Request Beta Access
Source Code

UNDERWORLD RESTRICTED SECURITY MESSENGER

Zero-trust architecture. Hardened by default.

UNDERWORLD is an encrypted Android messenger built for high-risk communication: Tor-only relay routing, device-bound identities, Double Ratchet message encryption, attachment sanitization, decoy relay traffic, no contact upload, no backups, and no plaintext relay.

0

Cloud Backups

100%

Tor Routing

SECURITY VALUE

Engineered without compromise.

We eliminated standard convenience features to close the critical attack vectors that consumer messaging apps routinely leave exposed to network surveillance.

Hardware-Bound Keys

Zero Cloud Trust

Metadata Minimization

Local databases are encrypted using keys tied directly to your Android device's hardware security module.

No remote storage, no backups, and no central servers. If you lose your device, your cryptographic identity is permanently gone.

No contact list uploads, no notification previews, and zero plaintext logs. Your communication metadata never leaves your local database.

Encryption Model

End-to-End Encryption

Double Ratchet Messaging

Conversation keys evolve over time as messages are exchanged, reducing the impact of future key compromise.

Messages use isolated key material so one compromised message does not unnecessarily expose the rest of the conversation.

Cryptographic identity material is generated and stored locally. UNDERWORLD does not use cloud identity recovery as a trust dependency.

Message-Key Isolation

Local Identity Storage

Metadata Defense

Not just encrypted. Sanitized

Attachment Sanitization

Files are processed through a sanitization layer designed to reduce exposed metadata before they are shared.

Notification Privacy

Alerts are kept generic by default to reduce exposed message content outside the encrypted app screen.

No Social Presence Leaks

UNDERWORLD avoids typing indicators, online status, and last-seen markers.

TOR-ONLY ROUTING

Multi-hop cryptographic transit.

01
02
03
04

Local Encryption

Tor Circuit Entry

Zero-Knowledge Relay

Fails Closed Delivery

Messages are sealed locally using X3DH and Double Ratchet protocols before any network transmission begins.

The payload enters a multi-hop Tor circuit directly from your device, masking your IP address and physical location.

The destination relay receives only encrypted ciphertext. It cannot identify the sender, recipient, or message contents.

If a secure Tor circuit cannot be established, the transmission aborts. No fallback to plaintext routing is permitted.

VERIFIABLE TRUTH

Security FAQ

Why Tor-only?

Standard VPNs and HTTPS connections leave metadata exposed to network observers. Tor-only routing hides both your location and your communication graph.

Is there a convenience mode?

No. UNDERWORLD does not support standard push notifications, SMS fallbacks, or unencrypted relays. The system operates strictly in high-security mode.

How is the app audited?

Our entire cryptographic implementation and routing protocols are fully open-source, allowing independent verification and continuous auditing by security researchers.

What is UNDERWORLD?

Does it upload contacts?

Does it support backups?

UNDERWORLD is a restricted-security Android messenger built for high-risk communication. It enforces Tor-only routing and zero-knowledge local storage.

No. Your address book is never uploaded, scanned, or processed. Contact discovery is handled entirely locally using cryptographic hashes.

No. There are no cloud backups or remote recovery keys. Your messages exist solely on your physical device and cannot be recovered if lost.