X founder, Block CEO | ✅ Yes | | nothankyou1 | Unknown | 128 | Pseudonymous | ❌ No | | qalandarov | Islam | 87 | Facebook/Meta engineer, London | ✅ Yes | | callebtc | Calle | 23 | Cashu creator, Bitcoin developer | ✅ Yes | | nadimkobeissi | Nadim Kobeissi | 9 | Cure53 auditor, Cryptocat creator | ✅ Yes | | michaelneale | - | 6 | Unknown | ❌ No |

Total Contributors: 30+ (iOS repo)

Core Contributors (Android)

| GitHub | Contributions | Role | |--------|---------------|------| | callebtc | 286 | Lead maintainer | | moehamade | 9 | Contributor | | yet300 | 8 | Contributor | | hector6872 | 8 | Contributor |

Total Contributors: 20+ (Android repo)

Notable Team Members

Nadim Kobeissi

Role: Security Contributor Contributions: 9

Background:

  • PhD in cryptography formal verification
  • Security researcher at Cure53 (250+ security audits)
  • Creator of Cryptocat (early E2E encrypted messenger)
  • Published academic papers on protocol verification
  • Location: Paris, France

Website: https://nadim.computer/

Verification Level: High - academic credentials, public security work

Calle (callebtc)

Role: iOS Contributor, Android Lead Contributions: 23 (iOS), 286 (Android)

Background:

  • Creator of Cashu (Chaumian ecash for Bitcoin Lightning)
  • Active Bitcoin/Nostr developer
  • Member of andOtherStuff collective

Projects: Cashu, nutshell, cashu.me

Verification Level: High - public project history

Islam (qalandarov)

Role: Core Contributor Contributions: 87

Background:

  • Engineer at Facebook/Meta
  • Location: London, UK
  • Active open source contributor

Verification Level: Medium - public GitHub profile, Meta association

Funding & Organization

andOtherStuff Collective

Investment: $10,000,000 (July 2025) Purpose: Open source social media projects including Nostr

Members: | Name | Role | Background | |------|------|------------| | Jack Dorsey | Funder/Member | Twitter co-founder, Block CEO | | Evan Henshaw-Plath | Member | Twitter's first employee | | Calle | Member | Cashu creator | | Alex Gleason | Member | Former Truth Social engineering head | | Jeff Gardner | Member | 4th employee at Intercom |

Source: TechCrunch

Corporate Status

  • Direct Corporate Backing: None (personal project)
  • Legal Entity: Unknown (open source project)
  • Headquarters: N/A (decentralized development)

Development Style

  • Leadership: Benevolent dictator (Dorsey)
  • Communication: GitHub issues, X/Twitter
  • Decision Making: Core team consensus
  • Code Review: GitHub PR process

Security Team

External Security Contributors

| Name | Affiliation | Role | |------|-------------|------| | Nadim Kobeissi | Cure53 | Code contributor | | Alex Radocea | - | Vulnerability researcher (disclosed issues) | | Trail of Bits | - | Third-party security analysis |

Note: No dedicated security team. Security comes from community review and individual contributors with security backgrounds.

Research Gaps

| Area | Status | Priority | |------|--------|----------| | Company structure | ❌ Unknown | Medium | | Full contributor identities | ⚠️ Partial | Low | | Employment relationships | ❌ Unknown | Low | | Formal security team | ❌ None | Medium |

Timeline

| Date | Event | |------|-------| | 2025-05-20 | jackjackbits GitHub account created | | 2025-07-04 | Bitchat iOS repo created | | 2025-07-06 | Jack Dorsey announces on X | | 2025-07-16 | $10M investment in andOtherStuff | | 2026-01 | 30+ iOS contributors, 20+ Android |

Sources

| Source | Type | |--------|------| | GitHub - bitchat | Primary | | GitHub - bitchat-android | Primary | | Wikipedia - Bitchat | Reference | | TechCrunch | News | | Nadim Kobeissi | Personal |

Constitutional Research Note: The team is a mix of well-known figures (Dorsey, Kobeissi, Calle) and pseudonymous contributors. The project benefits from Dorsey's personal investment and network but lacks formal corporate structure or dedicated security resources.

Security Analysis

Security Analysis: Bitchat

Last Updated: 2026-01-22

Critical Security Notice

Bitchat has NOT received a formal external security audit. The project's own disclaimer states:

"This software has not received external security review and may contain vulnerabilities and does not necessarily meet its stated security goals. Do not use it for production use, and do not rely on its security whatsoever until it has been reviewed."

Known Vulnerabilities

BITCHAT-2025-001: Identity Authentication Bypass

Severity: CRITICAL Disclosed: 2025-07-09 Researcher: Alex Radocea

Description: Ephemeral keys were not verified against identity keys, enabling man-in-the-middle impersonation attacks.

Status: In progress - migrating to Noise Protocol Framework Response Time: Acknowledged

BITCHAT-2025-002: Insufficient Forward Secrecy

Severity: HIGH Disclosed: 2025-07-09

Description: Session-level forward secrecy only, not per-message. No Double Ratchet algorithm implemented.

Impact: If session key is compromised, all messages in that session can be decrypted (unlike Signal which uses per-message ratcheting).

Status: Acknowledged - design limitation

BITCHAT-2025-003: Master Key Single Point of Failure

Severity: HIGH Disclosed: 2025-07-09

Description: Single master key compromise = total permanent access. No key rotation mechanism.

Status: Design limitation

BITCHAT-2025-004: Buffer Overflow

Severity: MEDIUM Disclosed: 2025-07-09

Description: Memory corruption vulnerability in message handling.

Status: PATCHED Response Time: 4 hours

Third-Party Security Analysis

Trail of Bits (2025-07-18)

Assessment: "Vulnerabilities are legitimate and concerning, fundamental design flaws, but early signs promising for fixes"

Source: Trail of Bits Blog

Cryptographic Architecture

Noise Protocol Framework (Current)

| Component | Implementation | |-----------|----------------| | Handshake Pattern | XX (mutual authentication) | | Cipher | ChaCha20-Poly1305 (AEAD) | | Key Exchange | X25519 (Curve25519) | | Hash | SHA-256 | | Key Derivation | HKDF-SHA256 | | Rekey Trigger | 1 hour or 10,000 messages |

Nostr Integration (NIP-17)

  • Gift-wrapped messages for metadata privacy
  • 290+ relay support
  • Public/private key pairs (secp256k1)

Privacy Features

| Feature | Implementation | |---------|----------------| | Dummy Messages | 30-120 second intervals | | Timing Jitter | 50-500ms random delays | | Message Padding | PKCS#7-style | | Metadata | TTL and message ID only |

Security vs. Signal Protocol Comparison

| Feature | Bitchat | Signal | |---------|---------|--------| | Forward Secrecy | Session-level | Per-message (Double Ratchet) | | Post-Compromise Security | ❌ No | ✅ Yes | | Key Rotation | Manual only | Automatic | | Formal Verification | ❌ No | ✅ Yes | | External Audit | ❌ No | ✅ Multiple | | Open Source | ✅ Yes | ✅ Yes |

Security Infrastructure

Code-Level Security

| Component | File | |-----------|------| | Rate Limiting | NoiseRateLimiter.swift | | Replay Protection | MessageDeduplicationService.swift | | Key Storage | KeychainManager.swift (iOS Keychain) | | Validation | NoiseSecurityValidator.swift |

Dependencies

| Package | Version | Security Status | |---------|---------|-----------------| | swift-secp256k1 | 0.21.1 | ✅ Active maintenance | | Arti (Tor) | Local | ⚠️ Beta status |

Audit Status

| Type | Status | |------|--------| | External Security Audit | ❌ Not completed | | Formal Verification | ❌ Not completed | | Bug Bounty Program | ❌ Not available | | Internal Code Review | ✅ GitHub PR process |

Security-Experienced Contributors

  • Nadim Kobeissi (Cure53 background, 250+ audits)
  • Community security researchers

Vulnerability Response

Disclosed Issues Response Time

| Vulnerability | Response Time | Resolution | |--------------|---------------|------------| | Buffer Overflow | 4 hours | Patched | | Identity Bypass | Days | In progress | | Forward Secrecy | Acknowledged | Design limitation |

Recommendations

For Users

  1. Do NOT use for high-risk communications until external audit
  2. Use for low-stakes messaging only
  3. Understand limitations vs. Signal
  4. Keep app updated

For Bitchat Team

  1. Commission external security audit
  2. Implement Double Ratchet for per-message forward secrecy
  3. Add key rotation mechanism
  4. Establish bug bounty program
  5. Complete Noise Protocol migration

Risk Assessment

| Finding | Severity | Notes | |---------|----------|-------| | No external audit | HIGH | Fundamental concern | | Identity bypass vuln | CRITICAL | Being addressed | | No Double Ratchet | HIGH | Design limitation | | Master key SPOF | HIGH | No rotation | | 4-hour patch response | ✅ Good | Quick response | | Open source | ✅ Good | Community review possible |

Sources

| Source | Type | |--------|------| | Trail of Bits Analysis | Security Research | | TechCrunch - Security Issues | News | | GitHub - BRING_THE_NOISE.md | Official | | Whitepaper | Official |

Constitutional Research Note: Despite security concerns, Bitchat represents an interesting experiment in offline-capable encrypted messaging. The team's quick response to the buffer overflow (4 hours) shows commitment, but the fundamental design limitations (no Double Ratchet, no key rotation) require users to accept different security trade-offs than Signal.

Explore Related Projects

Click nodes to explore connections. Drag to reposition.

Community research for Web3Privacy