Back to Home

Encryption over MAX: AES-256 for Android/iOS

The article describes the development of the offline Dark Message application for encryption over messengers with AES-256-GCM and PBKDF2. Analysis of cross-platform UTF-8 problems, CI/CD on GitHub Actions without Mac, publication to App Store. Full Android-iOS-Windows compatibility.

Offline AES-256 encryption for any messengers
Advertisement 728x90

Cross-Platform Encryption Over Messengers: Implementation on iOS and Android

When only whitelisted messengers without end-to-end encryption are available, a layer of protection over the existing transport is required. Dark Message implements offline encryption of messages, files, and documents using AES-256-GCM. Encrypted content is copied into any transmission channel—MAX, email, or SMS—without access to the original data on the sender's or recipient's device.

The app operates without network permissions, encrypting data locally. The recipient decrypts using a shared password, ensuring compatibility between Android, iOS, and Windows.

Architecture and Cryptography

Symmetric encryption is built on AES-256-GCM for confidentiality and authentication. Key derivation uses PBKDF2-HMAC-SHA512 with 600,000 iterations and a random salt. The encrypted packet format is: [version:1B][contentType:1B][salt:16B][nonce:12B][ciphertext+GCM_tag:NB]. This guarantees unique ciphertext even for identical input data with the same password.

Google AdInline article slot

Supported types:

  • Text messages (output as Base64 string).
  • Images and files (output as .darkm).
  • Documents of any format (PDF, DOCX, XLSX, ZIP).

Development with AI: From Architecture to Debugging

Claude was used for code generation, structure design, and error analysis. AI suggested architecture, wrote drafts, and assisted in byte comparison during cross-platform tests. Final testing and refinements were done manually on real devices.

Process:

Google AdInline article slot
  • Task description—proposal of structure.
  • Code generation—local testing.
  • Debugging discrepancies (bytes, keys).
  • Testing on Python for verification.

AI accelerated development, replacing a cross-platform team, but did not eliminate the need for hardware validation.

CI/CD Without Mac: GitHub Actions for iOS

iOS builds occur on a virtual macOS in GitHub Actions. The pipeline uses XcodeGen to generate the project from YAML, avoiding storing .xcodeproj in the repository. Automatic signing and upload to App Store Connect.

Pipeline stages:

Google AdInline article slot
  • Repository cloning.
  • Xcode project generation.
  • Build and archive.
  • Upload to TestFlight (15 minutes from commit).

Android is built locally via Gradle (APK/AAB). This enables cross-platform development on Windows.

Cross-Platform Issues and Solutions

Ensuring identical decryption between platforms revealed key discrepancies.

UTF-8 in Key Derivation

Java PBEKeySpec converts passwords via char[], iOS via UTF-8 bytes. Solution: custom PBKDF2 on Android with passphrase.toByteArray(Charsets.UTF_8).

Visually Identical Characters

Password "a" (Cyrillic U+D0B0) on iPhone vs. Latin "a" (U+0061) on Android. Testing with a Python script confirmed differences in keys.

KDF Selection

Argon2id on Android conflicted with CI/CD (dependency issues). Switching to PBKDF2 ensured unification.

Publication: Lessons from App Store and RuStore

App Store: two rejections due to mentions of messengers in metadata, generated screenshots, and incomplete localizations. Requirements: real screenshots, clean descriptions, full localizations, Support URL with contacts.

RuStore: screenshots strictly 9:16, increasing versionCode.

Key Points

  • Offline operation: no network requests, data does not leave the device.
  • Compatibility: encrypted on Android—decrypted on iOS/Windows.
  • Robustness: AES-256-GCM + PBKDF2 (600k iterations) against brute-force.
  • Simplicity: copy/paste through any transport.
  • Openness: potential open source for audit.

Use in Projects

Integration into existing apps is possible by exporting encryption logic. For middle/senior developers: implement PBKDF2 with fixed parameters for cross-platform compatibility. Test on real devices, focusing on UTF-8 password normalization.

— Editorial Team

Advertisement 728x90

Read Next