Air-gapped, end-to-end encrypted offline messenger for Android.
Monolith is designed for environments that demand resistance against high level threat actors. Communication happens exclusively through QR codes. The application requires no network access of any kind.
For the full architecture and threat model, see the Monolith Whitepaper.
See monolith-sec.com.
- Android SDK with compile SDK 36, min SDK 33
- NDK 27.0.12077973 (LTS)
- CMake 3.22.1
- Target ABI:
arm64-v8aonly - Device with TEE or StrongBox hardware-backed key storage
./gradlew assembleDebug # Build debug APK
./gradlew assembleRelease # Build release APK
./gradlew installDebug # Install on connected device
./gradlew test # Run local unit tests
./gradlew connectedAndroidTest # Run instrumented tests (device required)
./gradlew detekt # Static analysis| Layer | Location | Purpose |
|---|---|---|
| Presentation | app/src/main/java/com/monolith/app/ui/ |
Jetpack Compose, single-activity navigation |
| Cryptography | app/src/main/java/com/monolith/app/crypto/ |
Identity keys, database wrapping, JNI bridge |
| Data | app/src/main/java/com/monolith/app/data/ |
Room database with SQLCipher encryption |
| Native | app/src/main/cpp/ |
libsodium-based hybrid encryption (X25519 + ChaCha20-Poly1305) |
For details on each layer, the cryptographic primitives, and the full threat model, refer to the Whitepaper.
If you discover a security vulnerability, please follow the procedure described in SECURITY.md. Do not file public GitHub issues for security-related bugs.
Copyright © 2026 Monolith Security Solutions (Aron Basalt). All rights reserved.
This repository is published for transparency and independent review. No license is granted to use, modify, distribute the source code or any derivative works. All rights are reserved by the copyright holder.