Skip to content
/ FoxTrot-FrontEnd Public

FoxTrot, Mobile App offering end-to-end encrypted communication

1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

reznik99/FoxTrot-FrontEnd

BranchesTags

Repository files navigation

Contributors Forks Stargazers Issues LinkedIn

FoxTrot

End-to-end encrypted messenger for Android, built with React Native and TypeScript.

Backend repo: FoxTrot-Back-End

Features

  • Encrypted messaging — Send text, photos, and voice messages. Everything is encrypted before it leaves your device.
  • Audio & video calls — Peer-to-peer calls that connect directly between devices when possible, with relay fallback.
  • Biometric unlock — Log in with your fingerprint or device passcode.
  • Push notifications — Get notified of new messages and incoming calls, with a full-screen call UI.
  • Security verification — Verify your contact's identity with a shareable security code.
  • Device migration — Export your identity keys to a password-protected file and import them on a new device.

Security

All encryption happens on-device. The server only stores and relays ciphertext.

Key Exchange

Each user generates an ECDH P-384 keypair on signup. The public key is uploaded to the server. When you open a conversation, a shared AES-256 session key is derived from your private key and the contact's public key via ECDH key agreement.

Message Encryption

Messages (including any attached media) are encrypted with AES-256-GCM using a random 12-byte IV per message. Each conversation has its own session key. Messages are stored encrypted at rest and decrypted on-demand when you tap them.

Local Storage

  • SQLite database encrypted with SQLCipher (AES-256-CBC + HMAC-SHA512). Encryption key stored in device Keychain.
  • MMKV key-value store encrypted with AES-CFB-128. Key stored in device Keychain.
  • Identity keys stored in device secure hardware via react-native-keychain, protected by biometric or device passcode.

Calls

WebRTC with DTLS-SRTP. Signaling goes through the WebSocket server. ICE candidates use STUN/TURN with fallback to TURN over TCP and TLS.

Key Backup

Identity keys can be exported encrypted with a password-derived key (PBKDF2, 100k iterations, SHA-256 → AES-256-GCM).

Tech Stack

Layer Tech
Framework React Native 0.80, TypeScript
State Redux Toolkit
Crypto react-native-quick-crypto (SubtleCrypto API)
Database op-sqlite with SQLCipher
Storage react-native-mmkv (encrypted)
Camera react-native-vision-camera
Audio react-native-nitro-sound
Networking Axios, WebSocket, WebRTC
Notifications Firebase Cloud Messaging
UI React Native Paper (Material Design 3)

Running Locally

# Install dependencies
npm install

# Run tests
npm test

# Run on Android
npm run android

Requires Node >= 20.

TODO

  • Video messages
  • GIF support
  • Group messaging

About

FoxTrot, Mobile App offering end-to-end encrypted communication

Topics

typescript react-native subtlecrypto encrypted-messages encrypted-chat end-to-end-encryption

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases 23

v1.18.6 Latest
Feb 24, 2026
+ 22 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages