Encrypted SMS messenger for Android
SMS encryption via steganography — your messages look like ordinary text
Русская версия · 中文版 · نسخه فارسی · Protocol
Lapka SMS is a full-featured SMS app with built-in message encryption. Encrypted messages are encoded using steganography — they look like English or Russian text to anyone intercepting them. The primary adversary is the mobile operator who can read SMS content in transit.
Both parties need Lapka SMS with the same encryption key to exchange encrypted messages. Unencrypted SMS works with any phone.
Encryption (protocol details)
- AES-256-GCM authenticated encryption with HKDF-SHA256 key derivation
- Replay protection — rejects old and replayed messages
- Message length hiding — padding prevents traffic analysis
| Scheme | Output example | Best for |
|---|---|---|
| Base64 | dGVzdA== |
Universal, compact |
| Cyrillic Base64 | дГВздА== |
Blends with Cyrillic text |
| Russian Words | молоко дерево книга |
Looks like Russian text |
| English Words | Drawcut Foussa Miranda |
Looks like English text |
- Per-conversation keys — different key for each contact
- QR code sharing — scan to exchange keys
- SHA-256 fingerprint — verify key authenticity
- Android Keystore — hardware-backed key storage
- EncryptedSharedPreferences — keys encrypted at rest
- FLAG_SECURE — hide app content in task switcher (configurable)
- Auto-delete encrypted messages — configurable timer
- SMS for reset — receive a predefined SMS to erase all encryption keys and reset encryption settings. Messages stay, but become undecryptable
- No analytics, no tracking
- Encrypted Realm database
- Material Design UI with customizable themes
- Night mode (auto/manual/system)
- Per-conversation notification settings
- Delayed sending
- Delivery reports
- Dual SIM support
- Swipe actions
- 38 languages
| Protected | Not protected |
|---|---|
| Message content (AES-256-GCM) | Communication metadata (who, when, how often) |
| Message length (padding) | The fact that both parties use Lapka SMS |
| Key material at rest (Keystore + EncryptedSharedPreferences) | Physical access to unlocked device |
| App content in task switcher (FLAG_SECURE) | Recipient's device security |
Download the latest APK from Releases and install it. Set as default SMS app when prompted.
Google Play Protect may block installation because the app is not distributed through Google Play. This is a false positive — the app is open-source and contains no malware. To install:
- If you see "App blocked for your protection" — you need to temporarily disable Play Protect:
- Open Google Play → tap your profile icon → Play Protect → Settings (gear icon) → turn off "Scan apps with Play Protect"
- Install the APK
- Re-enable Play Protect after installation
- If you see "Default SMS app request denied" after installation — Android 13+ restricts sideloaded apps from becoming the default SMS handler. To fix:
- Go to Android Settings → Apps → find Lapka SMS → tap ⋮ (three dots, top right) → "Allow restricted settings"
- Now open Lapka SMS and accept the default SMS app prompt
Open a conversation → tap ⋮ menu → Details → Encryption key.
- Enable the Encryption key toggle
- Tap Generate new key — a random AES-256 key is created
- Share the key with your contact via QR code (meet in person) or copy it via a secure channel. Never send the key via regular SMS!
- Verify the emoji fingerprint matches on both devices
- Scroll down and choose an encoding scheme
Available encoding schemes:
| Scheme | Looks like |
|---|---|
| Base64 | dGVzdA== — random characters |
| Cyrillic Base64 | дГВздА== — Cyrillic random characters |
| Russian Words | молоко дерево книга — Russian text |
| English Words | Drawcut Foussa Miranda — English text |
The lock icon 🔒 next to each message indicates encryption is active. Just type and send — messages are encrypted automatically. Incoming encrypted messages are decrypted transparently.
Left: Lapka SMS (decrypted view) · Right: how it looks in a regular SMS app
Requires JDK 17.
git clone https://github.com/GeorgiyDemo/Lapka-SMS.git
cd Lapka-SMS
./gradlew assembleDebugpresentation/ Android UI layer (Activities, Conductor Controllers, ViewModels)
domain/ Business logic, interactors, models
data/ Repositories, receivers, Realm persistence
common/ Shared utilities
psms-lib/ Encryption library (AES-GCM, HKDF, steganography encoders)
android-smsmms/ Legacy MMS/SMS framework
Key patterns:
- Conductor for navigation (Controllers inside Activities)
- Dagger 2 for dependency injection
- RxJava 2 + AutoDispose for reactive streams
- Realm for encrypted database storage
Lapka SMS is a fork of Partisan-SMS (itself a fork of QKSMS). Changes in Lapka SMS:
- Upgraded encryption protocol to v3 with new steganography encoders
- New Russian word dictionary (~84K words) for Russian Words steganography
- Added English Words steganography scheme (~150K word dictionary)
- Removed global encryption key — per-conversation keys only
- Upgraded to 128-bit GCM authentication tag
- Encrypted database storage (Realm encryption via Android Keystore)
- EncryptedSharedPreferences for key material
- Key fingerprint verification (SHA-256 emoji fingerprint)
- Conversation deduplication (fixes duplicate threads for same number)
- Changed package namespace from
com.moez.QKSMStoorg.lapka.sms - New app icon and shortcut icons
- In-app encryption setup guide (help button in key settings)
- In-app language selector
- Disabled R8 obfuscation to reduce antivirus false positives
- Fixed tryDecode/isEncrypted for text steganography schemes
- Security hardening (network security config, private file logging, FLAG_SECURE)
- Upgraded dependencies (Dagger 2.52, Glide 4.16, Kotlin 1.9, compileSdk 35)
- CI/CD pipeline with automated releases
- Modernized codebase (deprecated API cleanup, AndroidX migration)