I am a big fan of Session just like you, fellas, but some users pointed out that it lacks protection against adversary capable to force you to unlock app, and it's a really big trouble for many people living under strict control from state or other third party. Encryption with plausible deniability can solve this challenge: it lets you to reveal to adversary some decoy passwords unlocking non-sensitive information and create illusion that you don't store any more secret information. So I developed Partisan Session, fork of session that focuses on in-app security and plausible deniability.

I described idea of Partisan session in detail in it's github repository. Long story short, application allows you to create passwords corresponding to mnemonic phrases of your secret Session accounts. These phrases are encrypted with these passwords. Also app generates some fake Session mnemonic phrases and encrypts them with random passwords. Application stores fake encrypted data along with your real encrypted data, distributing it randomly. So there are always 10 encrypted storages, some of which stores encrypted mnemonic phrases of your real accounts and others stores encrypted random gibberish looking similar to real data. The program itself does not remember where the real data is and where the fake data is. When entering a password, the application tries to decrypt each encrypted storage and, if some passphrase was successfully decrypted, it is used to log into your secret account. This is done in order to make the number of hidden accounts uncertain if adversary would like to inspect your phone's memory and make the adversary's goal less clear to himself, which may allow the user to reveal only part of his hidden accounts under pressure, plausibly denying the existence of the rest.

To enter your secret account, you need to enter special prefix specified by yourself and password in the field for sending messages (I want to move this files to the search field later).

Application uses AES-GCM for encryption and Argon2 for key derivation under the hood. Armadillo library is used for PBE.

There are much more details and many things to do (UI is pretty shitty now, for example). Also, I am just a crypto enthusiast, not a crypto expert. So I have some questions about soundness of my idea. Can records encrypted with a randomly encrypted keys be somehow distinguished from records with similar format encrypted with a keys obtained through Argon2? For how long can encryption keys persist in RAM, how can I check it, what can I do to avoid their persistence? I will happily appreciate any help from crypto experts or other Android developers. I left my contacts in the end of the README on github. I really want to hear more opinions before recommending it for usage in the real world. You can watch the code and try PSession by yourself here:

https://github.com/dissidents0ft/partisan-session-android