Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Suggestions on low-tech, free secure mobile messaging app

Nathan of Guardian nathan at guardianproject.info
Sun Mar 10 09:29:41 PDT 2013


On 03/09/2013 04:17 PM, Alex Comninos wrote:
> 1> Request opinions on the security of WhatsApp and Viber (I understand the
> security of the previous has been discussed extensively on Libtech)

They have reasonable network security from the app to the server (basic
HTTPS / SSL), but NOT end-to-end security between you and the person you
are communicating with. It is also unclear how well they validate their
server's SSL certificate, so it might be possible for that traffic to be
broken by a man-in-the-middle attack.

Storage of message data locally on the device is in a relatively
standard manner with all/most messages being logged by default, meaning
it your message history can be easily extracted if the device is
physically compromised, and possibly also by malware on the device
(especially in the case of a rooted Android device).

> 2> Request suggestions on secure mobile messaging apps. These apps s hould
> not just run on Android and iPhone devices, but should also run on the most
> basic and cheapest of internet enabled phones (feature phones or dumb
> internet enabled phones, particularly Nokia and older versions of Symbian).
> These apps must also be free and easy to use.

Security on older Nokia and Symbian phones is a tricky subject,
especially when you want interoperable security with Android and iPhone.

There were some Java/J2ME "crypto SMS" implementations around in the
past, but these have not been maintained. There definitely isn't
something interoperable with open-standards like Off-the-Record
Encryption, as far as I know. Based on some work towards a Blackberry
OTR app, it seems like the necessary Java libraries for strong
cryptography on J2ME

The best that I can offer is Gibberbot, our app for Android, that can
work just fine on really, really cheap Android phones (<$50 USD), and
also works with ChatSecure on iPhone, and Pidgin desktop chat on
Windows, Linux, and Adium on Mac. It also can work on slower networks
like EDGE.

https://guardianproject.info/howto/chatsecurely/

Best of luck finding a solution that address all of your needs, and let
us know how it goes. I am sorry we can't provide better support for
these more limited devices.

Best,
 Nathan






More information about the liberationtech mailing list