Firechat uses Apple’s Multipeer Connectivity Framework, which in turn relies on a custom proprietary ad-hoc protocol developed by Apple. Our friends at Open Garden implement forwarding at the application layer in an attempt to overcome the limitations in the ad-hoc protocol.
A simple traffic capture of a chat session quickly revealed that messages are encrypted, but anonymity requires more than that. The metadata about the chat session is not encrypted and observable in the traffic capture. And, as our NSA friends know, metadata contains valuable information, and some claim it is even more intrusive than content itself… In this case our traffic capture reveals the real names of the session participants, the application they used to communicate as well as the duration and number of messages exchanged during the session.
As an example, see the conversation that took place between a mysterious Mr. Secret and someone else in my office.
Just scanning for Action frames from Apple (identified by their public identifier 00:17:f2) reveals that Mr. Spy is actually yours truly. I will not disclose who my chat partner was to avoid embarrassing him, but that information is also available.
Having said that, the application is really fun to use. Just be mindful about what you say to whom.
Update: By popular demand I’ve uploaded the traffic capture file here.