FreeTime is an open-source Android chat application with real-time messaging, voice/video calls, group management, and end-to-end encrypted media sharing.
Note: This repository contains the Android client application and server-side backend (sanitized for open source). Production credentials and critical infrastructure secrets are omitted — replace the
CHANGE_MEplaceholders with your own values.
- Real-time chat with typing indicators, read receipts, message status
- Voice & video calls (WebRTC peer-to-peer)
- Group chat with channels, role-based permissions, and voting
- Friend system with request/accept flow
- End-to-end encrypted media sharing (images, video, files)
- Push notifications (FCM + background polling)
- Two-factor authentication (TOTP)
- Admin panel integration
FreeTime requires a backend server to function. The app communicates with a Node.js + Socket.IO backend over HTTPS/WSS:
┌──────────────┐ Socket.IO (polling+WS) ┌──────────────┐
│ Android │ ◄──────────────────────────► │ Backend │
│ App │ HTTPS (REST API) │ (Node.js) │
└──────────────┘ └──────┬───────┘
│
┌────────┴────────┐
│ Database │
└─────────────────┘
- Set up the master server (
master-server/) and peer server (peer/) on a Debian/Linux server - Configure both by editing their
config/.envfiles — replace allCHANGE_ME_*placeholders with secure random values - Configure the Android app's server URL via
gradle.properties:SERVER_HOST=your-domain.com SERVER_PORT=443 PEER_HOST=your-domain.com PEER_PORT=9080
- Build the app with
./gradlew assembleRelease
See BUILDING.md for detailed build instructions and master-server/README.md for server setup.
Built with MVVM + Repository pattern using Jetpack Compose:
UI (Compose Screens) → ViewModels → Repositories → Data Sources
├── Network (Retrofit + Socket.IO)
├── Local DB (Room)
└── Local Storage (DataStore/SharedPrefs)
- UI: Jetpack Compose + Material 3 + Navigation Compose
- Architecture: MVVM, Repository Pattern
- DI: Dagger Hilt
- Networking: Retrofit, OkHttp, Socket.IO
- Calls: WebRTC
- Local DB: Room (SQLite)
- Push: Firebase Cloud Messaging
- Async: Kotlin Coroutines & Flow
- Encryption: AES-256-GCM via Google Tink
FreeTime implements defense-in-depth security:
- AES-256-GCM authenticated encryption for media
- Per-chat unique encryption keys
- Hardware-backed Android Keystore for local key storage
- TOTP two-factor authentication
- JWT token-based auth with auto-refresh
- TLS 1.3 for all transport
Important: The actual encryption key management and server authentication implementation are intentionally omitted from this repository to prevent misuse. The encrypted media pipeline uses standard AES-256-GCM but the key exchange protocol and infrastructure authentication details are server-side and not disclosed.
See SECURITY.md for the security model overview.
See BUILDING.md for build instructions.
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Submit a pull request
This project is released under a permissive open-source license. The code is available for educational, research, and personal use. Security-critical components (key exchange, infrastructure auth) are intentionally omitted.
This software is provided as-is for educational purposes. The encryption and security features described are conceptual. Actual production deployment requires proper server infrastructure, certificate management, and security audits.
Status: Active Development | Platform: Android 7.0+ (API 24)