Is the Bitchat App Really Secure? What You Should Know About Jack Dorsey's New Messaging Platform
In July 2025, Twitter co-founder and Block CEO Jack Dorsey introduced Bitchat, a new open-source messaging app claiming to offer truly “secure” and “private” communication. Built to operate without centralized servers, the app uses Bluetooth and end-to-end encryption to enable decentralized messaging, positioning itself as an alternative to traditional apps like WhatsApp and Signal. But despite these bold claims, security researchers are raising critical concerns. And even Dorsey himself admits that the Bitchat app security has not been externally reviewed—prompting users and developers alike to question whether it can be trusted.
Image Credits:Eva Marie Uzcategui/Bloomberg / Getty Images
Bitchat App Security Features and Its Decentralized Promise
At its core, Bitchat is designed to function independently of the internet, making it appealing for people in high-risk areas where networks are unreliable or monitored. According to its white paper, the app is meant to prioritize user privacy and safety. Instead of relying on cloud-based infrastructure, Bitchat enables device-to-device messaging using Bluetooth, which theoretically prevents third parties from intercepting messages. This decentralized model, coupled with end-to-end encryption, is a compelling concept in today’s surveillance-heavy digital environment.
However, promising as this sounds, Bitchat app security relies heavily on the assumption that its encryption methods are implemented correctly. Unlike platforms such as Signal or Matrix that have undergone multiple third-party audits and years of battle-testing, Bitchat is still in its infancy. Without public vetting, any claims about its security remain just that—claims. Security experts warn that decentralization alone does not equal safety, especially when identity verification is poorly implemented.
Security Flaws and Identity Spoofing Risks in Bitchat
Despite its branding as a “secure” app, Dorsey’s own disclaimer on the app’s GitHub page clearly states: “This software has not received external security review… do not rely on its security whatsoever.” This candid admission underscores a key issue—the app is currently not safe for production use. Even more alarming, the app launched before this disclaimer was added, potentially misleading early users.
Soon after launch, independent researcher Alex Radocea published a detailed analysis revealing a major vulnerability: Bitchat’s identity authentication is fundamentally broken. An attacker can impersonate another user by hijacking their identity key and peer ID, tricking contacts into believing they are communicating with someone they trust. Bitchat’s “Favorite” contacts feature—marked with a star to indicate trust—is supposed to prevent impersonation. But with no cryptographic proof of identity built into the system, this mechanism fails to offer meaningful protection. The implication? Sensitive conversations could be intercepted without users realizing it.
Why Caution Is Crucial with New Messaging Apps Like Bitchat
The rush to market with privacy-focused tools often leads to overlooked security basics, and Bitchat app security is the latest cautionary tale. While the vision behind Bitchat—empowering people with decentralized, censorship-resistant communication—is admirable, real-world safety depends on thorough vetting, proper cryptographic practices, and long-term testing. Dorsey’s transparency about the app being a “work in progress” is commendable, but users should heed the warnings and avoid using it for sensitive communications until robust external audits are completed.
This isn’t the first time a high-profile founder has released a privacy app with great ambition but lacking execution. For Bitchat to earn trust, it will need to open itself to scrutiny from the security community and fix critical flaws like identity verification. Until then, alternatives like Signal or Threema—which are open-source, audited, and widely reviewed—remain far safer choices. As always, secure messaging isn’t just about encryption—it’s about trust built through transparency, time, and rigorous testing.
Should You Use Bitchat Right Now?
If you're wondering whether Bitchat is the future of secure messaging, the short answer is: not yet. While the decentralized, Bluetooth-powered concept is innovative, Bitchat app security currently falls short of the high standards required for protecting sensitive communications. Dorsey’s team has signaled that improvements are on the way, but until the app undergoes full independent review and resolves critical vulnerabilities, it’s best approached with caution. In the world of cybersecurity, trust must be earned—not just claimed.
Post a Comment