PQChat is a free private messaging app for iPhone (Android version coming soon), protecting data with the McEliece cryptosystem and a propietary Never-The-Same encryption algorithm from SRD Wireless, a UK company.
The app stores minimal user information, everything is encrypted before leaving the device. The user’s phone number, nickname and ID-image are stored as one way hash values, the app masterpassword and a 5 digit alphanumeric PIN are set by the user, PQChat developers don’t know what they are or read your data, if you lose your masterpassword you will lock yourself out of your account for ever, there is no backdoor.
User authentication to establish a video call or send a text message to one of your contacts employs PQChat own Man At The End patented algorithm.
The user keeps total control over the messages he sends, first by encrypting them on the phone, secondly by being able to remotely delete the messages from the server or set a timer for automatic erasing. You are protected from wire-tapping with a single use encryption algorithm, akin to perfect forward privacy. Deleting the encrypted messages strengthens your security by stopping future attempts to break the cipher and it can help you when sending a message to the wrong contact.
This is a zero knowledge app being marketed as resistant to quantum computer cipher breaking, with PQChat standing for Post-Quantum Chat. The company claims that most standard encryption will be broken in the future with yet to be made Quantum computers.
The app includes a personal locker where to store encrypted passwords and bank details, it is doubtless a much better option than WhatsApp and other popular insecure messaging apps but you need to trust that the closed source encryption algorithm is safe and as usual in this kind of apps, the receiver and the sender both need to have the app installed to be able to communicate.
If it worries you that this is a UK company that could be forced to spy on you by blanket surveillance government order, PQChat developers acknowledge that will have to comply with authorities requests to monitor a user but since they are unable to decrypt messages there wouldn’t be much they can provide.