Frequently asked questions

Yes, permanently. No subscriptions, no in-app purchases, no ads, and no data selling. It isn't a product — it's a tool.

None. Your identity is a cryptographic key pair generated on your device the first time you open the app. There's nothing to sign up for and nothing that ties the app to who you are.

Not yet. Aurora is Android-only for now (Android 10+), installed by sideloading the APK — see Install.

It's an early, experimental build. The cryptography, pairing, messaging, media, and calls all work, but it isn't performance-optimized, the database format can still change between versions, and it hasn't had an independent security audit. Use it to try things and give feedback — don't yet rely on it for life-and-death situations.

A fair question — and one that came up a lot. Aurora isn't trying to replace Signal for everyone. The difference is architectural: most "encrypted" apps still route every message through a company's server (the content is encrypted, but the server is always in the path — metadata, legal exposure, and trust delegated to a corporation). Aurora keeps no server in the path at all — messages go directly phone-to-phone, with no account, no phone number, and hybrid post-quantum encryption. It's a focused, person-to-person tool from a solo open-source developer. Honestly, it's also pre-alpha and unaudited where Signal is mature and audited — so use whatever fits your threat model.

Anyone who wants a conversation to stay strictly between two people — partners, family, close friends. It's deliberately one-to-one, which is part of what keeps it simple and private; you can't run a large group on it. (A mesh / onion-routing layer is on the roadmap, but the core will stay person-to-person.)

No catch. Aurora is open source (AGPL-3.0) and there's nothing to monetize — no ads, no data selling, no premium tier. It was built solo with AI assistance, which is what made a one-person project of this size feasible. The code is on GitHub for anyone to read and verify.

No, and not by policy but by design. Messages are end-to-end encrypted on your device and travel directly to the recipient. No server, including ours, is ever in the path of a message, so there is nothing for us to read or hand over.

Only that a device is reachable. To wake your phone when a message is waiting, the rendezvous server keeps a 15-minute record of your anonymous Node ID and IP address and no logs. It never sees your messages, your media, or who you talk to. Full detail on the Security page.

A future quantum computer could break the encryption most apps use today — and an attacker can record your traffic now to decrypt it later ("harvest now, decrypt later"). Aurora pairs today's proven algorithms with new post-quantum ones (Kyber-1024, Dilithium-3), so an attacker must defeat both.

Not yet. It's fully open source and built from standard primitives, and the full threat model and crypto spec are public for review. Until a third-party audit happens, treat it accordingly.

We can only provide what exists: anonymous Node IDs and temporarily cached IP addresses that expire automatically. There is no message content, no identity, and no history to surrender, because none of it exists on our side.

Message content is encrypted on your device and decrypted only on the recipient's — no server, ISP, or DNS provider ever sees the plaintext. What your ISP can see is ordinary network metadata: that your phone connects to the rendezvous server, and the IP/timing of a connection — never what's inside. Aurora minimizes metadata (no account, 15-minute no-log IP records, decoy lookups), but it doesn't claim to hide from your ISP that you're online. Full picture in the threat model.

Your keys are generated on your device the first time you open Aurora — a hybrid post-quantum key pair (Kyber-1024 + X25519 for key exchange, Dilithium-3 + Ed25519 for signatures) — and held in the hardware-backed Keystore. For the verbose version (exact primitives, byte formats, KDF labels, the PQXDH handshake and ratchet) see the cryptographic specification and the Security page.

One of you shows a QR code and the other scans it; you each then confirm a short code shown on the other's screen. Scanning in person is strongest, but the code can also be shared as an image. Step-by-step on the Install page.

Yes — send your QR code image to them and they scan it. The pairing handshake travels through the shared rendezvous server, so it works across networks. Both phones need to be online, and both should grant notifications and background permission so the request comes through. (An in-person scan is still the most tamper-proof option.)

Your data is encrypted with a key held in the phone's hardware Keystore. You can set a decoy PIN that opens an empty-looking app, or an optional duress wipe that destroys the keys instantly. An encrypted, passphrase-protected backup lets you move to a new phone — only you hold the passphrase.

Not currently — Aurora is strictly two-party, with one device per identity. Group messaging and multi-device are possible future work, not today's scope.

Usually it's connectivity or permissions on the other device. See the Install & troubleshooting page for the common fixes.

A small rendezvous server keeps a temporary map of your anonymous Node ID to your current IP address (15 minutes, no logs). To reach someone, your phone looks up their current address there and then connects directly. If your IP changes, your device just checks in again and the other side re-looks-up the new address — the conversation continues without you noticing.

Close. For video calls Aurora uses WebRTC, and the rendezvous handles the signaling side. For messages it's simpler — it only maps Node ID to IP so two phones can find each other, then steps out of the way while they connect directly.

Yes — the app and the rendezvous server are licensed under the GNU AGPL-3.0. Read, audit, and run it yourself on GitHub.

Yes. The rendezvous server is a small, dependency-free Node.js program in the repo (rendezvous-server/). Because of the AGPL, anyone running a modified server must publish their changes, and each server exposes a source link.

An optional relay network you can opt into for extra metadata privacy — it routes your traffic through a peer hop, and your device helps relay encrypted fragments for others (which it can never read). It's off by default, and Aurora works fully without it.