Security you can trust
LEWO protects your privacy with end-to-end encryption. Your messages, calls, and files are encrypted on your device—only you and the recipient can access them.
End-to-End Encryption
When you send a message on LEWO, it's encrypted on your device before it leaves. It stays encrypted while traveling through our servers and is only decrypted on the recipient's device. No one else—not even LEWO—can read your messages.
How it works
LEWO uses the Signal Protocol with Sealed Sender—your message is wrapped in an encrypted envelope that hides even who sent it. Our servers relay the sealed envelope without knowing the sender. Your encryption keys never leave your device.
What we can't see
We cannot read your message content, see your photos or files, see who sent a message during relay, or listen to your calls. Your private conversations stay private.
What's encrypted
Private messages
Group messages
Channel broadcasts
Voice and video calls
Photos, videos, and files
Voice messages
Location sharing
Business conversations
Zero-content storage
When you're both online, messages relay directly—nothing touches our database. If the recipient is offline, we hold the encrypted envelope temporarily and delete it immediately after delivery.
Pure relay when online
Real-time messages pass through our servers without being stored. The content field is NULL in our database—we never save your messages.
Offline? Temporarily queued, then deleted
If your recipient is offline, we temporarily hold the encrypted message. Once delivered, it's immediately deleted. We can never read it—only the recipient's device can decrypt it.
Security beyond encryption
We implement multiple layers of protection to keep your data safe from sophisticated attacks.
Hardware-Backed Keys
Your encryption keys are stored in iOS Keychain or Android Keystore—protected by your device's secure hardware. Keys never exist in plain memory.
Multi-Device Security
Each device has its own identity keys. Verify devices via fingerprint comparison. Revoke compromised devices instantly with automatic key rotation.
Disappearing Messages
Set messages to auto-delete after 24 hours, 7 days, or 90 days. Messages are removed from both sender and recipient devices.
Encrypted Backups
Backup your messages with a password. Backups are encrypted with Argon2id—a memory-hard algorithm resistant to GPU cracking attacks.
Device Integrity
We detect jailbroken/rooted devices and hooking frameworks like Frida. Compromised devices get security warnings to protect your conversations.
Certificate Pinning (Roadmap)
We've implemented SSL certificate pinning infrastructure to prevent MITM attacks. Currently disabled while we resolve native platform issues—activation planned in upcoming releases.
Attack Mitigations
Our cryptographic implementation includes defenses against known attack vectors, ensuring your messages remain secure even under sophisticated threats.
Constant-time comparisons prevent timing attacks
Message counters and timestamps block replay attacks
Messages padded to 1KB blocks resist traffic analysis
24-hour message age limit prevents delayed attacks
Ed25519 signatures authenticate every message
Cryptographic Primitives
XChaCha20-Poly1305
256-bit key, 192-bit nonce—nonce-misuse resistantEd25519
Digital signatures for message authenticationX25519
Elliptic curve Diffie-Hellman key agreementBLAKE2b
Fast cryptographic hashing and key derivationFuture-Ready Encryption
Our algorithm versioning system allows seamless upgrades. We're preparing for post-quantum cryptography while maintaining current security.
AES-GCM
Legacy support for older devices
XChaCha20-Poly1305
Current standard—faster and more secure
Post-Quantum (Planned)
ML-KEM/Kyber hybrid for quantum resistance
For security researchers
Want to learn more about our encryption implementation? Our technical documentation covers protocols, algorithms, and architecture.
Read documentation