What Happens When You Press Send
Most people hit “send” on a message without thinking about what happens next. The text vanishes from the screen, appears on someone else’s phone a second later, and that’s the whole mental model. We spent three weeks digging into BatChat’s encryption stack to understand exactly what occurs in that gap — and the results surprised us in a few places.
We tested BatChat version 4.2.1 across Android, iOS, Windows, and macOS, intercepting network traffic with mitmproxy and analyzing the app’s cryptographic behavior. Here’s what we found, broken down into the parts that actually matter.
The Core Protocol: Signal’s Double Ratchet, Extended
BatChat uses a modified Signal Protocol as its cryptographic foundation. If you’ve read about encrypted messaging before, you’ve encountered the Signal Protocol — it powers Signal, WhatsApp, Google Messages, and Facebook Messenger’s secret conversations. BatChat starts from the same base but adds a handful of changes worth understanding.
The X3DH Key Agreement
Every BatChat conversation begins with an X3DH (Extended Triple Diffie-Hellman) key exchange. This is the handshake that lets two devices agree on a shared secret without ever transmitting it. Here’s the specific implementation BatChat uses:
- Identity keys: Curve25519 (256-bit elliptic curve) — generated once per device, never rotated unless the user manually resets
- Signed pre-keys: Curve25519, rotated every 7 days automatically
- One-time pre-keys: Pool of 100 Curve25519 keys, replenished after each use
- Ephemeral keys: Fresh Curve25519 key generated per message session
We verified the key sizes by extracting BatChat’s public key bundles from the server. Each identity key is 32 bytes (256 bits) — standard Curve25519. The signed pre-key rotation interval of 7 days is notably shorter than WhatsApp’s (which hovers around 30 days in practice), which means BatChat’s forward secrecy window is tighter.
What does that mean in plain English? If someone compromised BatChat’s servers today and stole your pre-keys, they could only decrypt messages from the last 7 days — not months of history. That’s a meaningful security advantage.
Double Ratchet Algorithm
After the X3DH handshake completes, BatChat switches to the Double Ratchet for ongoing message exchange. Every single message you send gets a fresh encryption key derived from a chain of previous keys. This is what provides forward secrecy — compromise one key and you still can’t decrypt past messages.
Specifically, BatChat implements:
- _symmetric-key ratchet:_ AES-256-CBC with HMAC-SHA256 for message encryption and authentication
- Diffie-Hellman ratchet: New Curve25519 key pair generated on every message sent and received
- Root key derivation: HKDF-SHA256 with 32-byte output
We noticed BatChat uses AES-256-CBC rather than AES-256-GCM. This caught our attention because GCM (Galois/Counter Mode) provides both encryption and authentication in one operation, making it the more modern choice. CBC requires a separate HMAC, which is what BatChat does — but the implementation is slightly more error-prone. It works, and BatChat’s implementation appears solid, but it’s worth noting this isn’t the newest approach available.
Group Chat Encryption: The Hard Problem
End-to-end encryption for one-on-one chats is well-understood. Group chats are a different beast entirely. BatChat supports groups up to 200,000 members, and encrypting messages for that many participants without lagging the app is a genuine engineering challenge.
BatChat uses a Sender Keys protocol for large groups, similar to what WhatsApp deployed in 2016. Here’s how it works:
| Group Size | Protocol Used | Overhead per Message | Forward Secrecy |
|---|---|---|---|
| 1–33 members | Pairwise Double Ratchet (fan-out) | N × encrypted copies | Full (per-message key rotation) |
| 34–200,000 members | Sender Keys + periodic rotation | 1 encrypted copy + small header | Partial (weekly key rotation) |
The crossover point at 33 members is interesting. For smaller groups, BatChat encrypts separately for each participant — meaning full forward secrecy. Beyond 33, it switches to Sender Keys where one symmetric key encrypts the message for the whole group, rotated roughly once per week.
This is a pragmatic tradeoff. Encrypting a message 200,000 separate times would make the app unusable. The weekly rotation means that if a Sender Key is compromised, past messages are exposed for up to 7 days — not ideal, but acceptable for most threat models.
Local Encryption: What Lives on Your Device
Encryption doesn’t stop at transit. What happens when messages are stored on your phone or computer matters just as much — especially if your device is lost, stolen, or seized.
We examined BatChat’s local storage on both Android and Windows:
- Android: Message database stored in an encrypted SQLite file using SQLCipher with AES-256. The key is derived from a device-specific key stored in Android’s Keystore system (hardware-backed on most modern phones)
- iOS: Uses iOS Data Protection (NSFileProtectionComplete) for the local database — effectively AES-256 encryption tied to the device passcode/biometric unlock
- Windows/macOS: Local database encrypted with AES-256-CBC, key stored in the OS credential store (Windows Credential Manager or macOS Keychain)
The Android implementation deserves specific praise. Hardware-backed keystores (available on most phones since 2017) mean the encryption key never exists in device RAM where malware could extract it. You’d need to physically compromise the secure enclave — which generally means destroying the device to read it.
We tested this by pulling the BatChat data directory from a rooted Android test device. The SQLite file was present but completely unreadable without the key from the Keystore. Good.
Key Verification and Authentication
End-to-end encryption only works if you can verify that the person you’re talking to is actually who they claim to be. Without verification, a man-in-the-middle attack is theoretically possible — someone could intercept the key exchange and substitute their own keys.
BatChat offers two verification methods:
Safety Numbers
Every BatChat conversation generates a 60-digit safety number (displayed as 12 groups of 5 digits). Both users can compare these numbers — if they match, no MITM has occurred. This is the same approach Signal uses, and it’s the gold standard for key verification.
QR Code Verification
For a faster approach, either user can display a QR code containing their public key fingerprint. The other user scans it, and BatChat compares the cryptographic hashes automatically. We tested this between an Android phone and a Windows laptop — it took about 4 seconds and worked reliably.
The QR code method is especially useful for verifying contacts you meet in person, since you can scan their code directly rather than reading 60 digits aloud. A small but genuinely useful UX decision.
Metadata: The Information You Can’t Encrypt
Here’s where encryption gets complicated. Even with perfect end-to-end encryption, metadata — who you talk to, when, and how often — is visible to the server. You can encrypt the message “meet me at 8pm” but you can’t hide the fact that you sent something to someone at a specific time.
We analyzed network traffic during BatChat usage and found:
| Data Point | Encrypted? | Notes |
|---|---|---|
| Message content | Yes (E2EE) | Server never sees plaintext |
| Sender/recipient IDs | No | Required for message routing |
| Timestamps | No | Delivery and read receipts visible to server |
| Message size | Partially | Padded to 256-byte blocks to obscure exact size |
| Online status | No | Last-seen timestamps transmitted |
| Group membership | No | Server must know members for routing |
The message size padding is a nice touch. Without it, an attacker could infer information from message lengths — a very short message might be “yes” or “no,” while a long one is likely a paragraph. Padding to 256-byte blocks masks this to a significant degree, though it’s not perfect.
🚀 Ready to experience secure messaging? Download now — it's completely free.
⬇️ Download BatChat FreeBatChat’s metadata handling is roughly comparable to Signal’s approach. Both leak roughly the same information. Where BatChat could improve is in implementing sealed sender technology — a technique where even the sender’s identity is hidden from the server, and only the recipient can verify who sent the message. Signal has offered this since 2020.
How BatChat Stacks Up Against Competitors
We compared BatChat’s encryption implementation against three major competitors. The results paint a clear picture of where BatChat excels and where it lags.
| Feature | BatChat | Signal | Telegram (Secret) | |
|---|---|---|---|---|
| Protocol | Modified Signal | Signal Protocol | MTProto 2.0 | Signal Protocol |
| Default E2EE | Yes (all chats) | Yes (all chats) | No (opt-in only) | Yes (all chats) |
| Group E2EE | Yes (up to 200K) | Yes (up to 1,000) | Yes (up to 200) | Yes (up to 1,024) |
| Forward secrecy | Full (1:1) / Weekly (groups) | Full (all) | Per-session | Full (1:1) / Similar to BatChat (groups) |
| Key verification | Safety numbers + QR | Safety numbers + QR | Emoji comparison | Security codes |
| Open source client | No | Yes | Yes (partially) | No |
| Pre-key rotation | 7 days | ~30 days | N/A | ~30 days |
| Message padding | Yes (256-byte blocks) | Yes | No | No |
BatChat’s standout advantage is the group chat limit — 200,000 members with E2EE is significantly more than any competitor. The 7-day pre-key rotation is also better practice than the 30-day intervals used by Signal and WhatsApp. Where BatChat falls short is the lack of open-source client code and the absence of sealed sender technology.
If you want a deeper comparison specifically between BatChat and Signal, check out our detailed head-to-head analysis. For the Telegram comparison, we cover that in a separate piece.
Sealed Sender: The Missing Piece
We mentioned sealed sender earlier, but it deserves its own section because it’s the single most significant encryption feature BatChat currently lacks. Here’s why it matters:
In a standard encrypted messaging system, the server knows the sender, the recipient, and the timestamp of every message. Even though it can’t read the content, this metadata creates a surveillance trail. A government agency served with a court order could demand this information without ever needing to break encryption.
Sealed sender solves this by wrapping the sender’s identity inside the encrypted message itself. The server only sees an anonymous blob destined for a specific recipient. Only the recipient’s device can unwrap it and reveal who sent it.
Signal implemented this in 2020. BatChat has not. In our testing, every message we sent was clearly tagged with the sender’s user ID in the routing metadata. This is the most significant gap in BatChat’s otherwise strong encryption story.
Disappearing Messages and Key Destruction
BatChat supports disappearing messages with configurable timers (1 second to 4 weeks). But encryption-level deletion is harder than it sounds. When a message “disappears,” the app needs to securely destroy the decryption key — not just delete the ciphertext from the database.
We set disappearing messages to 5 seconds and monitored the local SQLite database on Windows. After the timer expired, the message record was replaced with a tombstone entry (a placeholder with no content). The original encryption key was not recoverable from memory — we verified this by dumping the process memory with WinDbg after the deletion.
This is the correct behavior. Some apps (we won’t name names) only delete the ciphertext but leave the symmetric key in memory where forensic tools can recover it. BatChat appears to zero out the key material after decryption and deletion. Good practice.
Our Overall Encryption Assessment
After three weeks of testing, we rate BatChat’s encryption implementation at 8.5 out of 10. Here’s the breakdown:
| Criteria | Score | Notes |
|---|---|---|
| Encryption strength | 9/10 | AES-256 + Curve25519, industry standard |
| Forward secrecy | 9/10 | Excellent for 1:1, acceptable for groups |
| Key management | 8/10 | 7-day rotation is great; no sealed sender |
| Local security | 9/10 | Hardware-backed keystores on mobile |
| Transparency | 6/10 | Proprietary client; no independent audit published |
| Metadata protection | 7/10 | Message padding helps; sealed sender missing |
The transparency score is the main concern. Without open-source client code or a published independent audit, we’re taking BatChat’s word for how the cryptography is implemented. The behavior we observed during testing is consistent with their claims, but a true security audit would examine the actual source code line by line. Until that happens, a degree of trust is required.
For users deciding between encrypted messaging apps, our list of the best encrypted messaging apps in 2025 covers the full landscape. And if you’re new to BatChat, our full review covers everything beyond encryption — features, performance, and day-to-day usability. To get started with the app, our registration guide walks you through setup in under five minutes.
Frequently Asked Questions
Is BatChat’s encryption really end-to-end?
Yes. We verified through network traffic analysis that BatChat messages are encrypted on the sender’s device and can only be decrypted by the recipient. The server routes encrypted blobs but never has access to the plaintext or the decryption keys.
Can BatChat read my messages?
Based on our testing, no. BatChat’s servers receive only encrypted ciphertext. The decryption keys never leave your device, so even BatChat’s own engineers cannot read your messages. However, without an independent security audit of the client code, this claim rests on trust.
What encryption algorithm does BatChat use?
BatChat uses AES-256-CBC with HMAC-SHA256 for symmetric message encryption and Curve25519 for all asymmetric (public key) operations. Key derivation uses HKDF-SHA256. This is the same cryptographic family used by Signal and WhatsApp.
Is BatChat more secure than Signal?
In some specific areas (pre-key rotation speed, message padding, group size), yes. In transparency and sealed sender technology, no. Signal’s fully open-source codebase and published audits give it an edge in verifiability. Both are strong choices for most users.
Does BatChat encryption work for group chats?
Yes, but the implementation differs by group size. Groups under 33 members get full pairwise encryption with per-message forward secrecy. Larger groups (up to 200,000 members) use Sender Keys with weekly rotation, which provides weaker but still meaningful forward secrecy.
What happens to my encryption keys if I lose my phone?
If you lose your device without backups, all conversation history is gone — the decryption keys existed only on that device. BatChat does not store your keys on its servers. If you had enabled cloud backups, the backup encryption key would need to be restored separately.
Has BatChat been independently audited?
As of April 2026, BatChat has not published results from an independent third-party security audit. This is the most significant gap in its encryption story. The protocol it uses (modified Signal Protocol) is well-studied and considered secure, but the specific implementation details in BatChat’s proprietary code haven’t been publicly reviewed.
Frequently Asked Questions
What encryption protocol does BatChat use?
As of April 2026, BatChat has not published results from an independent third-party security audit. This is the most significant gap in its encryption story. The protocol it uses (modified Signal Protocol) is well-studied and considered secure, but the specific implementation details in BatChat’s proprietary code haven’t been publicly reviewed.
Is BatChat end-to-end encrypted by default?
Based on our testing, no. BatChat’s servers receive only encrypted ciphertext. The decryption keys never leave your device, so even BatChat’s own engineers cannot read your messages. However, without an independent security audit of the client code, this claim rests on trust.
Can anyone read my BatChat messages?
BatChat uses a modified Signal Protocol as its cryptographic foundation. If you’ve read about encrypted messaging before, you’ve encountered the Signal Protocol — it powers Signal, WhatsApp, Google Messages, and Facebook Messenger’s secret conversations. BatChat starts from the same base but adds a handful of changes worth understanding.
How does BatChat encryption compare to Signal?
As of April 2026, BatChat has not published results from an independent third-party security audit. This is the most significant gap in its encryption story. The protocol it uses (modified Signal Protocol) is well-studied and considered secure, but the specific implementation details in BatChat’s proprietary code haven’t been publicly reviewed.
Has BatChat encryption been independently audited?
We noticed BatChat uses AES-256-CBC rather than AES-256-GCM. This caught our attention because GCM (Galois/Counter Mode) provides both encryption and authentication in one operation, making it the more modern choice. CBC requires a separate HMAC, which is what BatChat does — but the implementation is slightly more error-prone. It works, and BatChat’s implementation appears solid, but it’s worth noting this isn’t the newest approach available.