Messaging app over wifi between iOS and Android Devices

Question

A company I work for has tasked me with creating the iPhone side of their app, as there will also be an Android counterpart. So far, everything has been hunky-dory, but I recently have been told that they're thinking about incorporating "in app messaging", with the main functionality being that people will be able to communicate over wifi rather than cellular service (the app is targeted towards international exchanges).

Now, I imagine that it would be something as basic as what Tinder has implemented, being that you can chat over wifi between iPhone and Android devices in a (relatively) secure manner. Has anyone done something like this before? Any advice about the difficulty or time this would take...or if it's possible?

Thanks!

Answer 1

Basically you need an intermediary server. Each device sends the message to the server, which sends a push notification to the intended recipient, and then the intended recipient downloads the message from the server.

You can use Curve25519 to encrypt the messages if you want privacy, each device generates it's own private key, the public key is sent to the server. Any time you want to send a message to someone you have to download the public key first, and encrypt with that. It's not perfect, but it's the best protection available without significant effort.

There are many open source implementations of Curve25519, including for iOS and Android.

The only security flaw is the server could provide a fake public key. It's hard to workaround that without requiring the user to get directly involved in the encryption process.