“Super secure” messaging app leaks everyone's phone number

Neither of us had prior experience developing mobile apps, but we thought, “Hey, we’re both smart. This shouldn’t be too difficult.”

Freedom Chat CEO Tanner Haas

Once upon a time, in the distant memory that is 2023, a new instant messaging app called Converso was launched. Converso made some pretty impressive claims about its security: it claimed to implement state of the art end-to-end encryption, to collect no metadata, and to use a decentralized architecture that involved no servers at all. Unfortunately, security researcher crnković did some basic reverse engineering and traffic analysis and found all of these claims to be completely baseless, with Converso collecting plenty of metadata on every message and using a third-party E2EE provider to store messages on bog standard centralized servers. Even more unfortunately, crnković also found that Converso implemented the (perfectly functional if used properly) Seald E2EE service in such a way that encrypted messages’ keys could be derived from publicly available information, and also uploaded a copy of every encrypted message to an open Firebase bucket, meaning every message ever sent on the service could be trivially read by anyone with an Internet connection. After being informed of the vulnerabilities, Converso initially released an update claiming to fix them, then withdrew from the App Store and Google Play to “address and improve the issues.”

Not one to give up after a setback, Converso CEO Tanner Haas took a break from self-publishing books on how to achieve and receive anything you want to regroup and relaunch, as well as to bless the world with a lessons learned blog post describing his decision to rebrand after realizing that “privacy concerns were primarily coming from conservative circles,” and imparting nuggets of wisdom such as “accept criticism and get better: don’t complain” and “ensure the product has been thoroughly tested and is ready for prime-time.” Presumably he hadn’t learned the first one yet when he responded to crnković’s responsible disclosure with vague legal threats and accusations of being a Signal shill. Let’s see how the second is going.

Part 0: Setup#

As usual, I start out by downloading the app from Google Play and running it while monitoring traffic with HTTP Toolkit. I quickly ran into Freedom Chat’s first security feature: as detailed on their website, the app “prevent[s] screenshots and screen recordings entirely with built-in screenshot protection,” perhaps to accomodate conservatives’ complicated relationship with screenshots. Screenshots aren’t really crucial to anything being discussed here, but I like to provide only the best blog posts to my tens of readers, so let’s hook the app with Frida and disable the FLAG_SECURE attribute. With that out of the way, the signup process works as expected for an instant messaging app - we type in a phone number, get texted a 2FA code, and enter it to create an account. We’re asked whether we want to create a PIN, which is apparently optional to log in on my own phone and required if we want to restore our account on another device, then get to the main UI of the app. There are two main features here: a Chat pane where we can start chats with contacts, and a Channels pane where we can subscribe to user-run microblogging channels à la Telegram.

Part 1: Exploration#

Let’s start out with the basics and have a conversation with a second account. Sending a text message triggers the following exchange:

/message request METHOD: POST URL: https://eagle.freedomchat.com/message User-Agent: okhttp/4.12.0 Accept: application/json, text/plain, */* Accept-Encoding: gzip Content-Type: application/json Authorization: Bearer Connection: keep-alive { "sendId": "bdbf9ef7-aaca-4a57-8c4e-5fe978205299", "type": "text", "files": [], "isEncrypted": true, "createdAt": "2025-11-20T21:12:09.180Z", "chatId": "64b9a972-4232-4026-a037-8848909b264d", "content": "{\"sessionId\":\"5900c62e-8819-43d7-a6fe-a1745c425bf3\",\"data\":\"5wNaCjU3Y0XOvwA9eCuejjJrxRGFNhr+dlnkmeWQcqpxPyfeueVlfVUihifjG33q5HrMMT4ex85c9W4iZcNziXPvVtrs1VrEW2ZWonccOdmXB91ONgLuG0fRjGoc3IFN\"}" } STATUS: 201 CREATED { "message": { "id": "f1e3a08a-fc8f-4268-b6a8-36ab6abc0464", "content": "{\"sessionId\":\"5900c62e-8819-43d7-a6fe-a1745c425bf3\",\"data\":\"5wNaCjU3Y0XOvwA9eCuejjJrxRGFNhr+dlnkmeWQcqpxPyfeueVlfVUihifjG33q5HrMMT4ex85c9W4iZcNziXPvVtrs1VrEW2ZWonccOdmXB91ONgLuG0fRjGoc3IFN\"}", "user": { "uid": "0a0d27ff-9c3e-46f6-a3e3-a22ebaedfac6", "userName": null, "phoneNumber": "+13322699625", "isBlocked": false, "sealdKey": "180cc149-5bc6-406b-b32e-4afaadff2f47", "keyChangedAt": "2025-11-20T21:06:31.308Z", "createdAt": "2025-11-20T21:06:07.041Z", "updatedAt": "2025-11-20T21:06:31.311Z" }, "role": "user", "type": "text", "sendId": "bdbf9ef7-aaca-4a57-8c4e-5fe978205299", "chatId": "64b9a972-4232-4026-a037-8848909b264d", "channelId": null, "erased": false, "isEdited": false, "isEncrypted": true, "parent": null, "selfDestructInSec": null, "destructAt": null, "createdAt": "2025-11-20T21:12:09.180Z", "updatedAt": "2025-11-20T21:12:12.638Z", "updateAction": "insert", "updateItem": "message", "updateValue": null, "updateUserId": "0a0d27ff-9c3e-46f6-a3e3-a22ebaedfac6", "statuses": [ { "id": "4a1217f4-ab16-4f63-964d-4afd5cdd6b86", "recipient": { "uid": "0a0d27ff-9c3e-46f6-a3e3-a22ebaedfac6", "userName": null, "phoneNumber": "+13322699625", "isBlocked": false, "sealdKey": "180cc149-5bc6-406b-b32e-4afaadff2f47", "keyChangedAt": "2025-11-20T21:06:31.308Z", "createdAt": "2025-11-20T21:06:07.041Z", "updatedAt": "2025-11-20T21:06:31.311Z" }, "recipientId": "0a0d27ff-9c3e-46f6-a3e3-a22ebaedfac6", "delivered": false, "deliveredAt": null, "read": false, "readAt": null }, { "id": "3e6a8549-c2f7-41ca-8acc-3baa7fc51457", "recipient": { "uid": "5414cf2c-3f03-46b2-aa16-9e322359cafb", "userName": null, "phoneNumber": "+13095416781", "isBlocked": false, "sealdKey": "c1d370b9-2323-456d-b4ce-eac3e30014e2", "keyChangedAt": "2025-11-20T19:59:10.095Z", "createdAt": "2025-11-20T19:58:00.462Z", "updatedAt": "2025-11-20T20:59:02.686Z" }, "recipientId": "5414cf2c-3f03-46b2-aa16-9e322359cafb", "delivered": true, "deliveredAt": null, "read": false, "readAt": null } ] }, "assets": [] }

This is the encrypted and Base64-encoded text we sent, along with some metadata for things like read receipts and editing and the identifiers needed for decryption (they’re using the same Seald backend that Converso had, without uploading everything to Firebase this time). Sending a photo and a voice message yields similar results. While verifying that they’re using Seald properly this time would require painstakingly decompiling and reverse engineering React Native’s Hermes VM bytecode, at a high level this seems fine. Let’s move on to the Channels feature. When we open the tab, we see that we’ve already been added to a Freedom Chat channel, which mostly posts about updates to the app and related media coverage.

... continue reading