World’s first secure messenger that cares about work-life balance

Average session length — 20 min
Downloads — 17K
Messages sent — > 366K
iOS
Android
James App

About

In this case study, we'd like to share a story of creating a truly unique messenger application that cares about its users’ work-life balance while being as secure as Signal.

This story is full of non-standard tech solutions we managed to make to beat all project challenges. There were quite a few of them, not least because our client planned to launch the app in the Middle East region where fierce restrictions on the use of VoIP apps have reigned for almost ten years.

From the very beginning, this project promised to be exciting, so we started the development with utmost enthusiasm.

What gave rise to the idea

The idea to create a highly secure messenger came up to our client after the Facebook – Cambridge Analytical scandal took place in 2018. It happened that services involved in Donald Trump’s presidential campaign easily got access to personal data from 87 million Facebook profiles.

So when our client reached out to us to develop his app, the trust of people from all over the world in current online communication tools was close to none. For us, it meant that the demand for a really secure messaging app in the Middle East region was high, however, equally high was the competition.

Chapp App

app users

Who are they?

To stand out from the crowd, within his messenger, our client decided to solve another issue that was urgent for the majority of the Middle East working population — finding the work-life balance. He called the target audience young professionals — employed people and entrepreneurs forced to work in a cut-throat high-pressure environment (largely spurred by the Saudi Vision 2030) to build careers and businesses.

To better understand the target audience’s needs and wants, we conducted an analysis, data from which formed the basis of our user persona.

Males / Females aged

25 — 35

Education

Got high-quality education at esteemed universities in the US or the United Kingdom

Are cautious due to the likelihood of VPNs providers exposing their correspondence to third parties including the authorities

Want to devote more time to family and friends

Ammar Abaza

Businessman

Are cautious due to the likelihood of VPNs providers exposing their correspondence to third parties including the authorities

Actively build careers, being overwhelmed with business calls, meetings, and emails 24/7

Are advanced smartphone users

iOS
Android
46%
54%

Know how to use call and messaging apps with the help of a virtual private network

Feel exhausted because the line between work and personal life becomes blurred

Would like to be able to apply themselves to work during working hours and to rest during non-working hours

Deciding on the UVP: One application Keeping our target user persona front and center, in close cooperation with our client, we decided on three top-priority directions for the app's unique value proposition:

— two lives

Keeping our target user persona front and center, in close cooperation with our client, we decided on three top-priority directions for the app's unique value proposition:

To avoid unsolicited messages

Users would send invitations to their contacts and obtain consent to start corresponding

To mitigate the risk of leaking information

Contacts, messages, communication history — everything would be encrypted and stored locally on users’ devices.

To care about users' work-life balance

Contacts and chats would be divided into two groups: work-related and personal

Smart solutions

for development

To care about users' work-life balance

To realize the app’s first core function — helping users separate their personal and work life — we added a system of flexible notifications. Thanks to it, users could adjust the appropriate time to be informed about the incoming messages from their personal and working chats. For example, our users could set a range from 8 a.m. to 5 p.m. to receive notifications only from work chats and 5 p.m. to 10 p.m. — from personal chats.

We made sure once again that this concept was worthwhile after in June 2021 Apple presented its new iOS 15 with a built-in Focus mode that also filtered and prioritized notifications.

James App
James App

There’s also a downside to this approach — if users change their smartphones, they won’t be able to restore their correspondence since there’s no server that stores the chat history.

After discussing possible pitfalls with our client, we came to the decision that we would have to sacrifice chat histories in favor of providing the utmost security for his messenger.

To avoid unsolicited messages

To prevent our users from receiving spam messages, we introduced a system of invitations and consents. This means the chat was possible only if both sides said it was.

To provide app security, we decided to use end-to-end encryption. The mechanism works as follows: When you send “hi, let’s chat” to your friend and they accept your invitation, the system simultaneously encrypts your message and generates a decryption key stored on your friend’s device. After this, only your friend’s phone can decode messages sent from your phone.

To mitigate the risk of leaking information

The only moment when we needed to use a third-party server was for message routing. For this, our client chose the server located in Switzerland, and for a reason.

Historically, this country is beyond the European Union membership. All countries that are EU members obey one law on data protection and privacy — the General Data Protection Regulation. Though GDPR was intended to serve as a gold standard for data regulation for the world to emulate, in fact, it has had multiple shortcomings that left recourse for individuals to have access to private information including that already removed.

Being famous for its supreme secrecy law in the banking sector, Switzerland was more trusted by our client than any EU member as the server provider. Moreover, to evaluate his app's capability to keep users' conversations private, our client constantly monitored FBI reports where the level of his messenger security was comparable to that of Signal.

James App
James App

Challenges that

fostered our skills

Shifting away from Ruby we were used to

Challenge

In a messenger with the ambitions of WhatsApp, there might be a million users who might concurrently send millions of messages including text, audio, and video files. We understood that the Ruby on Rails framework we usually employ for mobile app backend development was unable to maintain that huge influx of simultaneously opened connections for transmitting data.

Solution

For the backend of our highly loaded system, we chose a non-standard programming language Elixir. It included several beneficial features starting from being built on a rock-solid core made by Ericsson to its own concurrency model and scheduler to the “let it crash” approach when dealing with bugs. Elixir enables services like Discord, Pinterest, and it used to power WhatsApp to handle significant spikes in concurrent users.

Streamlining media file processing and transferring

Challenge

Since the majority of our app logic was built on the client-side, the app crashed every time we sent a media file. Large files required too much time to be encrypted, transmitted, and decoded. As a result, when we added the attachments feature to the app, we had a limit on the media file size — otherwise, our app couldn’t operate smoothly. The need to process and transfer large media files encouraged us to find new approaches for optimizing the app's performance.

Solution

We decided to parallelize encryption, decryption, and keystream generation to provide a speedup for the messenger. This algorithm implied breaking down each media file into snippets that then were ciphered and transmitted with other snippets at the same time.

Improving app performance

Challenge

Since there was no server used in the data processing and transferring (let alone message cyphering/decyphering), all backend processes overloaded the client-side having a detrimental effect on the whole app speed.

Solution

We ran a series of load tests to find spots within the app that most needed to be optimized. Amongst other improvements, we optimized the structure of the client apps' internal database which has had a significant impact on the app performance.

Repelling robot-bot attacks

Challenge

When we began to expand our secure messaging app to other countries, particularly populous India, we bumped into attacks from robot bots. They occupied the same message service that we used to provide user authorization via the phone number. As a result, we had a ton of verification messages that had been consuming our client’s budget without factual registrations.

Solution

We decided to integrate a smart captcha. By default, the app asked users to enter the captcha only in case when the system detected repeated requests for verification coming from the same IP address. After deploying a smart captcha, robot bots couldn't spam us anymore. Thanks to this solution, our client was charged a fee only for verification messages for real app users.

Secure messaging app tech stack

See what technologies we used to develop the Chapp app to make it operate smoothly and stably:

iOS applications were written in

SwiftUI

Android applications were written in

Kotlin

For the backend of the app, we used

Elixir
PostgreSQL
Firebase
APNs
Protobuf
Redis

For push notifications, we used

icon of SwiftUI APNs

Frontend

icon of SwiftUI
James App

UI/UX iterations

resulted

in app redesign

Initial users had compared our secure messenger's UI/UX design with major players like Telegram or WhatsApp. At first, the hyped products had been winning, especially for users who valued the app's convenient design above data security.

Both the client and our team strived to refine the app UX and UI design to fit users' expectations. Our client invited a third-party specialist in the mobile app audit, and so did we. With the help of those specialists, we managed to analyze the customer journey within the app. It was crucial to figure out how long it took our users to register, send their first invitations, and write their first messages. Thanks to mobile app analytics services, we built funnels and found out at what stages our users tended to quit the app.

James App

After this, we:

Simplified the app tutorial by removing unnecessary screens that taught how to use the application or promoted some app features moved pop-ups that emerged when a user requested access to contacts, the phone book, and notifications to other spots on the app screens

In the end, we got a user-friendly, intuitive, rather plain design that matched the messenger interface our users were accustomed to.

James App

What we've

learned

James App

This project brought us many challenges including mastering a new programming language Elixir, defending against numerous robot-bot attacks, and integrating a flexible system of notifications.

Still, we've been convinced of one thing from project to project: No matter how thorny is the app development process, smooth communication between the client and the team is a key to success.

During this encrypted chat app development, our collaboration with the client was impeccable. Joined by one aim to create a really secure and handy communication tool for young professionals from the Middle East, we spared neither Slack messages nor Google Meet calls to develop close and effective relationships with the client. From the client's side, we also felt his genuine wish to help us make a high-quality app.

Our next step? Ongoing optimization

For the messenger app's success, it’s vital to maintain an ever-increasing number of users. Our task no.1 now is to make our app serve users in the best way possible. For this, we’re working on some unique app features that both the client and our team expect might favorably distinguish our secure messaging app among competitors and satisfy users.

Real Estate Management App for MENA Region

next case
Mulki

Got an idea in Mind?

Book a consultation
book consultation