Air-gapped, end-to-end encrypted offline messenger for Android.
Monolith is designed for environments that demand resistance against high level threat actors. Communication happens exclusively through QR codes. The application requires no network access of any kind.
For the full architecture and threat model, see the Monolith Whitepaper.
See monolith-sec.com.
The published APK is reproducible — build it in a pinned environment and verify it byte-for-byte against this source: see REPRODUCIBLE.md (lists the exact pinned toolchain).
Quick local build for contributors: ./gradlew assembleRelease (arm64-v8a, Android 13+).
| Layer | Location | Purpose |
|---|---|---|
| Presentation | app/src/main/java/com/monolith/app/ui/ |
Jetpack Compose, single-activity navigation |
| Cryptography | app/src/main/java/com/monolith/app/crypto/ |
Identity keys, database wrapping, JNI bridge |
| Data | app/src/main/java/com/monolith/app/data/ |
Room database with SQLCipher encryption |
| Native | app/src/main/cpp/ |
libsodium-based hybrid encryption (X25519 + ChaCha20-Poly1305) |
For details on each layer, the cryptographic primitives, and the full threat model, refer to the Whitepaper.
If you discover a security vulnerability, please follow the procedure described in SECURITY.md. Do not file public GitHub issues for security-related bugs.
GNU GPL v3 (GPL-3.0-only) · © 2026 Aron Basalt · see LICENSE.
This application bundles libsodium (v1.0.18), licensed under the ISC License. See app/src/main/cpp/libs/LICENSE for its notice.