[Discussion] DRØGR - Serverless P2P Messenger

Hello and thank you for taking a look at it, The root/developer mode detection - this is documented in the code comment itself: “This is a speed bump - a determined attacker can bypass all of these.“ It is not enforcement. DRØGR stores all key material in volatile RAM and relies on SecureBytes zeroing on disposal. A rooted device can read arbitrary process memory, which directly undermines that guarantee. The check exists to wanr the user who may not realize their device weakens the RAM protection mode, not to DRM-lock the app. You can verify it does nothing more than return a boolean that triggers a UI warning - there is no network call, no kill switch, no telemetry.

Obfuscation - obfuscate is a standard Flutter release flag that applies to the compiled artifact, not the source. The source is fully open. The purpose is to raise the cost of reverse engineering the binary distributed to end users, which is separate from source transparency. F-Droid’s reproducible build verification will allow anyone to confirm the APK matches the source exactly.

The code - I understand a quick look won’t show much without context. The actual application logic is across ~5000 lines in lib/services/ and lib/crypto/. The crypto stack is in lib/crypto/double_ratchet.dart and rust/src if you want to audit the parts that matter most.

The AI generated text is there to help with readability and context of the application.

I can answer specific technical questions about any part of the implementation.