Independent Security Audit

Professionally verified by an independent, certified security firm

Noghteha Has Been Professionally Audited

In January 2026, Noghteha underwent a comprehensive security assessment conducted by 7ASecurity, an independent security firm with ISO 27001 and SOC 2 certifications. A team of four senior security researchers spent 12 days examining every aspect of the application.

This audit was not a checkbox exercise. It was a deep, whitebox review where auditors had full access to our source code, debug builds, and internal documentation. They looked at everything.

4
Senior Researchers
12
Days of Testing
100%
Source Code Access

Note: The audit was conducted on version 1.0.34 with fixes verified in version 1.0.35. Subsequent versions may contain changes not covered by this audit.

What Was Tested

Security Review (WP1)

The team examined the Android application's source code, looking for vulnerabilities in how we handle encryption, manage network connections, process data, and protect against attacks. They tested our Bluetooth mesh networking, WiFi Aware transport, Nostr relay integration, and Tor connectivity.

Privacy Audit (WP2)

The auditors investigated ten critical privacy questions: What data does the app collect? Where does it go? Is sensitive information stored securely? Does the app track users? Are there any backdoors? Does the app try to gain unauthorized access? Their job was to verify that Noghteha actually does what we claim it does.

The Results

No critical vulnerabilities were found.

The auditors identified areas for improvement, primarily related to resilience against network disruption attempts and configuration hardening. These are the kinds of findings you expect in a thorough review of any complex application.

What they did not find:

  • No way to access or decrypt your messages
  • No backdoors or hidden functionality
  • No user tracking mechanisms
  • No attempts to gain elevated system access
  • No data sent to external servers without your knowledge

What the Auditors Said

"Despite the number of findings identified during this assessment, the Noghteha solution defended itself well against a broad range of attack vectors and demonstrated a clear security and privacy-focused architectural intent."

The auditors specifically praised:

  • The use of the Noise Protocol for encrypted communications
  • The privacy-first architecture design
  • Strong engineering practices around handling sensitive data
  • Release build hardening that increases attacker difficulty

About 7ASecurity

7ASecurity is a security firm specializing in penetration testing and code audits. They hold ISO/IEC 27001:2022 certification and SOC 2 compliance, and their engagements are backed by Lloyd's Insurance. Their team has audited applications for organizations worldwide.

This was not a paid endorsement. They were hired to find problems, and they did their job thoroughly.

Visit 7asecurity.com

Read the Full Report

We believe in transparency. The complete audit report, including all technical details and recommendations, is publicly available.

View on 7ASecurity Blog Download PDF Report

Our Commitment

Security is not a destination. It's an ongoing process. We're committed to:

  • Regular security assessments as the application evolves
  • Promptly addressing any security concerns
  • Being transparent with our users about what we find