Building a Zero-Knowledge messenger. Need help with Mobile App and UI.

Posted by Icy_Cryptographer566@reddit | learnprogramming | View on Reddit | 7 comments

Hi everyone,

I’m working on a messaging project where privacy is handled by the architecture, not just a promise. It’s a Zero-Knowledge system where the server is completely "blind."

The Architecture:

The server stores only encrypted payloads and public keys.
Private keys stay locally on the user's device.
Decryption happens in the browser/app. No key, no message.

What I need help with:

Mobile Clients: I need to build a native-feeling app (Android/iOS) so users can use the messaging system and manage their private keys directly on their phones.
UI/UX: The chat interface needs work, and I need to make the "key management" process (generating, backing up, and importing keys) much more intuitive for regular users.

The goal is to keep this open-source and free to use. If you are a mobile dev (Flutter/React Native) or a UI/UX designer interested in privacy-first tools, I’d love to hear your feedback or have you on board.

[-]

ToughInternal1580@reddit

This sounds really interesting. For mobile I would probably go with React Native if you want faster cross-platform development, or Flutter if you want more control over the UI and animations.

For the key management UX, I think the biggest challenge is making it feel safe without overwhelming normal users. You could make onboarding more guided:

Generate keys automatically on first launch
Let users back up with a recovery phrase plus encrypted cloud backup
Use Face ID / fingerprint to unlock the local private key
Add very clear warnings before deleting keys or logging out
Show simple privacy indicators like “Only you can read this message” instead of technical encryption terms everywhere

For the chat UI, maybe keep it very familiar like Signal or Telegram so users do not have to learn a completely new experience. The privacy-first architecture is already unique enough.

Also, if the server only stores encrypted payloads and public keys, you may want to think carefully about: - Metadata leakage (timestamps, IPs, contact graphs) - Multi-device sync - Key recovery if someone loses their phone - Group chats and key rotation - Push notifications without exposing message contents

Really cool project though. Open-source privacy tools are definitely needed.

[-]

rishika2005@reddit

This sounds like an awesome project! For the key management, have you looked into how Signal or Session handles their "account recovery" phrases? It’s probably the best way to keep it intuitive for non-tech users while keeping the keys local. Would love to see the GitHub repo if it’s live!

[-]

Icy_Cryptographer566@reddit (OP)

Thanks! I’m actually looking closely at Session’s approach with mnemonic phrases it seems like the most user-friendly way to handle keys without involving a central server. My vision for this project is to give the user total sovereignty: 1. Encrypted Backups: Users will be able to download an encrypted file of their keys (password-protected) for easy recovery. 2. Total Freedom: You can generate new keys at any moment, upload existing ones, or bring your own keys generated elsewhere. 3. Privacy First: Of course, the trade-off is clear if you rotate your keys, you lose access to old conversations, which is the ultimate proof that the server isn't storing any backdoors.

Regarding the GitHub repo: I haven't flipped it to public just yet. I want to make sure the first version is stable, optimized, and has all the core security logic well-documented before I release it to the world. I’m a big believer in 'first impressions matter,' especially when it comes to security tools. I'll definitely ping you once the repo is live for a technical review! Thanks for the support.

[-]

rishika2005@reddit

It seems like you have used AI to generate reply back

[-]

Icy_Cryptographer566@reddit (OP)

Yes I did 😅 because I want to respond in English explaining the project in the best way possible whit out missing details

[-]

token-tensor@reddit

for key management UX, look at how Signal handles backup - they make it feel almost invisible to the user. that's the bar you want to hit for non-technical folks.

[-]

Icy_Cryptographer566@reddit (OP)

That’s a great point. Signal’s 'invisible' approach is definitely the benchmark for mainstream UX. However, for this project, I want to prioritize total user freedom and transparency. My current plan is to offer a few different ways to manage identity: 1. Encrypted Key Export: Users can download an encrypted file (protected by a password) that they can store safely and re-import whenever they need to. 2. Total Flexibility: Users can generate new keys at any time, upload existing ones, or even bring their own keys generated offline. I want the management to be completely in the user's hands. 3. The 'Vault' Trade-off: The system will be clear about the consequences if you switch to a new set of keys, you lose access to past conversations (since they were encrypted with the old ones). I'm trying to find a middle ground where I can provide a 'recovery file' or a seed phrase to make it easier for non-tech users, without the server ever touching or seeing the private data. Thanks for the feedback, it's helping me refine the onboarding flow!