Chat Hoarding app holds three things you care about: your WhatsApp message content, your encryption key, and your purchase identity. Here is where each lives, what touches it, and how to verify those claims.
Cryptography
Crypt15 backups are decrypted with AES-256-GCM (Apple's CryptoKit). The 32-byte root key derives from your 64-digit hex string via an HMAC-SHA256-based key derivation (the `encryptionLoop` construction from wa-crypt-tools, info string 'backup encryption'). It is not standard HKDF; it matches WhatsApp's Android client byte-for-byte so the same key the phone uses unlocks the archive. The GCM authentication tag is verified before any plaintext is written to disk, so invalid keys fail loud and never produce partial output.
Network surface
Android companion: zero. No INTERNET permission in AndroidManifest.xml. Mac app: four endpoints. (1) /api/licenses/auth/request-otp, (2) /api/licenses/auth/activate, (3) /api/licenses/auth/validate (email + device fingerprint), (4) signed update feed at chathoarding.app/appcast.xml. Plus the DMG download endpoint when you opt to update.
Update integrity
EdDSA-signed (Ed25519) update feed. The public key is baked into Chat Hoarding for Mac at compile time. The app refuses to install an update without a matching signature, even if the feed XML were swapped at the CDN.
Code signing
macOS DMG is Developer-ID signed and notarized by Apple. The Android APK is signed with our keystore; we publish the SHA-256 of the signing certificate so you can verify any APK you find against the canonical signature.
Build reproducibility
Mac builds are checked-in via xcodegen + Swift Package Manager pinned versions. Android via Gradle wrapper-pinned AGP and a checked-in lockfile. A clean clone of the repo + the same Xcode/Android Studio versions reproduces a bitwise-identical app (modulo the embedded signing cert).
At-rest archive encryption (roadmap)
v1.0 will optionally wrap .tarc bundles with age (X25519 + ChaCha20-Poly1305 + scrypt) using a passphrase you set at create time. Until then, .tarc files are unencrypted on disk; rely on FileVault and Keychain-protected backups.
Responsible disclosure
Email [email protected] with subject "Security disclosure". We acknowledge within 72 hours and credit you in the next release notes (or keep it private, your call). We do not yet run a paid bounty program; we do offer free lifetime licenses for disclosures we ship a fix for.
