blue_ghost logo

blue_ghost

Bluetooth‑Only Encrypted Messenger

// offline · encrypted · serverless

blue_ghost is a free, ad-free Bluetooth-only encrypted messaging app built for hostile, offline, and infrastructure‑denied environments. It uses no servers, no internet, and no cloud. All communication is direct, device‑to‑device over Bluetooth Low Energy — and leaves no trace.

What blue_ghost doesn't do — and why

No Wi‑Fi or Internet — Any network stack beyond Bluetooth dramatically increases exposure to remote attacks, metadata leaks, and traffic correlation. Staying offline keeps your device unreachable and your conversations unobservable.
No Autocorrect or Predictive Text — Modern keyboards send text to external services, maintain local corpora, and log input patterns. Disabling autocorrect prevents keystroke harvesting, model‑training leakage, and injection‑based exploits.
No File or Image Transfer — Files are one of the most common malware vectors. Even images can carry payloads (EXIF data, steganography, malformed decoders). Removing file transfer eliminates an entire class of exploits.
No Voice Messages — Audio requires microphone access, background processing, and codec parsing — all of which expand the attack surface and introduce fingerprinting risks. blue_ghost avoids this by design.

Every omission is intentional. Fewer features = fewer vulnerabilities. blue_ghost keeps communication simple, local, encrypted, and private — exactly as a secure offline messenger should.

256 AES-GCM bit key
0 Servers contacted
0 Internet permissions
P-256 Hardware-backed keys

App Gallery

blue_ghost feature graphic

// tap & hold any message to temporarily reveal it

Core Principles

📡
Bluetooth Only No Wi‑Fi, no cellular. Short-range, infrastructure-free communication that cannot reach the internet.
🔒
End-to-End Encrypted Ephemeral ECDH handshake + Double Ratchet + AES‑256‑GCM. Fresh key on every message.
🚫
Minimal Persistence Session keys, ratchet state, and message history never survive a session end.
🔑
Hardware Keys Identity keys generated and locked inside Android's Trusted Execution Environment. Never extracted.
👻
No Accounts No phone numbers, no usernames, no email addresses. No registration of any kind.
🧹
Seal Ceremony Secure teardown destroys all session keys, chain state, and message history on exit.

Who It's For

Anyone who needs secure, offline, device‑to‑device communication — from journalists, activists, and security researchers, to field teams operating in infrastructure-denied environments, to people who simply want conversations that don't live forever.

See the full audience breakdown in the FAQ.