We think a lot about secure messaging apps around here, with good reason—we make one. Truth be told, I’ve been interested in secure messaging for over 20 years. Long before smartphones existed, I was playing with PGP with various email clients. When I worked in the pharmaceutical industry I encouraged adoption of a secure collaboration app called Groove built by Ray Ozzie’s Groove Networks (purchased by Microsoft in 2005).
Since then, I’ve learned a lot about technology, encryption, and what makes a great app. When I started putting together this post on what makes a good secure messaging app, it didn’t take me long to create a laundry list of features I think are essential to any app that wants to say it’s a “secure messaging app”. I built my list in three parts:
- Technical—like encryption strength and perfect forward secrecy.
- Philosophical—like how contacts should be managed and how the company approaches personal privacy.
- User-focused— secure messaging apps must be easy to use.
I’ve organized my list along those lines, and l might have missed one or two things, but all the big things are covered. I’ve tried not make this an “all roads lead to SKY ECC” list. While we think SKY ECC is the best secure messaging app available, there are lot of other good apps out there too. There are good, secure apps that don’t meet all the criteria here (like being user funded), but even those check many boxes.
I’ve omitted features like “runs only on specific devices with tamper-resistance” or “runs only on secured, managed devices”—those features make SKY ECC more secure than other secure messaging solutions available, but there are secure solutions you can download onto (almost) any device from your favorite app store.
These are features I expect are programmatically built into an app—under-the-hood features that govern everything behind the slick interface. This is how the app works not how it looks.
Strong end-to-end encryption
Strong encryption should go without saying, but there are also degrees of encryption strength:
- iMessage:1280 bit RSA
- Skype: 1536 bit RSA
- Telegram: 2048 bit RSA
These apps use significantly weaker encryption than Signal, WhatsApp, or Threema’s 128 bit ECDH, which is roughly equivalent to 3072 bit RSA. All six are far behind SKY ECC’s 521 bit ECDH, which is equivalent to 15,360 bit RSA, making it the strongest encryption for any messaging app you can get.
This post outlines why you need end-to-end encryption on by default at all times. There isn’t any leeway here. If it isn’t encrypted end-to-end then somewhere along the chain someone can read the unencrypted text of the message.
Perfect forward secrecy
When you encrypt a message, a unique session key based on your secret key is used for the encryption. In practical terms this means even if your secret key were compromised, your messages are still protected because you need the unique session key for that message to decrypt it.
Session keys are created, and destroyed, every time you launch an app to chat, so getting the secret key and the session key for any given message would be virtually impossible. Wikipedia gives you good info on this.
Brute force protections
While most phones have brute force protection, a secure app should have additional protections if someone tries to force their way into the app by guessing your password. SKY ECC allows between 3 and 10 tries before the app resets itself and deletes all the data. You also have to enter a CAPTCHA word before the last attempt, making automated password cracking extremely challenging.
Protected/shielded from malware
I’m thinking about media file jacking and key loggers in particular here. A good app shouldn’t let information flow in and out of it to the rest of the device willy-nilly. I imagine a secure messaging app like those sealed boxes used in labs to work with dangerous chemicals or diseases. The box is sealed so nothing can get in or out and you only work with the samples through gloves. You can copy and paste text from within SKY ECC, for example the contents of a secure note into a message, but you cannot paste that text outside of the app. These protections go far beyond app sandboxing to the point of the secure messaging app being walled off from the rest of the device.
Protected network connections
Making sure all the communications to and from the server, not just messages, are protected is essential to protecting your information. While devices are doing the connecting handshakes, a lot of information like your IP address, usernames, passwords, and other information needs to be exchanged. If you don’t protect this info, someone could find your physical location or mount a man-in-the-middle attack against you.
We use combinations of encrypted data over mobile networks with VPNs or secure tunnels to ensure before any information is sent, your data is protected. Leanr more about our network protections in this article!
Long ago my oldest son used his social engineering skills to reveal someone had hijacked his friend’s social media account. It just took a few questions to figure out the person was an imposter, but that shouldn’t have been able to happen. From 2FA to authorized devices, secure messaging apps need protections from someone using your account if they have your username and password. SKY ECC does this by locking accounts to devices. One account, one device. You can’t have two SKY ECC accounts on the same device and you can’t use SKY ECC on two different devices.
WhatsApp has some protections, but not nearly enough as I learned when I got a new phone recently.
Local file storage leaves you open to media file jacking. If an app wants to have a media storage feature, it needs to be in a secure part of the app itself. Relying on the protections on devices isn’t always enough to keep attachment data safe.
As part of protecting the network connection, when messages are sent and received the metadata for the message (to, from, time stamp, etc) should be encrypted in transit. Yes, these need to be decrypted on the server, but they can’t be in the clear when the message is in transit.
Your metadata is much more information rich than you might think.
You should be able to have an account that isn’t tied to anything like your email address or phone number. If an app does need something like your phone number, it needs to be protected from being discoverable in the app. These are basic privacy protections that need to be backed by a company’s stance on privacy in general (more on that below).
We think having message backups are too risky to include as a feature. If you lose your device or it is wiped or you get a new device you will lose all your old chats, but storing those chats so they can be recovered comes at a sacrifice to protecting your privacy and the privacy of the people you communicate with. When you get a new SKY ECC device, or wipe it and start fresh, you get your contact list back, but that’s it.
This isn’t always convenient—I had to reset my device and lost a few things I didn’t jot down—but being secure and being convenient don’t always pair up. We err on the side of security.
User experience and interface
These aren’t fluffy nice things like putting stickers or GIFs into messages, these are features that help both adoption, usability, and privacy.
Easy to use
First and foremost, a secure messaging app needs to be easy to use. Anyone who has used a chat app in the past 15 years should be able to open the app and be able to figure out how to use it. Complicated steps to set up encryption keys, exchange keys, or just chat don’t cut it. In the two decades I’ve been working in this space, every time secure messaging is hard to use, people will not use it. You might get adoption for a short time, but when push comes to shove—easy and convenient win.
SKY ECC is very intuitive. Sure, there are neat features you might not see at first—calculator mode is one of them—but once someone shows you how to add a contact, the rest just makes sense.
Control over messaging and shared attachments
You should be able to set when messages automatically expire, be able to revoke messages (or attachments), and control if someone can save or share images or other files. When messages expire or are revoked, the message needs to disappear from everyone’s chat immediately. These controls are important for a range of reasons, something you said years ago can’t suddenly pop up out of the blue and out of context.
Sure there are things you need and want to keep (receipts, electronic tickets, software codes, etc), but those should be stored securely somewhere else, not in your secure messaging app. If you can save things, the data needs to stay within the confines of the app—which is exactly how our Vault works.
Control over contacts
You need control over who can start chatting with you. People you don’t know shouldn’t be able to discover you on your secure messaging app and connect with you. Every contact should have to ask permission to be on your contact list. And you should also be able to delete and block contacts if they become troublesome. Not allowing people to discover you and add you as a contact is a feature we believe is essential for privacy and control over your network. For someone to know your user ID, someone should have to get it directly from you or be shared through a mutual contact.
Like the privacy protections above, you should be able to be anonymous in the app if you wish. You shouldn’t have to use your real name, picture, or anything identifiable if you don’t wish to. This might be inconvenient for app makers—we don’t know who our users are for example—but it’s essential for privacy.
Philosophical company beliefs
It’s one thing to say your secure messaging app is secure, but if you do things like assist security agencies by putting backdoors into your app or servers—maybe customer privacy and security isn’tone of your core tenets. We feel very strongly about protecting our customers’ rights to privacy and security. These beliefs aren’t just reflected in how the product works but in how then entire company operates.
Here are a few of the core beliefs and operational steps we think make a secure messaging app truly secure.
Strong stance on protecting personal privacy
First and foremost, any company offering a secure messaging app needs a strong stance on personal privacy. This cuts to the core of everything the company does. For example, features like backing up chats or files in the Vault somewhere else is convenient, but if it can’t be achieved without sacrificing privacy, it’s not worth it.
At Sky we operate with a network of reseller partners and we protect their privacy and the privacy or the customers they service. We don’t gather personal information we don’t need. We allow payments through Bitcoin and other cryptocurrencies. If someone wants to remain anonymous, that is their right.
No encryption backdoors
There will always receive pressure from governments, especially the Five Eyes, to create a backdoor for governments and security agencies. We will resist.
No advertising in the app
This should be cut and dry, but not to Facebook and WhatsApp. Sometime in 2020 there will be advertising in WhatsApp Stories, what it will look like, if you can opt out, and even how Facebook is getting enough data to target relevant advertising to users is still unknown. In-app advertising runs counter to everything a secure messaging app stands for.
Advertising means somehow the app developer knows enough about you to target ads. That doesn’t jive with a privacy first approach. Not to mention all the technical aspects of ads, ad tracking, and the potential for ads pointing to malicious websites—in-app ads and secure messaging don’t exist in the same universe.
Minimal data on servers
Beyond not storing messages on servers—secure messaging servers should only be relays between client devices—there is a lot of other information that shouldn’t be kept. Things like which users sent messages to whom and when. Where devices are in the world. What kind of device someone is using. Or—worst case—clearly personally identifiable information like phone numbers or email addresses.
Secure messaging solutions shouldn’t keep these data on their servers. If you are serious about protecting customer privacy, you can’t keep that information on servers. Not even encrypted. If the information is there, it can be found and used.
As a SKY ECC customer the only thing stored in your account is an encrypted contact list. If you have to wipe and restore your SKY ECC device, you get your contact list back and that’s it. We don’t keep anything on the server longer than needed to get messages from point a to point b. Yes, we have to know who a message is from, who it’s going to, and the time the message is sent. But once a message is delivered, that data is deleted. We don’t have much more than what ECC IDs have last connected to the server, their account status, and who their contacts are.
Since we don’t have any information on who has which ECC ID (which is a randomly generated hex code), when we receive a lawful request for information, we can comply without compromising the promise of security and privacy we make to our customers.
There is the adage “if you’re not paying for something, you’re the product being sold” and we think this means secure messaging apps should be funded by the people who use the app. We believe paying for an app comes with a host of benefits from support to active development to better infrastructure that ensure there are no financial pressures on the secure messaging app developer. Financial pressures can lead to:
- taking outside funding
- accepting advertising that can impact customer privacy.
There is an important role for free and freemium apps in the secure messaging space, but we also think it’s essential if you choose to use a free secure messaging app you find out how the company is funding itself. Great apps don’t appear out of thin air. A lot of people work at SKY ECC to make the product, manage the servers, and provide support—and it all costs money.
Finding out where the money for an app is coming from is an important step to deciding if it’s the right messaging app for you.
Your choice of secure messaging app matters
We believe everyone should be able to communicate securely and privately with friends, colleagues, and family. We think secure messaging is an essential part of our freedoms and democracy. From journalists and whistleblowers shining a light on corruption to companies protecting innovations from corporate espionage, secure messaging plays an essential role.
This is why I came up with this list of features that make a secure messaging app secure. I think these are the baseline features you need to look at when you’re picking an app to use. With SKY ECC we take everything here to the next level with secured devices, stronger encryption than anyone else, and other security features behind the scenes we don’t discuss publicly.
We want you to know that when you use a SKY ECC device, you are using the strongest, most secure, and easiest to use secure messaging device available. That’s our promise to you. And if you’d like to learn more…get in touch.