I have been working on an Android App quite a while now, starting from a simple idea.
A messenger where messages travel directly between phones with no servers in between. Using direct WebRTC encrypted connections (SRTP/DTLS), there are no servers that stores, reads, or relays content. Group chats use a gossip protocol where members relay to other members.
The only infrastructure the app touches is a signalling relay to set up the connection (no message content), a push notification to wake up a sleeping phone (also no content), and a TURN relay for restricted networks (encrypted packets only).
I wrote a detailed white paper explaining the full architecture: https://www.mindtheclub.com/white-paper.html
The app is in Open Testing on Google Play (1,000 tester cap): https://www.mindtheclub.com/beta-signup.html
I’m interested in this community's perspective on whether the architecture holds up.
given that the messages are encrypted, what is the advantage that you perceive in using "the cloud" (servers) only for signaling rather than transmitting the actual ciphertext through them? Wouldn't your "cloud" servers see "just the metadata" either way?
It saves some costs for you, but it comes at the cost of requiring users to be online at the same time to exchange messages... is there some other advantage that you see?
ah, so it will be the kind of "free open source software" which can only be used via Google Play 🙄
that's another thing you should inform potential users of explicitly, if you want to be honest.