Extended Messenger-Matrix

A fork from Messenger-Matrix | FAQ | Changes



To compare multiple apps enter: "messenger 1 || messenger 2" in the top cell of the first row
To also include (non)empty cells in your search use "value || [(non)empty]"

Last updated: 07.04.2023 Price Repository Software license Comes without proprietary libraries Availability Checksums available Installation requirement Works without Google Play Services Tracker integration (Exodus) Client is available since Last public client audit Last public protocol audit Android iOS Windows macOS Linux Web Encryption protocol / library Cryptographic primitives End-to-end encryption End-to-end encrypted
2-user chat		 End-to-end encrypted group chat End-to-end encryption is turned on by default Local message encryption Perfect Forward Secrecy is enforced Certificate pinning is used Directory service can be modified to enable a MITM attack Contact verification possible Contact can be added without needing to trust a directory server Notification if contact's fingerprint changes Contact's fingerprints can be verified manually Avoids / Protects metadata during use Native onion routing support 2FA Centralized / Federated / Decentralized Infrastructure hosting Open Source server Transparency report Infrastructure jurisdiction Jurisdiction of the devs/company Funding App lock Visible if contacts are online Online indicator is turned off my default Online indicator can be turned on or off Audio-calls Video-calls Group-calls Screen-sharing on desktop Group chats Voice messages File exchange Read receipts Draft messages Editing sent messages Disappearing messages Deleting sent messages locally Deleting sent messages for both
(2 user chat)		 Synchronization between multiple devices Storage location of the backup Automated backup Encrypted backup Additional features Last date information got verified
Berty Free GitHub Apache 2.0 / MIT App Store, Play Store, Github Yes None Yes 0 2019 — — Yes Yes Yes No Yes No Berty protocol Encryption: X25519
Signature: Ed25519
KDF: HKDF		 Yes Yes Yes Yes Yes Yes No No Distributed Peer-to-peer N/A (no servers) N/A (no servers) No Nodle No No — — No No No No Yes Yes Yes No Yes No No No No No Locally No No - Message sharing over Bluetooth
Briar Free GitLab GPLv3 Yes Play Store, F-Droid, website No None Yes 0 2018 2017 2017 Yes No Yes No Yes No Bramble Key exchange: X25519
Elliptic curve: Curve25519
Hash function: BLAKE2b
Stream cipher: Salsa20
MAC: BLAKE2b		 Yes Yes Yes Yes Yes Yes N/A (no servers) N/A (no directory service) Yes Yes Yes No Yes via onion routing Yes No Distributed Peer-to-peer N/A (no servers) N/A (no servers) No — UK List here Custom passphrase after device start / device pin after inactivity Yes No No No No No No Yes No Yes (only images) Yes No No Yes Yes No No No No No - Screenshot protection
- Mesh networking
- Forums, blogs, RSS feed
- Deniability for one-to-one messages
- Message sharing over Bluetooth
- Reproducible builds
Conversations (XMPP) (f) Free / paid GitHub GPLv3 Yes Play Store, F-Droid No None Yes 0 2014 — 2016 Yes No No No No No OMEMO Elliptic curve: Curve25519/Ed25519
MAC: HMAC-SHA256
Hash function: SHA-256
Symmetric encryption: AES-256-CBC		 Yes Yes Yes Yes No Yes No N/A (no directory service) Yes Yes Yes
(if previously verified)		 No No Via Orbot No Federated Distributed server Depends on the provider Not required. Client only Depends on server location Germany NLNet, user pays, donations No Yes yes Yes Yes (depends on server) Yes (depends on server) No No Yes Yes Yes Yes Yes Yes No Yes but not individually No Yes Locally No Yes - Interoperability with other XMPP clients
- Plausible deniability 		23.12.2021
CoyIM (XMPP) Free GitHub GPLv3 GitHub, multiple repositories Yes XMPP account N/A (no mobile app) N/A (no mobile app) 2015 — Only the encryption library No No Yes Yes Yes No OTR3 Symmetric encryption: AES-128-CTR
Hash function: SHA-1
MAC: HMAC-SHA256		 Yes Yes No No, but user will get prompted to enable it Messages get deleted after closing the app Yes Yes Yes Yes Yes Yes (if Tor is installed) No Federated Distributed server Depends on the provider No Depends on server location Yes Yes No No No No No No Yes No Yes No No No When closing CoyIM, all messages get deleted No No Only contacts Locally (only the configuration file) Yes User decides - Interoperability with other XMPP clients
- Plausible deniability
Cwtch Free Open Privacy Gitea MIT Play Store, Website Yes None Yes 0 2019 — — Yes No Yes Yes Yes No Tor hidden services/TLS Curve25519 / AES-128 Yes Yes Yes Yes Yes Yes Yes via onion routing Yes No Decentralized Peer-to-peer N/A (no servers, except for experimental groups) N/A (no servers, Cwtch Server for groups is open source) No — Canada Open Privacy Research Society Custom passphrase after device start Yes No No No No No No Yes No Yes Yes No No Yes No No No Locally No Yes - Reproducible builds
Delta Chat (f) Free GitHub GPLv3 Yes App Store, Play Store, F-Droid, Website, different package managers Verification of the signing certificate possible Email Yes 0 2017 — — Yes Yes Yes Yes Yes No OpenPGP
with Autocrypt		 Only DC contacts Yes Yes Yes for DC contacts / no for normal emails No No No N/A (no directory service) Yes Yes Only in verified group chats Yes No SOCKS5 proxy available No Federated Distributed server Depends on the server No Depends on server location Germany List here No No — — No No No No Yes Yes Yes Yes Yes No Yes Yes No Yes Locally No No 22.12.2021
Discord Free — Proprietary No App Store, Play Store, Website No Email Yes 2 2015 — — Yes Yes Yes Yes Yes Yes TLS No No No No No No No No No No No TOPT after new login Centralized Google and Cloudflare No Yes USA Discord Nitro No Yes No Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes No Yes Yes Yes None — — Denied email contact
Element Free GitHub Apache 2.0 Yes App Store, Play Store, F-Droid, website, GitHub No Email Yes 0 2016 2022 2022 Yes Yes Yes Yes Yes Yes Olm / Megolm Key agreement: X3DH Curve25519
Fingerprint key pair: Ed25519
Identity key pair: Curve25519
One-time keys: Curve25519
Message encryption: AES-256-CBC
MAC: HMAC-SHA256
KDF: HKDF-SHA256		 Yes Yes Yes Yes Yes Yes No Yes Yes No Yes Yes No No No Federated Distributed server / Google (Opt-In) Yes No Depends on server location UK New Vector Limited, Community Yes No — — Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Partially (depends on server) Yes Yes Yes Locally and / or Cloud Partially, after setup Yes - Cross-signed device verification
- Plausible deniability
Facebook Messenger Free — Proprietary No App Store, Play Store, Microsoft Store No Email or phone number; Facebook account Yes 5 2011 — — Yes Yes Yes Yes No Yes Signal Protocol (unverifable) Public keys: Curve25519
Identity key pair: Curve25519
MAC: HMAC-SHA256		 Yes Yes No No Yes Yes No Yes Yes No No TOTP or SMS on new device Centralized Facebook No Yes USA USA Facebook Face ID or Touch ID (Only iOS) Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Locally No No
ginlo Privat (f) Free GitHub Apache 2.0 Yes App Store, Play Store, Website No None Yes 2 2014 — — Yes Yes No No No No AES RSA-2048 / AES-256 Yes Yes Yes Yes Yes No No No Yes via QR code Yes Yes Yes Yes No No Centralized Servers in Germany No Yes Germany Germany ginlo Business customers, Karsten Schramm & Co-Investors Custom PIN or passphrase after app start Yes No Yes Yes Yes Yes No Yes Yes Yes Yes Yes No Yes Yes No Yes Locally Yes Yes 05.04.2022
Jami Free GitLab GPLv3 Yes App Store, Play Store, F-Droid, website No None Yes 0 2018 — — Yes Yes Yes Yes Yes No RSA-Keys (4096-Bit) RSA-4096 PKI / AES-256 Yes Yes No Yes No Yes Yes via QR code Partially No Distributed Peer-to-peer N/A (no servers) N/A (no servers) No — Canada Donations, GNU/EFF No Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No Yes Locally No No
Messages Free — Proprietary No App Store No Email; Apple ID account Yes N/A (no Android app) 2011 — — No Yes No Yes No No Proprietary, unknown MAC: HMAC-SHA256
Encryption: AES-CTR
Signature: ECDSA		 Yes Yes Yes Yes Yes No Yes (>=iOS 9.3) Yes No No No No No No Centralized Apple No Yes USA USA Apple No No — — No No No Yes Yes Yes Yes Yes Yes No Yes Yes (>=iOS 16) Yes Locally and / or Cloud After setup (only cloud) Locally
Molly FOSS Free GitHub GPLv3 Yes GitHub, F-Droid No Phone number Yes 2020 — — Yes No No No No No Signal Protocol Key agreement: X3DH
Symmetric encryption: AES-256-CBC
Elliptic curve: Curve25519
MAC: HMAC-SHA256
KDF: HKDF-SHA256		 Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Partially SOCKS5 proxy available Custom passphrase Centralized Amazon, Microsoft, Google & Cloudflare Yes Yes USA Donations Device pin, passphrase, or biometric authentication No — — Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Locally Yes Yes - RAM Shredding
- Automatic locking
- Block unknown contacts
- Plausible deniability
Olvid Free Free GitHub AGPLv3 No App Store, Play Store No None Yes 1 2019 2020 (Android), 2021 (iOS) 2020 Yes Yes No No No Yes (not open source) Olvid messaging protocol Hash function: SHA-256
MAC: HMAC-SHA256
KDF: KDF-SHA256
Block cipher: AES-256
Symmetric encryption: AES-256-CTR
 Yes Yes Yes Yes Yes Yes N/A (no directory service) Yes via QR code N/A (no directory service) Yes No Yes No No Centralized Message relaying server is hosted with AWS No No France Freemium Custom PIN, passphrase or fingerprint after app start No — — 1 month free trial No Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Locally and / or cloud Locally and / or cloud Yes 04.11.2022 (partly)
RetroShare (f) Free GitHub Multiple Yes GitHub, F-Droid, website Yes None Yes 0 2006 2016 — Yes No Yes Yes Yes No (web app is not complete yet) TLS 1.3 (OpenSSL) TLS_AES_256_GCM_SHA384 / Chacha20+poly1305 Yes Yes No Yes Yes Yes No No Yes Yes (stops connecting to those friends) Yes Yes Yes No Decentralized Peer-to-peer N/A (no servers) N/A (no servers) No — Mostly none, except Google summer of code No Yes No No Yes (experimental) Yes (experimental) No No Yes No Yes Yes No No No Yes No No Locally (old versions of config and data files) Yes Yes 20.04.2022
Ricochet Refresh (f) Free GitHub 3-Clause BSD Yes GitHub Yes None N/A (no mobile app) N/A (no mobile app) 2019 — — No No Yes Yes Yes No Tor hidden services/TLS Onion service identity verification: ed25519 Yes Yes N/A (no group chat) Yes Messages get deleted after closing the app Yes No No No No No Yes via onion routing Yes No Decentralized Peer-to-peer N/A (no servers) N/A (no servers) No — Germany Blueprint For Free Speech No Yes No No No No No No No No Yes No No No When closing Ricochet Refresh, all messages get deleted No No No None — — 30.08.2022 (partly)
Session (f) Free GitHub GPLv3 No App Store, Play Store, F-Droid, GitHub, Website Yes None Yes 0 2020 2021 2021 Yes Yes Yes Yes Yes No Session Protocol (NaCl) Identity key pair: X25519
MAC: HMAC-SHA256
 Yes Yes Yes Yes Yes No Yes N/A (no directory service) Yes Yes Yes Yes Yes via onion routing Yes No Decentralized Yes Yes Depends on server location Australia LAG Foundation Ltd, OPTF Foundation Device PIN or fingerprint after app start No — — Yes Yes No No Yes Yes Yes Yes Yes No Yes Yes Yes Yes Locally No Yes 16.01.2022
Signal Free GitHub GPLv3 (Android, iOS), AGPLv3 (Desktop) No App Store, Play Store, Website No Phone number Yes 0 2014 2022 2021 Yes Yes Yes Yes Yes No Signal Protocol Key agreement: X3DH
Symmetric encryption: AES-256-CBC
Elliptic curve: Curve25519
MAC: HMAC-SHA256
KDF: HKDF-SHA256		 Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Partially No Custom passphrase Centralized Amazon, Microsoft, Google & Cloudflare Yes Yes USA USA List here Device pin, passphrase, or biometric authentication No — — Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes Yes Yes Locally After setup Yes - Plausible deniability
SimpleX Chat (f) Free GitHub AGPLv3 Yes App Store, Play Store, F-Droid, Github Only for the APK None Yes 0 2021 — 2022 Yes Yes Yes (cli only) Yes (cli only) Yes (cli only) No Double Ratchet / NaCl Key negotiation: Curve25519
Initial key agreement: Ed448
KDF: HKDF-SHA512
Shared secret agreement: Curve448
Message body encryption: curve25519xsalsa20poly1305		 Yes Yes Yes Yes Yes Yes Yes N/A (no directory service) N/A, there are no identities, the contacts are verified out-of-band - we do not have identities in the network Yes N/A, there are no permanent identities Key exchange happens out of band, via QR code, so MITM attack is not possible and key integrity is preserved in a non-optional way, unlike how it happens with fingerprint verification Yes Yes via Orbot No Client centric network based on the platform that consists of cheap redundant server nodes providing unidirectional queues, that do not talk to each other, without any central catalogue Anybody can host the servers, open-source code is available, with one-click deployment on Digital Ocean and Linode (distributed server) Yes No — UK SimpleX Chat Device PIN, passphrase or fingerprint No — — Yes Yes No Yes Yes Yes No Only in the app Yes No Yes Yes No Locally No No - Self-hosted WebRTC ICE servers for audio and video calls
- Plausible deniability		 13.01.2022
Siskin (XMPP) Free GitHub GPLv3 Yes App Store No N/A (no Android app) 2016 — — No Yes No No No No OMEMO Elliptic curve: Curve25519/Ed25519
MAC: HMAC-SHA256
Hash function: SHA-256
Symmetric encryption: AES-256-CBC		 Yes Yes No Yes Yes Yes
(if previously verified)		 No Federated Distributed server Depends on the provider No Depends on server location Tigase Inc. Yes Yes (depends on server) No Yes Yes Yes No Yes None — — - Interoperability with other XMPP clients
- Plausible deniability
Skype Free — Proprietary No App Store, Play Store, Microsoft Store, Website No Microsoft account Yes 1 2003 — — Yes Yes Yes Yes Yes Yes Skype Protocol / Signal Protocol Encryption: AES-256 Only in "Private Conversations" Only in "Private Conversations" No No No Yes Yes No No No No No No No Centralized Microsoft No Yes USA USA Microsoft No Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes (will remove it for all users) Yes (only own messages) Yes Locally No No
Speek! (f) Free GitHub Open source but no license Yes App Store, Play Store, Microsoft Store, GitHub Yes None Yes 0 2022 — — Yes No Yes Yes Yes No Speek Protocol / Tor hidden services DHE handshake / Curve25519 / HMAC-SHA256 / RSA-2048 Yes Yes N/A (no group chat) Yes Messages get deleted after closing the app Yes Yes N/A (no directory service) Yes Yes Yes Yes Yes via onion routing Yes No Decentralized Peer-to-peer N/A (no servers) N/A (no servers) No — Germany No funding No Yes No No No No No No No No Yes No No No When closing Speek, all messages get deleted No Only received messages No Locally (only contacts, messages are never stored) No No 29.03.2022
Telegram Free / paid GitHub Multiple No App Store, Play Store, F-Droid, Website, GitHub No Phone number (paid anonymous numbers available) Yes 1 2013 — 2015 Yes Yes Yes Yes Yes Yes MTProto 2.0 RSA-2048 / AES-256 / SHA-256 Only individual chats (optional) Only in "Secret Chat" No No No Yes Yes Yes Only in "Secret Chats" No No No No SOCKS5 proxy available SMS Centralized Amazon, Google and others No No Dubai (alternating) USA / UK / Belize / UAE Pavel Durov, Telegram Premium Custom PIN or fingerprint after app start Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes (1, 2) Yes Yes Only unencrypted chats Cloud
(except "Secret Chats")		 Yes Key with the provider - Automatic chat history deletion
Threema for Individuals (f) Paid GitHub AGPLv3 No App Store, Play Store, Website No None Yes 2012 2020 2023 (1, 2) Yes Yes Yes Yes Yes Yes NaCI Elliptic Curve: ECDH on Curve25519
Stream cipher: XSalsa20 / HSalsa20
MAC: Poly1305		 Yes Yes Yes Yes Yes Yes (must be enabled) Yes Yes Yes Yes Yes Yes Partially No No Centralized Servers in Switzerland No Yes Switzerland Switzerland User pays, Afinum Management AG No No — — Yes Yes Yes No Yes Yes Yes Yes Yes No No Yes No Only iOS Locally and /
 or (own) Server		 Yes Yes - Reproducible Builds 11.01.2022
aTox (Tox) Free GitHub GPLv3 Yes Play Store, F-Droid, GitHub No None Yes 0 2020 — — Yes No No No No No NaCI Key exchange: Curve25519
Stream cipher: Salsa20
MAC: Poly1305-AES		 Yes Yes N/A (no group chat) Yes No Yes Yes No Partially SOCKS5 proxy available No Decentralized Peer-to-peer N/A (no servers) N/A (no servers) No — No Yes No No Yes No No No No No Yes No Yes No No Yes No No Locally (only contacts) No No - Plausible deniability
Viber Free — Proprietary No App Store, Play Store, Website No Phone number Yes 6 2010 — — Yes Yes Yes Yes Yes No Proprietary / unknown Identity key pair: Curve25519
PreKeys: Curve25519
MAC: HMAC-SHA256		 Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No 6-digit PIN when registering the phone number again Centralized No No Luxembourg / Japan Rakuten / friends and family of Talmon Marco Only for Viber Desktop Yes No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Cloud Yes
WhatsApp Free — Proprietary No App Store, Play Store, Website No Phone number Yes 1 2009 — — Yes Yes Yes Yes No Yes Signal Protocol (unverifable) Curve25519 / AES-256 / HMAC-SHA256 Yes Yes Yes Yes Yes Yes Yes Yes Yes No Must be enabled Yes No No 6-digit pin when registering the phone number again Centralized Facebook No Yes USA USA Facebook Device fingerprint after app start Yes No Only for yourself Yes Yes Yes No Yes Yes Yes Yes Yes No Yes Yes Yes Yes Locally and Cloud After setup Key with the provider Denied email contact
Wickr Me Free — Proprietary No App Store, Play Store, Website No None Yes 3 2012 — — Yes Yes Yes Yes Yes No Wickr Messaging Protocol Signatures and key agreement: ECDSA and ECDH on Curve P-521
KDF: HKDF-SHA256
Symmetric encryption: AES-256-GCM		 Yes Yes Yes Yes Yes Yes Yes Yes No Yes Yes No No Centralized Amazon No Yes USA Amazon / CIA Custom passphrase after app start Yes No Yes Yes Yes Yes No Yes Yes Yes No No Yes Yes Yes Yes Only contacts None — —
Wire Basic Free GitHub GPLv3 No App Store, Play Store, Website Yes Email Yes 0 2014 2018 2017 Yes Yes Yes Yes Yes Yes Proteus Elliptic curve: Curve25519
Stream cipher: ChaCha20
MAC: HMAC-SHA256
KDF: HKDF		 Yes Yes Yes Yes Yes Yes Yes Yes Yes No Yes
(if previously verified)		 Yes No No No Centralized Amazon Yes Yes Germany USA Janus Friis, Iconical, Zeta Holdings (Luxembourg), Morpheus Ventures (Los Angeles) Android: custom passphrase after app start
iOS: Touch ID or passphrase		 No — — Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Locally No Only iOS