Secure launches metadata‑resistant iOS beta

A messaging app can hide what you say and still expose who you talk to, when you talk, and from where. Secure says its new iPhone beta is built to cut that trail by removing app-run servers from the middle. (securelegion.org) Secure describes its system as “serverless” peer-to-peer messaging over the Tor network, with identities created locally on the device instead of through a phone number or email sign-up. The company’s site says messages are end-to-end encrypted, keys stay on the device, and “no central authority” can read or revoke communications. (securelegion.org) On its website, Secure says contact exchange happens through rotating QR codes and short-lived PINs, and that each PIN expires after five uses or 24 hours. The same page says message transport uses Tor, while message content uses XChaCha20-Poly1305 encryption and local storage uses SQLCipher with Advanced Encryption Standard 256-bit encryption. (securelegion.org) Metadata is the information around a message rather than the message itself: your contact graph, timing, frequency, and internet address. Secure’s GitHub profile says that is the data it is trying to hide, arguing that conventional encrypted messengers still leave servers able to see communication patterns. (github.com) Secure is also pitching post-quantum cryptography, which means using newer math meant to resist future attacks from quantum computers as well as today’s machines. Its documentation says the app combines X25519 with the National Institute of Standards and Technology’s standardized ML-KEM, also known as Kyber, so a session stays protected if either scheme holds up. (github.com) (securelegion.org) That design puts Secure in a crowded privacy market where rivals have already made metadata protection a selling point. SimpleX says it protects “who you talk to and when,” and Berty describes itself as a peer-to-peer, zero-trust messenger that works without trusting the network. (github.com 1) (github.com 2) Secure’s public materials still show a gap between the iPhone announcement and broader availability. The download page lists Android beta 2.0.9 as available now, while iPhone, Windows, macOS, Linux, Google Play, and F-Droid are all marked “Coming Soon.” (securelegion.org) Its Android repository also shows the project is still early. GitHub lists 18 stars, 92 commits, and recent fixes for duplicate friend requests, delivery indicators, and out-of-order decryption, all signs of software still being actively tested rather than a finished consumer release. (github.com) For iPhone users, the immediate takeaway is narrower than the marketing pitch: Secure is offering a beta for a messenger that says it wants to hide not just message contents but the surrounding data trail. Whether that model can scale on Apple devices will become clearer if the iPhone build moves from beta access to the public download page now labeled “Coming Soon.” (securelegion.org)