Cross-Platform Encryption Over Messengers: Implementation on iOS and Android
When only whitelisted messengers without end-to-end encryption are available, a layer of protection over the existing transport is required. Dark Message implements offline encryption of messages, files, and documents using AES-256-GCM. Encrypted content is copied into any transmission channel—MAX, email, or SMS—without access to the original data on the sender's or recipient's device.
The app operates without network permissions, encrypting data locally. The recipient decrypts using a shared password, ensuring compatibility between Android, iOS, and Windows.
Architecture and Cryptography
Symmetric encryption is built on AES-256-GCM for confidentiality and authentication. Key derivation uses PBKDF2-HMAC-SHA512 with 600,000 iterations and a random salt. The encrypted packet format is: [version:1B][contentType:1B][salt:16B][nonce:12B][ciphertext+GCM_tag:NB]. This guarantees unique ciphertext even for identical input data with the same password.
Supported types:
- Text messages (output as Base64 string).
- Images and files (output as .darkm).
- Documents of any format (PDF, DOCX, XLSX, ZIP).
Development with AI: From Architecture to Debugging
Claude was used for code generation, structure design, and error analysis. AI suggested architecture, wrote drafts, and assisted in byte comparison during cross-platform tests. Final testing and refinements were done manually on real devices.
Process:
- Task description—proposal of structure.
- Code generation—local testing.
- Debugging discrepancies (bytes, keys).
- Testing on Python for verification.
AI accelerated development, replacing a cross-platform team, but did not eliminate the need for hardware validation.
CI/CD Without Mac: GitHub Actions for iOS
iOS builds occur on a virtual macOS in GitHub Actions. The pipeline uses XcodeGen to generate the project from YAML, avoiding storing .xcodeproj in the repository. Automatic signing and upload to App Store Connect.
Pipeline stages:
- Repository cloning.
- Xcode project generation.
- Build and archive.
- Upload to TestFlight (15 minutes from commit).
Android is built locally via Gradle (APK/AAB). This enables cross-platform development on Windows.
Cross-Platform Issues and Solutions
Ensuring identical decryption between platforms revealed key discrepancies.
UTF-8 in Key Derivation
Java PBEKeySpec converts passwords via char[], iOS via UTF-8 bytes. Solution: custom PBKDF2 on Android with passphrase.toByteArray(Charsets.UTF_8).
Visually Identical Characters
Password "a" (Cyrillic U+D0B0) on iPhone vs. Latin "a" (U+0061) on Android. Testing with a Python script confirmed differences in keys.
KDF Selection
Argon2id on Android conflicted with CI/CD (dependency issues). Switching to PBKDF2 ensured unification.
Publication: Lessons from App Store and RuStore
App Store: two rejections due to mentions of messengers in metadata, generated screenshots, and incomplete localizations. Requirements: real screenshots, clean descriptions, full localizations, Support URL with contacts.
RuStore: screenshots strictly 9:16, increasing versionCode.
Key Points
- Offline operation: no network requests, data does not leave the device.
- Compatibility: encrypted on Android—decrypted on iOS/Windows.
- Robustness: AES-256-GCM + PBKDF2 (600k iterations) against brute-force.
- Simplicity: copy/paste through any transport.
- Openness: potential open source for audit.
Use in Projects
Integration into existing apps is possible by exporting encryption logic. For middle/senior developers: implement PBKDF2 with fixed parameters for cross-platform compatibility. Test on real devices, focusing on UTF-8 password normalization.
— Editorial Team
No comments yet.