Scope of Requirements Document

1. Project Overview
This project aims to develop a secure and resilient mobile application for users to
communicate and share content while ensuring privacy, evading censorship, and reducing
detectability. The app will feature dynamic GUIs, robust censorship evasion mechanisms,
and compliance with current policies. It targets a sensitive user base and prioritises
adaptability, security, and decentralisation.

2. Objectives
1. Dynamic Interface: Allow users to select from a regularly updated list of GUIs to reduce
pattern detection and customise their app experience.

2. Censorship Resilience: Use Google Firebase to manage and dynamically update server IPs
or domains to avoid blocks.

3. Secure Communication: Protect user data and communications using strong encryption
and privacy-preserving mechanisms.

4. Compliance: Ensure all functionalities comply with Google, Apple, and other relevant
platform policies.

3. Functional Requirements

3.1 User Interface (UI) Management

1. Dynamic GUI Selection: Users can select from a list of preloaded and server-fetched GUIs.

2. GUI Updates: Administrators can push new GUI options via a secure server.

3. Hidden Menu: Access a GUI selection menu through a hidden gesture or passcode.

3.2 Communication & Content

1. Secure Messaging: End-to-end encrypted one-on-one and group messaging.

2. Content Sharing: Users can post updates, images, and files on walls or pages with privacy
controls.

3. Message-Based Loyalty Testing: Administrators can send unique messages to subsets of

users for loyalty testing.

3.3 Censorship Evasion

1. Dynamic Server Address Management: Use Google Firebase to maintain a list of active
server IPs or domains.

2. Update Mechanisms: Push IP or domain updates securely via Firebase.

3. Redundancy: Maintain multiple server addresses to reduce the impact of individual IP
blocks.

3.4 Security & Privacy

1. Encryption: All data at rest and in transit must be encrypted.

2. Authentication: Implement secure user authentication (e.g., passcodes, biometrics).

3. Anonymity: No personally identifiable information (PII) is required for app usage.

3.5 Compliance
1. Google Firebase: Use Firebase for hosting GUI configurations and managing server IP
updates.

2. App Store Guidelines: Ensure all dynamic features comply with Apple App Store and
Google Play Store policies.

4. Non-Functional Requirements
1. Performance: GUI updates and server IP fetching must not significantly impact app
performance.

2. Scalability: Support up to [X] concurrent users, with seamless handling of dynamic

updates.

3. Availability: Ensure 99.9% uptime with robust fallback mechanisms.

4. Maintainability: Modular design to allow future updates to GUIs, security protocols, and
server management.

5. Technical Specifications

5.1 GUI Management

1. Server-Side: Store GUI assets in Firebase Storage.

2. Client-Side: Fetch and apply GUI configurations dynamically.

5.2 Server Address Management

1. Firebase Database: Maintain an encrypted list of server IPs/domains.

2. Client Logic: Periodically fetch the latest server list.

5.3 Messaging & Security

1. Messaging: Use a secure protocol like Signal for encrypted messaging.

2. Encryption: TLS for all server communications.

6. Risks and Mitigation
1. Risk: Policy Violation - Avoid prohibited practices like domain fronting. Regularly review
Google and Apple policies.

2. Risk: Discoverability of GUIs - Use random default GUIs and a hidden menu for GUI
selection.

3. Risk: IP Blocking - Maintain redundant server addresses and use Firebase for updates.

7. Deliverables
1. Mobile Application: Full-featured Android and iOS apps with the outlined capabilities.

2. Server Infrastructure: Firebase setup for GUI and server address management.

3. Documentation: Admin guide for managing GUIs and server addresses.

8. Timeline
1. Phase 1: Core App Development (4 weeks).

2. Phase 2: Firebase Integration (2 weeks).

3. Phase 3: Testing & Compliance Review (2 weeks).

4. Phase 4: Deployment & Monitoring (2 weeks).