Skip to content

Monolith-sec/Monolith

Repository files navigation

Monolith

Air-gapped, end-to-end encrypted offline messenger for Android.

Monolith is designed for environments that demand resistance against high level threat actors. Communication happens exclusively through QR codes. The application requires no network access of any kind.

For the full architecture and threat model, see the Monolith Whitepaper.


Get the App

See monolith-sec.com.


Build from Source

The published APK is reproducible — build it in a pinned environment and verify it byte-for-byte against this source: see REPRODUCIBLE.md (lists the exact pinned toolchain).

Quick local build for contributors: ./gradlew assembleRelease (arm64-v8a, Android 13+).


Architecture

Layer Location Purpose
Presentation app/src/main/java/com/monolith/app/ui/ Jetpack Compose, single-activity navigation
Cryptography app/src/main/java/com/monolith/app/crypto/ Identity keys, database wrapping, JNI bridge
Data app/src/main/java/com/monolith/app/data/ Room database with SQLCipher encryption
Native app/src/main/cpp/ libsodium-based hybrid encryption (X25519 + ChaCha20-Poly1305)

For details on each layer, the cryptographic primitives, and the full threat model, refer to the Whitepaper.


Security

If you discover a security vulnerability, please follow the procedure described in SECURITY.md. Do not file public GitHub issues for security-related bugs.


License

GNU GPL v3 (GPL-3.0-only) · © 2026 Aron Basalt · see LICENSE.

Third-Party

This application bundles libsodium (v1.0.18), licensed under the ISC License. See app/src/main/cpp/libs/LICENSE for its notice.

About

Air-gapped, end-to-end encrypted offline messenger for Android

Topics

Resources

License

Security policy

Stars

2 stars

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors