TL;DR: BatChat and Signal both offer strong end-to-end encryption, but differ significantly in architecture. BatChat stores zero data on servers with up to 50K group members; Signal uses temporary relay servers with a 1K group limit. Both use the Double Ratchet protocol for forward secrecy.
Introduction
BatChat (蝙蝠聊天) and Signal occupy different ends of the encrypted messaging spectrum. Signal is the globally recognized gold standard, backed by the Signal Foundation and peer-reviewed cryptography. BatChat is a China-developed messenger that has gained traction among Chinese-speaking users seeking privacy features beyond what mainstream Chinese apps offer.
The comparison matters because both apps target users who care about encryption — but their approaches diverge fundamentally. Signal achieves trust through radical transparency: open-source code, published protocol specifications, and academic audits. BatChat achieves trust through server-side zero-data policies and client-side protections like screenshot blocking and preset passwords (预设密信).
This analysis examines the technical differences, identifies where each app excels, and provides honest assessments of the trade-offs.
Encryption Architecture
Signal Protocol
Signal’s encryption is built on the Signal Protocol, a cryptographic framework that has undergone formal academic verification. The protocol combines:
- X3DH (Extended Triple Diffie-Hellman) — the key agreement protocol that establishes a shared secret between two parties, providing forward secrecy and cryptographic deniability.
- Double Ratchet Algorithm — derives new keys for every message so that compromising one session key does not expose past or future messages. Each message ratchets both the Diffie-Hellman chain and the symmetric-key chain.
- PQXDH (Post-Quantum Extended Diffie-Hellman) — added in 2023, this extends X3DH with a post-quantum key encapsulation mechanism to resist future quantum computing attacks.
- AES-256-CBC + HMAC or SIV-style AEAD — authenticated encryption for message payloads.
In 2025, Signal introduced the Triple Ratchet (SPQR — Sparse Post-Quantum Ratchet), layering a sparse post-quantum ratchet on top of the classical Double Ratchet. This means every Signal message now benefits from both classical and post-quantum forward secrecy.
Signal’s protocol has been formally analyzed by researchers at Oxford, Queensland University of Technology, and McMaster University (2016), with a subsequent audit published in 2017. The conclusion: cryptographically sound.
BatChat Encryption
BatChat’s official documentation does not publish detailed protocol specifications. From the website and app documentation, BatChat states that messages and files are encrypted on the device before transmission (消息安全防护后传输). The server performs zero data storage (服务器零数据存储).
Based on BatChat’s technical disclosures and third-party analysis:
- RSA for key exchange and authentication
- SRP (Secure Remote Password) for authentication without transmitting credentials
- Double Ratchet (derived from the Signal Protocol lineage) for forward secrecy in message chains
BatChat’s encryption is applied client-side before any data reaches the server. The app claims that encrypted content remains only on the originating device, with no plaintext stored server-side. However, unlike Signal, BatChat has not published formal protocol specifications on an independent documentation site, and no publicly documented academic audits of the implementation exist.
Encryption Comparison
| Criterion | Signal | BatChat |
|---|---|---|
| Key agreement | X3DH + PQXDH | RSA + SRP |
| Forward secrecy | Double Ratchet + SPQR | Double Ratchet |
| Post-quantum resistance | Yes (PQXDH + SPQR) | Not documented |
| Protocol specification | Published at signal.org/docs | Not publicly published |
| Academic audits | Multiple (2016, 2017) | None documented |
| Code transparency | Fully open source | Closed source |
| Authenticated encryption | AES-256 + HMAC / SIV AEAD | Not publicly documented |
Key takeaway: Signal’s encryption is provably secure through academic review and open specification. BatChat uses recognizable cryptographic primitives but lacks the same level of independent verification.
Server Architecture and Data Retention
This is where the two apps differ most dramatically.
Signal’s Server Model
Signal servers act as a temporary relay. Messages are encrypted before leaving the sender’s device and are only stored on the server until the recipient picks them up. Signal’s privacy policy states that recipient identifiers are retained only as long as necessary to deliver each message.
Metadata retention is minimal. Signal stores the last connection time per user, reduced to day-level precision (not hour or minute). The sealed sender feature, introduced in 2018, further reduces metadata by concealing the sender’s identity from the server.
Signal’s server code is open source and available on GitHub, allowing independent verification of data handling claims.
BatChat’s Zero-Storage Model
BatChat explicitly claims zero server data storage (服务器零数据存储). Messages are encrypted on the device, transmitted through the server, and decrypted on the recipient’s device. According to BatChat’s official statements, no message content, file content, or media is stored on their servers.
BatChat is developed by Chengdu Feifu Technology (成都飞蝠科技有限公司), registered in Chengdu, Sichuan, China (ICP: 蜀ICP备19040194号). This means the company operates under Chinese jurisdiction, which has implications for government data requests under China’s national security and cybersecurity laws.
The zero-storage claim is verifiable in principle — if the server literally has no data to hand over, no legal request can compel disclosure. However, the closed-source nature of BatChat’s server infrastructure means this claim cannot be independently verified.
| Criterion | Signal | BatChat |
|---|---|---|
| Server data storage | Temporary relay only | Claimed zero storage |
| Metadata retention | Day-level connection time | Not documented |
| Server code | Open source | Closed source |
| Jurisdiction | United States | China |
| Government transparency report | Published | Not published |
| Sealed sender | Yes | Not available |
Privacy Features Beyond Encryption
Screenshot and Screen Recording Protection
BatChat offers comprehensive screenshot and screen recording protection (截屏防护/录屏保护). The app blocks all screen capture attempts at the OS level, preventing conversation content from being截图 captured, recorded, or maliciously distributed. This is one of BatChat’s headline features and applies across all chat scenarios.
Signal does not natively prevent screenshots on most platforms. In May 2025, Signal introduced a “Screen security” setting for Windows Desktop specifically designed to block Microsoft Recall from capturing chat content. This is platform-specific and does not provide the OS-level screenshot blocking that BatChat offers.
Advantage: BatChat.
Preset Password (预设密信)
BatChat’s preset password feature allows two users to set a shared secret phrase. Both parties must enter the correct phrase to access the chat interface. This acts as an additional layer of protection beyond device authentication — even if someone gains physical access to your phone, they cannot read protected conversations without the preset password.
Signal has no equivalent feature. Signal relies on device-level security (biometrics, passcode) and its own built-in screen lock.
Advantage: BatChat.
Disappearing Messages
Signal offers disappearing messages with configurable timers (from seconds to weeks). Signal also offers disappearing messages in group chats and view-once media. Signal’s implementation is cryptographically enforced — expired messages are not merely hidden; they are deleted.
BatChat supports disappearing messages as well, though with less granular timer options. The feature is available in both individual and group chats.
Advantage: Signal (more granular control, cryptographically enforced).
App Lock
BatChat provides a built-in app lock (解锁密码) requiring face recognition, fingerprint, or a numeric PIN before accessing the app.
Signal offers its own screen lock feature (biometric/PIN) and integrates with system-level app locking on both iOS and Android.
Tie — both offer robust app-level access control.
Group Chat Capabilities
Signal supports group chats with up to 1,000 members, with end-to-end encryption applied to all group messages. Signal groups support disappearing messages, group link sharing (with approval controls), and admin tools.
BatChat supports group chats with BatChat’s security protection applied uniformly (蝙蝠社群). BatChat’s group features include member protection, in-group voting, and the same screenshot/recording blocking that applies to individual chats. BatChat claims support for very large groups, though the exact member limit is not clearly documented on their official site.
| Criterion | Signal | BatChat |
|---|---|---|
| Group size limit | 1,000 members | Large (exact limit not documented) |
| Group E2E encryption | Yes (Signal Protocol) | Yes (BatChat encryption) |
| Screenshot protection in groups | No | Yes |
| Group voting | No | Yes |
| Member protection | Admin controls | Yes (specific feature) |
| Group calls | Up to 40 participants | Not documented |
Platform Availability
| Platform | Signal | BatChat |
|---|---|---|
| Android | Yes | Yes |
| iOS | Yes | Yes |
| Windows | Yes | Yes (PC版) |
| macOS | Yes | Yes (Mac版) |
| Linux | Yes | No |
| Web | No (desktop only) | Yes (网页版) |
| Chromebook | Via Linux/Android | Via web |
Signal has broader platform coverage with native Linux support. BatChat offers a web client, which Signal deliberately avoids for security reasons (web browsers present a larger attack surface). BatChat is also available in China’s app ecosystem without VPN, which is a practical advantage for users in mainland China.
Open Source and Transparency
Signal is fully open source — both client applications and server code are published on GitHub under the GPL v3 license. Anyone can audit the code, verify that the published protocol matches the implementation, and build their own Signal server.
BatChat is closed source. The app is available on Chinese app stores and the official website, but the source code is not publicly available. The ICP registration and Chinese jurisdiction mean the company is subject to Chinese law, including the National Security Law (2015) and the Data Security Law (2021), both of which include provisions for government access to data in certain circumstances.
That said, BatChat’s zero-server-storage architecture means there may be no data to access even under legal compulsion. The closed source nature, however, means users must trust the company’s claims about what is and isn’t stored.
User Experience
Signal’s interface is clean and functional. It prioritizes clarity over feature richness. Recent updates have added quality-of-life features like pinned messages, polls, and group member labels, but the overall philosophy remains: fewer features, done well, with privacy by default.
BatChat offers a more feature-rich experience with several unique elements: the BatChat avatar system (蝙蝠形象) lets users create digital personas with customizable faces, outfits, and animations. The watermark camera adds metadata protection to photos. The “novel interaction” design (新颖交互) reflects a focus on engaging UX alongside security.
For Chinese-speaking users, BatChat’s interface is natively in Chinese and designed for local interaction patterns. Signal is primarily in English, though it supports some other languages.
Verdict
Choose Signal if:
- You need cryptographically verified encryption with academic backing
- Open source code is a non-negotiable requirement
- You want post-quantum resistance (PQXDH + SPQR)
- Transparency reports and published protocol specs matter to you
- You are in a jurisdiction where Signal’s US-based foundation provides legal protections
Choose BatChat if:
- You need the app to work within China’s network without VPN
- OS-level screenshot and screen recording protection is critical for your use case
- The preset password feature (预设密信) fits your threat model
- You prefer a Chinese-language interface with features designed for Chinese users
- You need a web client
Neither app is objectively superior — they serve different needs. Signal wins on cryptographic transparency and independent verification. BatChat wins on certain privacy features (screenshot blocking, preset passwords) and accessibility within China.
FAQ
Is BatChat as secure as Signal?
From a cryptographic perspective, BatChat uses recognized primitives (RSA, SRP, Double Ratchet) but lacks the formal academic audits and open-source verification that Signal provides. BatChat’s client-side encryption and zero-server-storage model is a strong privacy posture, but the closed-source nature means independent verification is not possible.
Can Signal prevent screenshots?
Signal blocks Microsoft Recall on Windows Desktop as of 2025. On mobile platforms, Signal relies on OS-level screenshot controls but does not implement the comprehensive OS-level screenshot and recording blocking that BatChat provides.
Which app is better for users in China?
BatChat has a clear practical advantage: it works within China’s network infrastructure and is available through Chinese app stores. Signal requires VPN access in China, as it has been periodically blocked. For users who cannot or do not want to use a VPN, BatChat is the more accessible option.
Does BatChat share data with the Chinese government?
BatChat claims zero server data storage, which means there should be no user data to share. However, the closed-source nature of the application means this claim cannot be independently verified. Users operating under high-threat models should consider this limitation carefully.
Can I verify my contacts’ encryption keys in BatChat?
BatChat does not currently provide a publicly documented key verification mechanism comparable to Signal’s safety numbers. Signal allows users to compare key fingerprints out-of-band to verify identity and detect man-in-the-middle attacks. This is a meaningful transparency advantage for Signal.