In a world stricken by worries over illicit surveillance, a new generation of secure mobile communication apps wants to ride to the rescue of the privacy conscious. This type of application has been a cottage industry for desktop computers for years, usually for secure email or instant messaging, but the arrival of mobile platforms has given them the sort of kick that is leading many to dream of reaching the mainstream.
These days, activity in the sector is now so fevered that several platforms have launched in the second half of 2015 alone, a striking uptick for a type of software that used to be seen as the preserve of the technical users with a paranoid bent or political dissidents. Once small scale in their ambitions, the mostly new companies making these apps sense a huge opportunity to grab business users anxious about the implications of living in the post-Snowden world.
Android still tends to be the default platform although iOS versions are usually available after a short delay. The issue of platform support is more important that it might appear. Even if you don’t personally use an iPhone, say, the fact that your favoured contacts do will render any app that doesn’t support both platforms useless if the same app is needed at both ends. Some apps integrate with third-party applications, for instance email clients. That can be important for businesses – can the app support the preferred communications software used by an organisation and will it work across desktop as well as mobile? Some can, some can’t.
Not WhatsApp
In terms of security, it’s important to distinguish pure secure messaging apps from apps that happen to have some security, for instance the hugely popular WhatsApp and SnapChat. Many use encryption but operate using insecure channels in which the keys are stored centrally and hide behind proprietary technologies that mask software weaknesses.
As it happens, earlier in 2015 Facebook’s WhatsApp started using the TextSecure platform (now called Signal – see below) from the Open Whisper Systems which improves security by using true end-to-end encryption with perfect forward secrecy (PFS). This means the keys used to scramble communication can’t be captured through a server and no single key gives access to past messages. It was presumably this sort of innovation that so upset British Prime Minister David Cameron when in early 2015 he started making thinly-veiled references to the difficulty security services were having in getting round the message encryption being used by intelligence targets.
In April 2016, the Signal protocol was rolled out as a mandatory upgrade to all WhatsApp users across all mobile platforms, an important moment for a technology that has spent years on the fringes. At a stroke it also made Open Whisper Systems the most widely used encryption platform on earth, albeit one largely used transparently without the user realising it.
It’s fair to say that police and intelligence services are now worried about the improved security on offer from these apps, which risks making them favoured software for terrorists and criminals. That said, they are not impregnable. Using competent encryption secures the communication channel but does not necessarily secure the device itself. There are other ways to sniff communications than breaking encryption.
Most recent apps will, in addition to messaging, usually any combination of video, voice, IM, file exchange, and sometimes (though with a lot more difficulty because mobile networks work differently) SMS and MMS messaging. An interesting theme is the way that apps in this feature often share underlying open source technologies although this doesn’t mean that the apps are identical to one another. The user interface and additional security features will still vary.
For further background, the Electronic Frontier Foundation (EFF) published a comparison in 2014 of the of the sometimes confusing levels of security on offer from the growing population of apps on the market. All mobile messaging apps claim to use good security but this is a useful reminder that definitions of what ‘secure’ actually means are starting to change.
The future? There are two trends to watch out for. First, business-class secure messaging systems have started to appear, including ones that operate as services or using centralised enterprise control. A second and intriguing direction is the morphiing of static messaging apps into complete broadcasting systems that can distribute different types of content and then erase all traces of this activity once it has been read. This latter capability is likely to prove another contentious development for governments and the police.
Signal (formerly TextSecure Private Messenger) is arguably the pioneering secure mobile messaging platform that kickstarted the whole sector. Originally created by Moxie Marlinspike and Trevor Perrin’s Whisper Systems, the firm was sold to Twitter in 2011, at which point things looked uncertain. In 2013, however, TextSecure re-emerged as an open source project under the auspices of a new company, Open Whisper Systems since when it and has gained endorsements from figures such as Bruce Schneier and Edward Snowden.
We call it a platform because Signal is more than an app, which is simply the piece that sits on the Android or iOS device and which holds encryption keys. The App itself can be used to send and receive secure instant messages and attachments, set up voice calls, and has a convenient group messaging function. It is also possible to use Signal as the default SMS app but this no longer uses encryption for a host of practical and security reasons.
Signal was designed as an independent end-to-end platform that transports messages across its own data infrastructure rather than, as in the past, Google’s Google Cloud Messaging (GCM) network. The Axolotl protocol underlying the platform’s security is also used by G Data (see below) as well as Facebook’s WhatsApp, which isn’t to say that Facebook’s implementation won’t have other vulnerabilities – as ever use with care.
Using the app is pretty straightforward. Installation begins with the phone number verification after which the software will function standalone or as the default SMS messaging app after offering to import existing texts. The most secure way to use it is probably as the default messaging app, so that an insecure message doesn’t get sent by accident.
Additional security features include an app password and with a blocker that stops screen scraping. It is also possible to control what types of data are exchanged over Wi-Fi and mobile data. Obviously both sender and receiver need to have the app installed, which worked simply by entering the phone number of any other registered user.
Security: based on OTR protocol, uses AES-256, Curve25519 and HMAC-SHA256; voice security (formely RedPhone app) based on ZRTP
Pro: Android and iOS, handles voice as well as messaging, Edward Snowden said to use this app
Con: None although service reportedly not always the fastest
Built on Whisper Systems’ open source Axolotl protocol (see above), the recently-launchedSecure Chat is a well-designed free app with the drawback of being Android only for the time being. Despite its open source underpinnings, the app won’t operate securely with anything other than another Secure Chat app at the other end.
The app sets out to replace your existing messaging and texting apps, offering to import and encrypt existing messaging data for safe keeping. As with Signal, enrolling users (including in groups) happens by firing up the app and performing number verification for each account. One feature we liked about the app was the simple way users could switch between secure chat (free messaging across secure infrastructure), secure SMS (across carrier infrastructure at the user’s cost) and insecure SMS. Conventional phone calls can also be launched from inside the app – this really does aim to replace the communication functions in one go although it can also be used more occasionally for the odd message if that is preferable.
So that receivers can be sure that a message comes from the genuine contact, the app provides a QR ‘verify identity’ code which the other contact can scan (they san yours, you scan theirs). What happens if the users are far apart from one another? We’re not sure.
The app blocks screen scraping by external apps and can be secured behind a password. One interesting feature is self-destructing messages activated by clicking a small icon on the composition screen, which open on the receiver’s phone with a countdown timer of up to 6- seconds after which each is deleted. The user can also have hidden contacts that are accessed with a password.
Security: Not disclosed but will be similar to Signal, Germany-based servers
Pro: incredibly easy to set up and use – very similar to Signal but lacks the voice support that has now been added to that product
Con: none really although this is oriented towards messaging only
aunched by two Germany-based brothers in 2013 Telegram’s distinctiveness is its multi-platform support, including not only and Android and iPhone but Windows Phone as well as Windows OS X and even Linux. With the ability to handle a wide range of attachments, it looks more like a cloud messaging system replacing email as well as secure messaging for groups up to 200 users with unlimited broadcasting.
There are some important differences between Telegram and the other apps covered here, starting with the fact that users are discoverable by user name and not only number. This means that contacts don’t ever have to know a phone number when using Telegram, a mode of communication closer to a social network. The platform is also open to abuse, if that’s the correct term, including reportedly being used by jihadists for propaganda purposes, which exploit its broadcasting capablity. This is not the fault of the developer but does bring home how such apps can be mis-used in ways that are difficult to control.
The sign up asks for an optional user name in addition to the account mobile number, and requires the user verify the number by receiving and entering an SMS code. The app is polite enough to ask for access to the user’s phone book and other data, which can be refused, and handily notices which contacts within that list already have signed up for the app.
Security: uses the MTProto protocol, 256-bit symmetric AES encryption, RSA 2048 encryption and Diffie–Hellman secure key exchange
Pro: multi-platform support including desktop computers, access files from anywhere
Con: More a cloud platform than an app, also reportedly been abused by violent jihadists which could spell an image problem for the app
Ceerus is a new secure Android voice, video and messaging app from UK startup SQR Systems, one of a small group of mostly early-stage firms of that participated in the Cyber London accelerator, separately covered by Techworld. This makes the app sound immature but its origins go back to the company’s origins in 2010 as a University of Bristol research project funded by the UK Ministry of Defence.
Designed to secure voice and video as well as messaging, Ceerus is a step up in from some of the free apps looked here in that it can scale to departmental, enterprise, and government use and can cite a British defence giant as a trial customer. It costs £10 ($15) per month after a free trial period of one month has expired which implies a different level of development and support.
We encountered a hiccup getting it running on one of our test smartphones, a Nexus 5 running Android 6.0, so will have to report back when we’ve done full end-to-end testing.
Features: enrolment is more involved than for a free app because the user is setting up a fully account – a name and password (not easy to reset for the time being so don’t forget it) is required for each SIM/number. Key exchange uses the UK CESG-approved Mikey-Sakke scheme with compression applied to banish latency issues that have plagued encrypted real-time communications from mobile devices. An API is also available to allow integration of the underlying technology with third-party applications.
Security: undisclosed but includes end-to-end encryption with perfect forward secrecy
Pro: designed for business users, adds compression, handles video and voice as well as messaging
Con: aimed at businesses rather than individuals, no iOS version yet which could be an issue in mixed environments, not yet compatible with Android 6.0
Launched in November 2015, Cryptique’s Pryvate is intended for use by businesses as competition for high-end mobile security such as the Blackphone/Silent Circle which embeds software inside a secured version of Android. As with that service, Pryvate is another do-it-all voice, video, messaging, IM, secure file transfer, and secure storage app (integrating with Dropbox, One drive, BOX) and will integrate with third-party email clients for added convenience.
On the subject of Silent Circle, the underlying voice and IM protocol used by Pryvate is Phil Zimmermann’s ZRTP perfect forward secrecy encryption. Other features is IP shielding whereby uses can bypass VoIP and IM blocking without giving away their real IP address – the app tunnels across the Internet using Pryvate’s own UK Jersey-based servers.
The mobile service costs £4.68 (about $7) per month as a subscription but can be used after the one-month trial in the form of PryvateLite, which allows full secure IM and picture sharing with unlimited phone calls up to a duration of 1 minute. We’re not sure how practical that would be to use but it’s an option. A version including desktop capability is available for $9.99 (about $14) per month.
We weren’t able to organise a subscription in time for this article but will test this app more thoroughly in future and update this feature.
Security: 4096-bit encryption, with AES 256-bit key management. Complex mini PKI design with perfect forward secrecy design.
Pro: mature underlying technology, messaging, IM, video, voice and storage integration
Con: free service a bit limited despite reasonable month subscription
Others to consider:
SaltDNA Enterprise – launched in November 2015, this promises centralised IT control which will appeal to organisations that prefer to manage security for themselves.
Blackphone – the most mature if expensive platform by some distance, complete with tight integration in the dedicated £658 Android-based smartphone that gives the company its name. The software behind the Blackphone is from Silent Circle, a company founded in 2012 to exploit technology developed by Phil Zimmermann, the iconic figure who in the early 1990s invented the famous PGP secure messaging program that pioneered encrypted communications. Zimmermann was – and still is – the real Snowden.
