How We Made SKY ECC The Most Secure Phone Available

SKY ECC was built assuming that everything involved with the phone’s security was compromised and that we must secure them—no assumptions allowed. This is our zero-trust security model and it underpins every part of SKY ECC from devices to servers. Click to learn about:

Zero-trust is used so you get security and privacy at the hardware, network, and app level. Even if one part of the system is compromised, the rest are protected and secure.

SKY ECC app security features

There are six core security features built into the app:

  • Secure environment checks (done at boot)
  • Brute force protection (device level and in two places within the app)
  • Password protection
  • Metadata and header encryption
  • Push notification obfuscation
  • Chat encryption

Secure environment checks

SKY ECC ensures your security right from the moment you turn on your device with secure environment checks that make sure your operating system hasn’t been tampered with. Here’s a breakdown by each device:

  • iPhones: The Secure Enclave from Apple isn’t so much a separate chip as it is a chip inside a chip. This isolated processor is built into the main system’s chip.
  • Google: Pixel phones use the Titan M chip completely separate from the main CPU. The Titan chip is a part of their broader Verified Boot process.
  • BlackBerry: While the secure boot process from BlackBerry functions exactly the same as Apple’s ‘chip in a chip’ feature.

Regardless of which tactic is used, they all do the same task of running their own operating system that can’t be compromised by malware if the device gets infected. This prevents kernel rollback, which would allow an attacker to roll the operating system back to a vulnerable version which they can exploit.

There’s no way for the devices we install SKY ECC on to have their boot process be impacted by malware, and they’re safe from kernel rollbacks. As we evaluate new phones as possible SKY ECC devices, we ensure they meet this high security standard.

Asset 1

Protect Your Privacy with SKY ECC

Brute force protection

Hackers have tools that let them guess device passwords over and over until they get the right one. This can be done in three ways:

  • Random: Completely at random, which can work with strict numerical passcodes on most phones. 4-digit passcodes are commonly used on smartphones and there are 10,000 possible combinations. That’s a lot for a human, but nothing for a computer. Even with 6 digit codes, people tend to pick a lot of similar ones. It’s so bad that iOS warns you if you’ve picked a common passcode (like 000000 or 123456) to thwart this attack.
  • Dictionary attack: A dictionary list of common passwords which start simple (password) and increase in complexity (password1234) until the right one is found. There are lists of the most common (and frankly stupid) passwords—don’t use any of these.
  • Social engineering: A hacker gets familiar with a target and makes educated guesses as to what their password could be. This is why you shouldn’t use birthdays, anniversaries, names of pets, names of loved ones, sports teams, and any other tidbit of information that could be gleaned from your social media profiles. We’re big on long, random passwords managed by a password manager.

We built the SKY ECC app to have brute force protection which works on a scale. The lowest protection is 10 password attempts. The highest protection is three password attempts. Before the last attempt can be made a CAPTCHA screen must be passed. This is a safety feature and a warning that only one attempt remains.

When the last attempt fails, and it’s surely an attacker trying to exploit a (likely stolen) phone, the entire app deletes all of its contents so that it cannot be compromised at all.

Our goal with our brute force protections is make it extremely unlikely for someone to break through all the layers without triggering an app or device reset.

Get monthly secure messaging and online security to your inbox!

Password protections

Your SKY ECC device features a secure Vault. To access it you must sign into your SKY ECC account first. You then have to enter a different password once you click on the Vault tab along the bottom of your home screen. Even if your password is stolen/guessed your most important documents still have another layer of security.

This is our effort to create as many layers as possible for separate features and not depending on any one security function to secure everything. A separate password for your most important documents, files, chats, and photos is one more way to keep you protected.

Metadata and header encryption

Many “secure” messaging apps fail to encrypt metadata entirely, or actively collect it for marketing. If you’re not aware of what metadata is, it can be described as the data which tells:

  • Where you are
  • Who you talk to
  • How long you talk to them
  • What device you are using

When this data is compiled and analyzed it can give serious insights into your activity and communications. Say, for example: 

  • Someone sees that you called a doctor and talked for a 15 minutes. 
  • Then you called a cancer clinic right after and talked for for 20 minutes. 
  • Your next call was to your spouse. 

That information reveals a lot about you, and you can imagine how much more personal it can get when you put together calls, messages, and browsing history together.

SKY ECC encrypts your metadata with AES 256-bit encryption. This high level of encryption is stronger than what some apps use to encrypt their entire app communications. We take protecting metadata extremely seriously so that this aspect of your communication is secure.

Push notification obfuscation

Getting messages displayed on your phone’s locked screen isn’t as simple as you’d think. The message is sent through a set of servers which are separate from your message. These servers are owned or controlled by Google and Apple, two companies not known for their privacy protections.

We knew we needed to secure push notifications in our zero-trust model. The steps we took were:

  • New devices generate two tokens at random. One stays on the device while the other goes to the notification server.
  • You send a message to someone and the token for that person is sent to the notification server. The server sends the notification based on this anonymous token.
  • The minimum amount of data is sent to the server—the device token and nothing else.
  • The notification servers read the token, match it with the server token and make the push notification pop up on the screen of the receiving SKY ECC device.

One final step we take to secure push notifications is not allowing any information appear on the device’s screen. All someone will see is the message “Encrypted message” displayed. 

Not showing a message preview protects that data from being seen when your phone is left on a counter, or by sneaky people peeping over your shoulder. This is all part of our approach to complete network security as well.

Chat and file encryption

The main feature of the app is, of course, our 521-bit elliptic curve cryptography with Diffie-Hellman key exchange. You can read about this in-depth in our encryption article linked to above, but here are the basics:

  • Key exchanges are done asymmetrically with Diffie-Hellman. This makes it so keys are not directly shared over the network.
  • 521-bit ECC is equivalent to an RSA 15,360-bit key. The standard used for banking is RSA 2048-bit.
  • While that may seem like a large key, it’s actually 7.5 times smaller than RSA, and therefore faster to encrypt and decrypt than our competitors.

This standard is applied to every message sent over the network, including files and photos. ECC is perfect for chat and mobile devices because the messages are smaller (in bytes) so your files and photos are sent quickly, not delayed as messages are encrypted .

ecc vs rsa encryptiom key sizes

A truly secure messaging app uses the best available encryption, and that is what we have done with SKY ECC 521-bit elliptic curve cryptography.

SKY ECC app security features protect you

Our goal with SKY ECC was to use the zero-trust model to build a complete encrypted phone ecosystem. With the network secure and the device locked down, everything was given the last layer of security needed with our app’s security features:

  • Secure environment checks: Making sure the app is secure before it’s turned on, and preventing kernel roll-back.
  • Brute force protection: Limiting password attempts and using a CAPTCHA before the last attempt.
  • Password protection: Using two different passwords for the app and Vault.
  • Metadata and header encryption: Protecting your “who, what, when, and how long” data from tracking.
  • Push notification obfuscation: You know when you get a message but no one else can see it.
  • Chat encryption: 521-bit ECC is the best encryption available, and we use it for all of your chats and files.

All devices available from SKY ECC have these features built into the app. If you aren’t sure if this is the right feature set for you and would like to discuss it further, use the button below to contact our support team with any questions you may have.

Asset 1

Protect Your Privacy with SKY ECC

Secure devices

Private, encrypted mobile data network

Encrypted network communications

Brute-force protections

Private, encrypted mobile data network

Strongest encryption of any secure communications app