Encrypted SMS
for Android

🔐 NooK Privacy Commitment

• No data collected / shared – NooK does not collect, store, or share any data. No analytics, no trackers.
• Encryption keys stay on device – Shared secrets are derived from your passwords and never transmitted.
• All messages are stored encrypted using AES-256-GCM.
• Open source – The entire codebase is public for audit.

📋 What is visible?
Standard SMS metadata (sender phone number, timestamp) remains visible to your cellular carrier, as with any SMS. Content is encrypted end-to-end between NooK users.

✅ Your responsibility
You are responsible for the safety of your device and your shared secrets. NooK provides the tools; you control the privacy.

• Click "Download APK" in the start section of this page. (A download process is started)
• If you missed the "Download finished - click to install" Notification on your smartphone, just open your file exploring App, fgo to Downloads, identify the latest Nook APK file you just downloaded and click on the file. The installation process will start.
• Both parties need the NooK app installed on their phones - however, each NooK app might talk to n other NooK apps with other parties
• The installation "motto" is "install anyway"!
• Enable Installation from Unknown Sources: On your Android device, go to Settings > Security. In your device settings on privacy and security, enable the option "Install unknown apps" or "Allow from this source" or uncheck "app Installation Block" or similar actions (which might change in the future) for your file manager or browser (You may always enable that again after this installation).
• The installation process asks you to let PLAY PROTECT first scan first NooK to Google Play Protect for analysis before you install it. No problem - let scan - or bypass this. If no other link is clickable use this link and then install, or search for a tiny text between big buttons saying 'install anyway' and press / click it to install it.
• Download the latest NooK APK here from this page or from github directly:
• NB: Starting from version 1.4.x.yyy the encryption sign used in the underlying SMS has been changed from '#' to '✅' - this introduced a significant change in how message are understood. Please update NooK to this version or newer in order to guarantee the exchange. The use of '#' in an SMS caused some AI augmented Android OS to "understand" the intention of a command - and to answers back to the transmitter with a base64 coded message (!) saying something like "command not recognized - type ##help for help", thus comsuming uselessy one SMS for the answer. • NB: Starting from version 1.5.1.yyy due to detected padding problems the encoding of encrypted message has been changed to only be only base32, base64 or base256 - this version is not compatible with the previous ones

💡 In the Warning Android Instalation Popup, CHOOSE "more details" and then CONFIRM (INSTALL) ANYWAY
🚀 Launch NooK app
❗ READ and Accept disclaimer (!!) & Grant 3 Permissions - Check that the whole permissions have been granted! Some OS, e.g. some Android 15, will not grant NooK the whole SMS permission - and Nook will not be able to run proberly.
• Define one or more trusted contacts from the settings or create directly a chat using the lupe (top right) symbol
• Start Chatting Securely!
• Change your (weak default) security settings (see above) in case you should feel more safe.
See a short intro video showing the first steps See a short intro video showing using the more general trusted contacts
That's it! Your messages are now encrypted end-to-end and travel via SMS

A note on Encryption vs Encoding:
Imagine you have a super cool diary with a lock on it, and inside you write all your secrets. Encoding is like writing your diary in a secret code that everyone knows. Let's say you and your friend both have the same "secret decoder ring" that turns A into 1, B into 2, and C into 3. You write "8-5-12-12-15" in your diary. Anyone who finds your diary and has the same decoder ring (or knows the trick) can instantly figure out it says "HELLO." It's not really a secret; it's just changing the way the message looks so it's easier to write or send. It's like turning a sentence into Pig Latin. Everyone knows the rules! Note however how the words morphology might unveil the words itself. Encryption - on the contrary - is like writing your diary in a secret code that only you and your best friend know. Imagine you and your best friend make up a brand new, super special alphabet that nobody else has ever seen. You write your diary entry using this special alphabet. Now, if your brother finds your diary, he'll just see a bunch of squiggles and lines. He has no idea what it says because he doesn't have the special key to understand it. You've scrambled your message so that only the person with the right "key" (your special alphabet) can unscramble it and read it. So, the main difference is the SECRET (password) part, another one is the alphabet used to encode: Encoding: Changing a message so it's shown with different characters, but preserves its originary morphology. It's not for keeping secrets. Encryption: Changing a message to keep it a secret. You need a special, private key to understand it. NooK adds an additional SECRET (password) to derive a shuffle of available 3 * m (m derived from your encoding password!) encoding alphabets (base32, base64 or base254) each with 32, 64 or 256 different characters. This creates additional alphabets which first of all need to be discovered. When you create a fresh chat between two participants, NooK sets as a first (weak) default, just the base256 encoding. This means that the participants may already start exchanging things without being read by third parties. This is a facility to start sharing secrets. But BEWARE: encoding alone just substitutes characters of your text, do not alter the words morphology! So by only encoding - with a computer - some successful efforts can be done to guess the words thanks to their morphology. Passwords instead, might be still safely enough be exchanged (because they have no clear language morphology). Encryption requires more Device CPU power (and battery)! NooK's encryption method adopt a military degree encryption level (AES256) - this is far away and much more safe than just encoding. Third parties would need thausands of years to decode one single message! [Unless Quantum Computers be dramatically improved].