Software

Mobile Apps

personally tested


Session

Send Messages. Not Metadata.

Friends don’t let Friends use compromised Messengers

Session is an end-to-end encrypted messenger that removes sensitive metadata collection, and is designed for people who want privacy and freedom from any forms of surveillance.

Session is free as in free speech, free as in free beer, and free of ads and trackers. Session is built and maintained by the OPTF, Australia’s first privacy tech not-for-profit organisation. Take back your online privacy today — download Session.

Want to build from source, report a bug, or just take a look at the code? Check out Session on GitHub: https://github.com/loki-project/session-ios

Developer

Oxen Privacy Tech Foundation (OPTF)

Purchase Date

13.09.2022: Download from F-Droid on Fairphone 4
14.09.2022: Download from Apple App Store on iPhone 11 Pro Max
16.09.2022: Migration from iPhone 11 Pro Max to iPhone 14 Pro Max
23.09.2022: Download from Apple App Store on iPhone 11 Pro
23.09.2022: Download from Apple App Store on iPhone Xs
14.03.2023: Download from GitHub on Google Pixel 7 Pro
14.11.2023: Download from GitHub on Google Pixel 8 Pro

Purchase Price

The Session app is free for users.
The project is funded by the Oxen Privacy Tech Foundation.
Quote OPTF: “We are a passionate team of advocates, creatives and engineers building a world where the internet is open, software is free and accessible, and your privacy is protected.”

Rating

***** 4 stars (Devaluation due to missing backup function)

System Requirements

• iOS/iPadOS 13.0 or higher
• Android OS 6.0 or higher
• macOS Catalina (10.15) or higher
• Windows 10 or higher
• Linux Distribution with glibc 2.28 or higher
   (like Debian 10 or Ubuntu 20.4)

Compatible with:
• Android Smartphones/Tablets
• iPhone/iPad/iPod touch
• Mac
• Windows
• Linux

Download

Android

Google Play
Session Repository at F-Droid
APK File on GitHub

iOS/iPadOS

Apple App Store

Desktop

Mac
Windows
Linux

Languages

Croatian, Dutch, English, Finnish, French, German, Hindi, Indonesian, Italian, Japanese, Persian, Polish, Portuguese, Russian, Swedish, Sinhalese, Slovak, Spanish, Thai, Traditional Chinese, Vietnamese. Chinese, Simplified Chinese, Vietnamese

Support

Blog, FAQ & Help, YouTube
• Open Group “Session” (get help) & “Session Updates” (update info)
  (in Session app, tap on + (plus button below), then “Join Community”)
Attention, renaming (conversion phase):
old: Open Groups; new: Communities

Features

  • Chats and voice messages
  • Communities & Groups
  • share Files & Media
  • Quote function
  • Voice and video calls (P2P; Beta stage)
  • Agree/Disagree/Comment with Emojis
  • custom themes: light or dark design + choice of colour according to taste
  • also optimised for tablets, can be used without SIM card
  • Contact also possible via QR code (scan each other)
  • completely anonymous account creation: no phone number or email required

Practice

13.09.2022: As of today I am testing Session – on my Fairphone 4.

1. Change of Device

14.09.2022: I prepare the Fairphone 4 for sale to wirkaufens.de.
Install Session on the iPhone 11 Pro Max. Session ID, I restore all chats & contacts using recovery phrase. Chats & contacts from the last 14 days are stored end-to-end encrypted in the server swarm, so this works without a backup function.

2. Change of Device

16.09.2022: Am very curious to see how well Session moves:
From iPhone 11 Pro Max to iPhone 14 Pro Max via Apple Quick Start …
Everything was copied completely; also Session was transferred to the new iPhone flawlessly and completely with chat histories and media, supported by Session's server swarm (5–7 server). Ingenious! Thumbs up!

23.09.2022: To be able to test Session more intensively without need of several real contacts, I also download the app from the Apple App Store to my iPhone 11 Pro & iPhone Xs. I create separate Session IDs on both. This way I can test group functions (member administration etc.).

3. Change of Device

14.03.2023: Google Pixel 7 Pro with GrapheneOS as main phone.
For details see Multi-Device down below.

Multi-Device

02.11.2022: To test multi-device capability, I delete the separate Session ID on the iPhone 11 Pro which I had created only for testing.
After restarting the Session app, I neither select “Create Session ID” nor “Continue your Session”, but “Link to an existing account”.

After entering the recovery phrase of my “real” Session ID, I tap on “Continue” and select the recommended “Fast Mode” (Apple Push Notification Service, APNS for short) for message notifications.

Thereafter the app asks me whether I trust the contact (who had sent me pictures) and whether Session should download the media he sent. A great security measure!

Since I trust this Session contact and had already received the chats including pictures from him before on the iPhone 14 Pro Max before, there was no doubt here. After confirming this query (“Download”), the Session app downloads all the chats and associated media of the last 14 days from the server swarm to the iPhone 11 Pro.

All contacts, groups and chats are available soon after.
On a trial basis, I write my next chats on the second device and then check on the main device to see if they also appear there – yes! Smiley

14.03.2023: As of today, a Google Pixel 7 Pro is my daily driver.
To use it as a multi-device, I select the bottom menu item “Link to an existing account” after installing the session app.
After entering the recovery phrase of my Session ID, I tap on “Continue” and select “Slow mode” as notification strategy, because “Fast mode” would be require Google's FCM. The Session app now downloads all chats and associated media from the server swarm to the Google Pixel 7 Pro for the last 14 days. Minutes later, all contacts, groups and chats are available.

14.11.2023: As of today, a Google Pixel 8 Pro is my main phone.
To use it as a multi-device, I select the bottom menu item “Link to an existing account” after installing the session app.
After entering the recovery phrase of my Session ID, I tap on “Continue” and select “Slow mode” as notification strategy, because “Fast mode” would be require Google's FCM. Session app downloads all chats and associated media from server swarm on my Google Pixel 8 Pro for the last 14 days. Shortly afterwards, all contacts, groups and chats are available.

Telephony

23.11.2022: 1. voice call via Session: 2 hours without interference, as if we were in the same room. Hundreds of kilometres away …
First with Apple's AirPods Pro, but the last approx. 15 min. without, because my conversation partner was so curious like me to hear the difference. It didn't sound better without AirPods Pro, but a little different.

28.11.2022: 2. voice call via Session: only short today, great quality.
Then, for comparison, 1st phone call via Threema. 50 minutes of moderate quality with three dropped calls.

03.12.2022: 3. voice call via Session: This time only half an hour. Despite a less-than-optimal mobile connection on my side, the conversation is almost as good as the first phone call. Afterwards, we switch messengers for a test: Threema copes worse with less than optimal mobile connection than Session or the internet connection has worsened in the meantime. Echoes and short interruptions make conversation impossible.

06.01.2023: 4. voice call via Session: 1:47 h without interruption! There are short drop-outs on the other side about three times (he can't hear me anymore) and it sounded a bit metallic on his end, but otherwise it was great this time. The interruptions are probably due to my network provider, because the upload is bad here every now and then and is then at 2 MBit/s or even significantly below.

03.02.2023: 5. voice call via Session: 2:50 h without interruption! Short drop-outs on the other side one time only, while my WLAN switches from one iPhone to the other. Otherwise completely undisturbed. Smiley

07.02.2023: 6. voice call via Session: 2:14 h without interruption! Only a few drop-outs – some at my end and some at the other end.

08.02.2023: 7. voice call via Session: 1:00 h without interruption!

17.02.2023: 8. voice call via Session: 1:00 h without interruption, but with a few drop-outs – some at my end and some at the other end.

03.03.2023: 7. voice call via Session: 2:24 h without interruption!

Pros

  • anonymous account creation: neither phone no. nor e-mail needed to create a Session ID
  • Session ID is also the public key – makes it easier to establish contact
    (no Man-in-the-Middle Attack possible under a false name)
  • decentralised server network: No data breaches, no central point of failure
  • no metadata logging: Session doesn't store, track, or log your messaging metadata
  • IP address protection: device IP addresses are never exposed to the person you're talking to or the servers holding your data
  • Groups: End-to-end encrypted group chats for up to 100 people
  • secure attachments: Share voice snippets, photos, and files with Session's secure encryption and privacy protections
  • free and open-source: don’t take our word for it – check Session's code yourself
  • no proprietary software library from Google or other third parties (F-Droid version)
  • strong encryption on the end device
  • chats, contact lists and groups are managed exclusively decentrally on the participating devices, no storage on a server – this is where Session differs significantly from conventional messengers
  • end-to-end encryption throughout
  • security and data protection by design
  • comfortable typing on a large keyboard with the desktop versions of Session
  • multi-device support already available as well-functioning beta version
  • Development team very competent, hardworking, flexible and fast
  • excellent voice quality when telephoning

Cons

  • no push notification on de-Googled Android devices
    (only reachable for calls via Session while Session app is open)
  • Group function is currently still faulty, optimisation in progress
  • no data backup function yet (planned for later Session Pro version)
  • voice and video calls currently as beta version still without IP address protection (P2P)
  • FAQ & support currently in English only

Conclusion

I am impressed by this very data-saving messenger!
The decentralised server network is very robust against rogue states.

Anyone whose life and limb is in danger should not activate the “Voice and Video Calls” function in the “Privacy” menu at the moment.
You could use a VPN to disguise the IP address, but which one do you trust with your life? – Better to just chat for now …
However, other messengers cannot do this perfectly either.
With Threema, all calls can be routed through Threema's server to disguise the IP address, with a loss of sound quality.

But the Session developers are already working on a solution without a recognisable IP address. This is difficult and take some time.
According to CTO Kee Jefferys, the current P2P interim solution was the express wish of over 80 per cent of all Session users!

As soon as the backup function is integrated, I give Session five stars and then it is a real competitor for Threema.

Server Swarm

A collection of 5–7 Service Nodes which are responsible for the storage of messages for a predefined range of Session IDs. Swarms ensure that your messages are replicated across multiple servers on the network so that if one Service Node goes offline, your messages are not lost. Swarms make Session’s decentralised network backend much more robust and fault-tolerant. Messages are end-to-end encrypted and are kept for download for 14 days. As soon as a Session client goes online, messages were delivered.

Backup Function planned

The still missing backup function is mitigated by the fact that messages from the last 14 days are delivered again from the server swarm (5-7 servers) if one has to delete and reinstall the app or change the device.

By the way: the server swarm has already saved many users from total loss of their data when their device suddenly had a defect or had to be replaced for other reasons. Some users do not even want to have older messages on the device for security reasons.

Important Tips

Android OS

  • Keep IDs, passwords & recovery set safe; use a password safe (e.g. KeePassDX or Bitwarden)
  • Never configure the memory card as internal memory extension – very high risk of data loss!

Apple iOS/iPadOS

  • Keep IDs, passwords & recovery set safe; use a password safe (e.g. Strongbox or Bitwarden)

General

  • The security of the password safe stands and falls with the quality of the master password!

Alternatives

Threema (disadvantages: centralised servers, no multi-device yet)
SimpleX (disadvantage: no multi-device)

Reference

This is Session (Intro on YouTube, 1:24 min.)

About the OPTF (Blog)

10 Cool Facts about Session Messenger (YouTube, 9:24 min.)

Auto-deleteting messages and time-to-live (Blog)

How do disappearing messages work in Session (YouTube)

External security audit by Quarkslab

Mark Williams: Secure Messaging Apps Comparison

Keyword list: Alternatives, Android, Apple App Store, Apple iOS, Apps, Blog, Chat, Client, Conclusion, Cons, Disadvantages, Download, E-Mail, End-to-end encryption, F-Droid, FAQ, Groups, HTTPS, Help, IP, IT, Internet, Intro, Link, Memory Card, Mobile Apps, Network, Offline, Online, Pixel 7 Pro, Pixel 8 Pro, Privacy, Pros, SIM, Server, Service, Session, Session Messenger, Smartphones, Software, Storage, Telephony, Threema, Tips, Update, Upload, VPN, WLAN, Who, how, iPhone, public key, report

Last edited: