Jack Dorsey Jack Dorsey's new Bluetooth-powered messaging app, Bitchat, is now available on iOS. While designed for private, offline communication, security experts swiftly uncovered major vulnerabilities, including easy impersonation. Photo: AFP / Marco BELLO

Tech mogul Jack Dorsey has just unveiled Bitchat on the App Store, an application touted for its privacy features. However, a closer look by experts reveals a concerning flaw: the 'private' app appears alarmingly simple to compromise.

Bitchat's Core Functionality

Bitchat, a new messaging app from Twitter and Block founder Jack Dorsey, has landed on the iOS App Store. Dorsey mentioned he coded the app's foundation in just one weekend at the beginning of July. Bitchat works using Bluetooth mesh networks, allowing users to send messages to others nearbytypically within a 100-meter rangeeven without a mobile signal or Wi-Fi.

HoloSafe (@HoloSafeio) July 19, 2025

With a minimalist user interface, the app does not require a login process. You're immediately presented with an instant messaging screen, showing messages from nearby users (if anyone is active in your vicinity) and allowing you to set your display name, which is always editable.

How Bitchat's Technology Works

While Dorsey's involvement is generating buzz for Bitchat, the idea of messaging apps powered by Bluetooth isn't new. These applications are also widely used in situations where mobile service is limited, such as at large music festivals or following natural disasters, where both cell service and Wi-Fi might be unavailable.

During the pro-democracy protests in Hong Kong, the Bluetooth messaging app Bridgefy experienced a surge in popularity. Its function without an internet connection made it more difficult for authorities to uncover.

Security Concerns Emerge

Dorsey promoted Bitchat as a secure, private messaging platform when its beta version launched earlier this month. However, security researcher Alex Radocea highlighted in a blog post that impersonating others within Bitchat is straightforward, raising doubts about the proper security of this 'vibe-coded' app.

'In cryptography, details matter,' Radocea wrote. 'A protocol that has the right vibes can have fundamental substance flaws that compromise everything it claims to protect.' Dorsey later confessed that the software had not been externally reviewed for security and thus could contain weaknesses.

Following its launch, Dorsey has put a warning on Bitchat's GitHub page, stating: 'This software has not received an external security review and may contain vulnerabilities and does not necessarily meet its stated security goals. Do not use it for production use, and do not rely on its security whatsoever until it has been reviewed.'

This warning is now also visible on Bitchat's primary GitHub project page, though it wasn't present when the app first appeared. Dorsey later added 'Work in progress' next to the warning on GitHub.

This latest disclaimer followed Radocea's discovery that it's possible to impersonate someone and deceive their contacts into believing they're speaking with the genuine person, as the researcher detailed in a blog post.

The Problem of Fake Apps

Bitchat faces concerns not just about in-app impersonation, but also regarding the app's presence in app stores. The official app is currently downloadable for iOS from the App Store, and Android users can download it from GitHub.

However, the Google Play Store is home to numerous applications that appear to imitate Dorsey's app, and these fakes have accumulated thousands of downloads. While Dorsey hasn't directly addressed the unofficial Bitchat apps on the Google Play store, he did re-share another user's X post that cautioned about fakes and confirmed Bitchat's current absence from Google Play.

� Copyright IBTimes 2025. All rights reserved.