Mobile Apps for Encrypted Chatting
There is a technology in social sciences sometimes referred to as notion substitution, when someone tries to persuade you that something is what it actually is not. This is what we see in tech industry all the time, especially in the post-Snowden era. After the major surveillance and snooping revelations, more users have become privacy-concerned, but a lot remained illiterate about what to look for in a tech product, if privacy and security is your concern.
As a result, we have witnessed an avalanche of 'secure' apps - Secret, Whisper, Yik Yak, and now Facebook's Rooms - that wear false flags of anonymity and, as a result, privacy. Whisper has been unmasked for tracking and storing user locations, investigating on users with posts Whisper deemed as newsworthy, and cooperating closely with Pentagon. Surprise-surprise. Secret appeared in a very bad position with the bullying issue, and even got banned in some countries, while its anonymity can be easily hacked. Yik Yak might have been the least stained of them all, with bullying being the major problem. Rooms, at the same time, coming from Facebook raises more questions than addresses users' need for privacy and anonymity.
The following list of apps will not include those gibberish anonymity apps for underage and mature bullies and sociopaths. However, at no point, do we endorse any of them, but we sincerely hope none of them will ever be engaged in dirty leaks and surveillance revelations.
Cryptocat [iOS, browser extensions] Free
Cryptocat has earned some reputation the hard way - Apple blocked the app from iTunes in 2013, without explanation. The developer Nadim Kobeissi took the issue to Twitter in an effort to prevent the company from rejecting legitimate encryption apps in the future. As a result, the app has been restored on the App Store, and is now available as an iOS app and a browser extension. Also, the developer has been harassed by the Canadian government, demanding he'd grant access to his servers.
Providing en-to-end encryption, Cryptocat lets individuals and groups chat in encrypted chat rooms, and the developer states the servers are 'in a Swedish nuclear bunker.'
- No user accounts - create a disposable name for every chat room
- Create as many chat rooms as you need - or a new one every time; they are disposable
- Join chat rooms created by your friends, provided they send you room's credentials
- The app has no contact list, or usage history - if you need to memorize the names of all chat room you used, keep them somewhere in a notebook because Cryptocat does not track that
- Supported browsers for the extension are Safari, Mozilla Firefox, Opera, Chrome
- A desktop client for Win and Mac
- Even if whoever is snooping on you finds out the chat room name, they won’t be able to read anything without a secret key
- Group chats
- To prevent the man-in-the-middle attack, use a one-time disposable device to send your recipient the chat room ID and the secret decryption key
- No Android app
Confide encrypts messages and deletes them upon delivery once the recipient reads them. Targeting business users working in companies at high risk of industrial espionage, and aims to prevent the keyloggers and screen capturing spyware snap the contents of your messages. The app does not display the entire message, but reveals it when you swipe on words, one by one, for a short moment, then hides it again.
- Easy to use, free
- Beats keyloggers, screen capturing and camfecting apps
- Good for short messages
- Self-destructing messages
- Like it or not, your recipient will view the message only once
- No good for long messages
- No password protection, which means some of the following may happen: man-in-the middle attack when someone hacks into the system and intercepts or prevents the message from self-destructing (requires technical savvy from the attacker); anyone in physical possession on your recipient's smartphone at the time of your message arrival will be able to read it.
By Open Whisper Systems (not related to Whisper)
That's one of the apps recommended by Edward Snowden during his online interview to NY Festival we covered here.
Encrypted text messages sent via this app don't charge your carrier plan and are free. You can create groups and invite your friends to secure chatting, and you can even share various media files in the attachments. What I like most about TextSecure is the contents of your messages is not stored on the company's servers while the servers don't have access to your texts and user data.
- end-to-end encryption for every message
- Open-source app means anyone with enough savvy can check the code for security holes
- Group chats
- The company's servers do not have access to your data
- Works fast
- Doesn’t support tablets
- No iOS port
- Different algorithms of encryption for the texts and the decryption keys - no two users will have identical keys
- The message can only be read on the recipient’s smartphone
- The servers do not have access to your personal data, and proxy IPs between your recipient and you
- My favorite - the app deletes metadata from your attachments
- In-built file shredder with strong shredding algorithms
- Send pdf files from cloud storage
- Easy to use, endorsed by experts
- Support for many file types to be sent as attachments
- Use it with the recipient you trust because they can screen capture the contents of your message
Gliph is an alternative to the above-mentioned apps, with one peculiarity - support of Bitcoin transfers, so it would be safe to assume its security focus is valid. It is this Bitcoin support that once got Gliph banned from the iTunes, but the devs' appeal let them restore it. The app's main focus is secure messaging for mobile, desktop and web users. The app uses your Wi-Fi, 3G or 4G connection to transmit data, and you can chat with one or multiple recipients in a group chat. Gliph also features Bitcoin QR code scanner.
- Bitcoin transfers, Bitcoin QR reader
- Nifty delete feature deletes the messages from your device, and that of your recipient, if you are the sender. Messages also get deleted from the server.
- No ads, no tracking
- Individual or group chats, encrypted
- Cross-platform support
- A disposable cloaked email is available via IAP
- One cool feature is you can send a chat room link to a user who does not have Gliph installed and they can chat with you from their browser
- Lockdown Privacy Protection password
- Disable password reset feature and no one but you will decrypt your data
- Support for hi-res photos transmission
- Advanced app settings, simplicity
- I hope it's not Pentagon behind it. Joke.
Unseen Secure Chat [Android, desktop] free, paid varies with plan
I am seeing some lag and bug issues for free users, and as far as I can see the Android version hasn't gained much traction, but the features seem quite interesting, so you might want to check it out especially since there is a desktop version for Max, Win and Ubuntu.
- 4096 end-to-end encryption for chat messages, NTRU for public key exchange
- Cross-platform support
- Paid plans include encrypted email and audio or video calling
- Individual and group chats
- Encrypted file transfer
- Iceland-based servers
- Android users aren’t overly happy with the app's performance, but it being updated pretty regularly
Safe Camera – Photo Encryption [Android, desktop version] Free
The app uses military grade encryption algorithms to securely store your photos under a master password.
- Instant encryption means there is no unencrypted version of a photo somewhere on your device, and no one can restore that unencrypted version
- The encrypted files are inaccessible to other apps
- Features a gallery. Timer for selfies and flash
- Import existing files to the app's folder and shred them
- Sharing is supported: either decrypt and share as usual, or send the recipient a password
- Has a desktop version
- Supports many file types
- No video support
- No iOS port
RedPhone :: Secure Calls [Android] Free
The same Open Whisper Systems endorsed by Snowden offers an app for secure phone calls with end-to-end encryption, tapping into your Wi-Fi to make and receive phone calls, your stock dialer and your device's contact list, so the user experience is pretty much the same.
- End-to-end encryption for phone calls is only possible if your recipient has the app installed, too
- Open source
- Places phone calls over Wi-Fi, so you are not charged on your carrier plan
- No iOS port
Feel free to share your experience with the mentioned apps, or suggest more that fit the list in the comments below!