Bridgefy
The same academic research group broke Bridgefy’s security claims twice, once in 2020 and again in 2022 after the company believed it had fixed the problem. In between, and after, no other phone-only Bluetooth mesh app has been downloaded as many times as Bridgefy, past the 12 million mark and counting, with a role in eight or more protest movements dating back to 2019. Both claims hold at once, and the download record doesn’t cancel out the broken audits.
From earthquake app to protest icon
Mexico City, 2014: Jorge Ríos started the company in the aftermath of that year’s earthquakes, when the city’s cell towers went down along with everyone’s ability to reach each other. His fix leaned on nothing exotic, only Bluetooth Low Energy already sitting in every phone, hopping messages roughly 100 meters at a time from device to device with no tower, no data plan, and no accessory required. For half a decade almost nobody noticed. Then Hong Kong’s 2019 protests changed that overnight: downloads jumped by something like 4,000% and added roughly half a million installs within a few weeks. A string of similar moments followed over the next year, India’s anti-CAA demonstrations, Iranian shutdowns, the 2020 US BLM protests, unrest in Zimbabwe, Belarus, Thailand, and Nigeria, and rather than play down the “protest app” label, Bridgefy embraced it as a selling point.
Two breaks, one lesson
The security failures came in two waves, and each one landed on code the company had already shipped as safe. Royal Holloway researchers surfaced the first in August 2020 under the title “Breaking Bridgefy”: a single crafted message could bring the entire network down, and short of that, an attacker with modest skill could map who was talking to whom, assume any user’s identity, and read conversations that were supposed to be private. Ars Technica didn’t mince words, calling it a “privacy disaster.” Bridgefy’s fix was to bolt on the Signal protocol that October, all while continuing to court the same high-risk users. That wasn’t the end of it. A USENIX Security paper in 2022, “Breaking Bridgefy, again: Adopting libsignal is not enough,” showed the patched version was still exploitable, this time via a TOCTOU (time-of-check-to-time-of-use) flaw that undid message confidentiality. The lesson holds no matter which cryptographic library gets bolted on: grafting a trustworthy protocol onto an untrustworthy system architecture doesn’t make the system trustworthy.
From protest app to B2B vendor
None of that protest fame turned into a paying customer base, so the business changed shape entirely. Bridgefy now sells its mesh layer as an SDK, licensed annually and priced by how many users a client has, with more than 40 companies reportedly signed on. Looking back, the founder has described waiting so long to make that shift as “a significant strategic misstep,” conceding that all the free press from protest coverage never turned into subscription revenue. That B2B identity is now the whole company. It surfaced publicly on July 24, 2025, with a blog post responding to Bitchat’s launch that framed Bridgefy as the tested veteran in the room: “Prototype with AI; earn trust with engineering, testing, and time.” A few months later, on October 1, 2025, came a partnership with Tokyo-based Atlas Associates aimed at Japanese municipal governments, built around the threat of a Nankai Trough earthquake, with an administrator-broadcast feature slated for Q2 2026 that hadn’t shipped as of this writing. A separate collaboration with the UN World Food Programme is testing a staff-safety tool for field workers, with pilot deployments planned in Afghanistan, Senegal, Honduras, and Chad, though no outside party has confirmed the outcomes of those pilots as of July 2026. One data point cuts against Bridgefy’s positioning here: when Nepal’s Gen Z protests triggered a social-media blackout in September 2025, it was Bitchat people turned to, not Bridgefy. And the company’s security posture hasn’t been independently re-examined since the 2022 USENIX paper. Across its history, Bridgefy has raised about $5.78 million total, with Biz Stone and Alchemist Accelerator among the backers.
Where it stands against this project
Bridgefy patched its cryptography twice and still couldn’t pass outside scrutiny; this project treats auditability as a starting requirement, not a repair job. Bridgefy’s coverage also lives and dies by however many phones happen to be nearby right now, exactly the iOS background-Bluetooth ceiling that always-on Windows relay hubs with a dashboard are built to get around, independent of crowd size. On delivery, Bridgefy offers no more than a best-effort attempt with nothing to confirm a message landed, while this project builds acknowledgment and relay confirmation in as a baseline. Setup differs too: Bridgefy needs an internet connection and a Google or Apple account before it will even start, a real liability exactly when a shutdown is underway, whereas this project works offline from the first screen and adds last-known-location mapping on top.
Credit where due: Bridgefy still holds real advantages, more than 12 million installs, name recognition earned across eight separate protest movements, a cross-platform SDK already licensed to 40-plus companies, institutional relationships with the WFP and Japanese municipalities, and roughly a decade of field experience nothing else in this category can claim.
- en.wikipedia.org/wiki/Bridgefy
- bridgefy.me/blog/bridgefy-and-atlas
- www.atlasassociates.io/post/strategic-partnership-with-bridgefy-in-japan-and-asia
- bridgefy.me/blog/bridgefy-and-bitchat-prototype-with-ai-earn-trust-with-engineering-testing-and-time
- innovation.wfp.org/project/bridgefy
- www.usenix.org/conference/usenixsecurity22/presentation/albrecht
- eprint.iacr.org/2021/214.pdf
- bitchat.online/2025/07/22/bluetooth-chat-apps-compared-bitchat-bridgefy-briar-more
- bisi.org.uk/reports/bitchat-bluetooth-mesh-networks-and-internet-shutdowns
- www.alchemistaccelerator.com/blog/bridgefy-the-offline-messaging-app-revolutionizing-crisis-communication-worldwide