Hello cleeyv,
I am a founding member of molly and have been supporting Daniel Micay since 2014. Molly was originally developed with the idea of valldrac to add true local encryption to Signal's database. One of the fundamental problems was deleting the key from memory when the app was locked. Moxie claimed this would not be possible, the opposite is true. Molly deletes the RAM memory and leaves no traces. This was verified by us through several procedures. Keyword: Android memory forensics.
How the local encryption of the database works is described in detail here:
https://github.com/mollyim/mollyim-android/wiki/Data-Encryption-At-Rest
Molly was started here:
https://community.signalusers.org/t/signal-with-password-encryption-poc/6159
The team consists of former members who were still using Signal under the name Textsecure. During the transition period between Textsecure and Signal, there was no file base encryption. Most Android smartphones did not even have the option to encrypt with Full Disk Encryption. Signal's database was never really locally encrypted at the time.
Molly is completely open source, as is Foss. The changes to the client are all public. The added features are all well thought out and future proof.
The implementation of Monero as a means of payment is currently being worked on at full speed. The Monero community has provided funding for this purpose.
https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/252
https://github.com/mollyim/monero-wallet-sdk
We are in talks with https://cure53.de/ and https://www.srlabs.de/.
If we had the financial means, we would have an audit carried out immediately. But don't forget that this is just a snapshot.
From our point of view, it only makes sense to put molly through its paces once some crucial functions have been implemented. The fact that nothing has changed in terms of end-to-end encryption is self-explanatory, as it is compatible with Signal.
S1m has only recently joined the team. He is responsible for Unifiedpush. We are very grateful that he decided to work with us. Thanks to him, it is now possible for molly-UP and fcm to receive messages despite a closed database.
Signal knows what we are doing.
In the long term, there are some very interesting ideas that we want to see realized. One of them is remote attestation. A lot of the work put into Auditor can be used to validate between two chat partners, similar to what Auditor does with the server.
If both parties support hardware attestation and have an HSM. They will be notified and have the option to choose if they want to use this feature. The security numbers should be verified, and if they pass, the attestation can go into effect. They will strongly pair each other, as the attestation app currently does. Then a timer will force both clients to renew the attestation. One attestation per message would put too much load on the CPU. Therefore, a timer of 5 minutes or so might be good. The message transmission is stopped if the attestation fails. The user receives a warning and the option to continue the message exchange, but must first accept this.
If both users agree, they can see more information about the other party. Such as patch level, device administration and other things. This would be handled like reading recipes. Both have to agree, otherwise only the failed certificate is shown as a warning. This could even be extended to biometric data.
To mention another very useful planned feature:
Sandboxing webrtc and/or molly text only mode.
Like any other open source project, we are dependent on donations. Without them, it will not be possible to carry out a complete audit and implement some features.