Changelog.

Version history for iOS and Android. Exact build dates are in the App Store and Google Play release history.

Legend: + added, ~ fixed or changed, - removed.

iOS 7.0.0 · Android 3.0.0 2026-06 iOS & Android

Highlights

  • On-card key generation. Generate a fresh Ed25519 + Curve25519 keypair directly on an OpenPGP NFC smartcard (YubiKey 5 series, Token2). The private key is born on the card and never touches the phone — there is no on-device copy to leak. You can still import an existing key to a card if you prefer.
  • Full card management. Change the admin PIN and user PIN, unblock a locked user PIN, and factory-reset a card — all over NFC, from the key's detail screen.
  • Passphrase-only encryption. Encrypt with just a passphrase (gpg -c style, symmetric), no keypair required. Decryption with the same passphrase works anywhere OpenPGP does.
  • Read-only pass store viewer. Point PGPony at your existing pass (password-store) directory and browse and decrypt entries on-device, hardware-key-backed where the entry is encrypted to a card. Read-only by design — a PGP tool that reads pass, not a password manager.

Other changes

  • Detached file signing and download verification — produce a detached signature for a file, and verify a downloaded file against a detached signature. (iOS first; Android parity is rolling out — see the Play release notes.)
  • File encryption straight from the iOS Share Sheet, and a default / remembered recipient so your most-common contact is pre-selected. (iOS; Android share-intent flow differs.)
  • Security hardening (pre-open-source sweep). iOS removed debug logging that could expose secrets in the shipping build. Android now enforces OpenPGP integrity protection (SEIPD / MDC) on decrypt and fails closed on tampered or unprotected ciphertext rather than returning unverified plaintext.
  • Open-source crypto core. The OpenPGP core is now public under Apache-2.0 on both platforms — PGPonyCore (Swift) and PGPonyCore-Kotlin (Kotlin). See the open-source page.
  • Keyserver screens now show "Last uploaded" and "Last checked" timestamps.
$ Android 3.0.0 reaches feature parity with iOS on the headline set: on-card keygen, card management, passphrase encryption, detached signing, and the read-only pass viewer
OpenPGP v6 · RFC 9580 2025 iOS & Android

Highlights

  • Create OpenPGP v6 keys (RFC 9580) — an Ed25519 certification primary with an Ed25519 signing subkey and an X25519 encryption subkey. A picker on the Generate screen lets you choose v6 or classic v4; expiration dates are honored across all components.
  • SEIPDv2 authenticated encryption (AEAD-OCB). Messages to v6 recipients use modern authenticated encryption that protects confidentiality and integrity together, replacing v4's bolt-on MDC. PGPony picks the format automatically — SEIPDv2 when every recipient is a v6 key, classic v4 otherwise — so older contacts keep working.
  • Sign and verify with v6 keys, including on NFC hardware keys — v6 detached, inline, and cleartext signatures.
  • Key details now show the format and capabilities at a glance: "OpenPGP v6 · RFC 9580" or "v4 · RFC 4880," plus what each part of the key can do (certify / sign / encrypt).

Other changes

  • Customizable Comment header. Settings → PGP Output lets you set the Comment: line in armored output (default "PGPony - PGPony.app") or switch it off entirely. Exported keys stay comment-free regardless.
  • Cleartext signatures over text that ends in a blank line now verify correctly.
  • Signing now works with keys whose signing capability lives on a subkey rather than the primary.
$ verified against Sequoia (sq) and the official RFC 9580 Appendix A test vectors
Hardware security keys 2026 iOS & Android

Highlights

  • Hardware security key support. Pair an OpenPGP NFC smartcard and use it for private-key operations — decrypt, sign, encrypt-and-sign, and edit key expiration. The private key never leaves the card; every operation is authorized by your card PIN and a tap.
  • Change your card PIN directly from the key's detail screen.
  • Verified-signer badge. Signed messages decrypted on a card now show a verified-signer result — green when the signature is valid and the signer is in your keyring, "unknown signer" when valid but unknown, and an invalid/unsigned state otherwise — matching software-key decryption.

Other changes

  • Hardware keys appear wherever your other keys do — in the decrypt picker (auto-detected, with manual selection by NFC icon) and the Exchange / Show-Key sharing list. Tapping a card shows its manufacturer name read from the card itself.
  • Key expiration editing for software and hardware keys, with presets (1 / 2 / 5 years, never) and a custom date. One choice applies to the primary and all subkeys; capabilities and fingerprint are preserved.
  • Keyring sorting — A–Z, Z–A, or a custom drag order that's remembered.
  • Detached text signatures, with a toggle on the Sign tab between clear-signed and detached, plus save-to-file for the signature and the exact signed message.
  • Optional "require fingerprint to sign" for software keys (hardware-key signing is already PIN-protected).
  • Clear button on the Encrypt and Decrypt tabs; auto-hiding "+" button on the keyring.
  • Armored output no longer leaks a library version header, and clear-signed messages are formatted to verify reliably in other OpenPGP tools.
$ validated end-to-end on YubiKey 5 NFC and Token2, cross-checked with GnuPG
v4.0 2025 iOS & Android

Highlights

  • Byte-exact GnuPG interop verified against gpg 2.4.x — full round-trip on Ed25519 + Cv25519 keys.
  • Native Ed25519 + Cv25519 (v4) key generation on-device.
  • Contacts integration, biometric app lock, Share Sheet / Intent, and iCloud Keychain sync (iOS).
$ release v4.0
1.0 → 3.x 2025 iOS

Highlights

  • Initial public release and the early iOS line: OpenPGP v4 keys, encrypt / decrypt / sign / verify, QR key exchange, WKD + HKP lookup, and the Share Extension.
  • Keyring management, ASCII-armor output controls, and the foundations the v4.0 GnuPG-interop work built on.
$ early iOS releases — exact build dates in the App Store version history

Exact build numbers and per-build patch notes are also available in the App Store and Google Play release history.
For upcoming work, see the roadmap.