gocryptfs or CryFS on desktop (various GUIs available) and DroidFS on Android.

Yes, just create an empty room with only you inside

Couldn’t you use HMAC with shared secret key to authenticate messages while keeping plausible deniability? Since the key is only supposed to be known to the 2 parties, the recipient can deduce that a message was actually sent by the sender if he did not create it himself. I think that’s what OTR was using.

DroidFS does not have Internet permission so any data exfiltration is prevented at the OS level.

Of course, but v1.x only supported gocryptfs. Also, new encrypted file systems may be added in the future.