Signet
New: Opt-in Debug Logging (Settings). Off by default. If you hit a
bug, turn it on, reproduce it, then Export to send us a diagnostic
log. Secrets are removed and your contacts' names become anonymous
tags like before anything leaves your phone. It auto-erases
after 24 hours, and a banner shows whenever it's recording.
Each paired contact generates a rotating 4-word phrase that only the real person's phone can produce. You ask her to read her phrase aloud; you type what you hear. Green banner: verified. Red banner: something's wrong — hang up and call her back on a number you already trust.
Signet works over any channel. Voice calls, video calls, text, email, in person. The only requirement is that the two of you paired once, in person or over a trusted channel, before the crisis.
Built for a world where AI voice cloning is commodity. Defends against:
* Real-time voice and video deepfakes
* Pre-recorded deepfake voicemails
* Vishing using scraped biographical knowledge
* Compromised messaging accounts where the attacker has chat history but not the paired device
* SIM swaps
* Reflection attacks: the rotating code is direction-aware, so an attacker echoing your own phrase back at you fails
Core properties:
* No server. No cloud. No account. No INTERNET permission.
* No telemetry. No analytics. No ads.
* Hardware-backed secrets via Android Keystore, StrongBox when available.
* Offline-first; airplane mode does not affect any flow.
* RFC-validated crypto (X25519, HKDF-SHA-256, AES-256-GCM, BIP-39).
* Open source, AGPL-3.0.
v0.3 includes in-person pairing, long-distance pairing, lost-phone recovery via paper or file, multi-relationship storage, in-person rekey, bulk backup (every paired relationship in one encrypted file with a single 8-word unlock), a printable challenge-response grid for when the other side can't reach their phone, liveness prompts for video calls, and screenshot blocking on sensitive screens.
Not included: duress codes (gated on an abuse-analysis pass), account recovery (there is no account), cloud backup (out of scope forever).
捐赠
版本
尽管下面提供了 APK 安装包的下载选项,但你应该注意,以这种方式安装将不会收到更新通知,这是一种不太安全的下载方式。 我们建议你安装使用 F-Droid 客户端。
下载 F-Droid-
x86_64该版本需要 Android 9.0 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。
-
arm64-v8a该版本需要 Android 9.0 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。
-
armeabi-v7a该版本需要 Android 9.0 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。
-
x86_64该版本需要 Android 9.0 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。
-
arm64-v8a该版本需要 Android 9.0 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。
-
armeabi-v7a该版本需要 Android 9.0 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。
-
x86_64该版本需要 Android 9.0 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。
-
arm64-v8a该版本需要 Android 9.0 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。
-
armeabi-v7a该版本需要 Android 9.0 及以上版本。
此安装包由 F-Droid 构建并签名,且保证与此源代码 tarball 保持一致。
Fixed: About screen now shows the actual installed version
(previously stuck on a hardcoded "v0.2.0-alpha" string that
never got bumped through several releases).
Privacy policy updated to accurately describe the in-app
crash-report flow added in v0.3.4 — your crash data still stays
on your phone until you tap "Send".
New: in-app crash reporter. If the app crashes, the next launch
offers to file a pre-filled GitHub Issue with the stack trace.
Cryptographic material (paired secrets, verify codes, backup
payloads, contact labels) is redacted on-device before anything
leaves your phone. No in-process network — "File issue" opens
your OS browser.
Fixed: in-person pairing deadlock (#1). Both devices now wait for
both scan + show before advancing to verification.







