Updated: Jan 20
There are so many different secure chat apps available, it can often be difficult to understand what separates the genuine ones that will keep your communications truly secure, with those that are simply there to collect and sell your data and metadata. Here's what you need to know about what makes the strongest encrypted chat app.
512-bit ECC (Elliptic Curve Cryptography) encryption for NSA level security.
When it comes to private chat apps, end-to-end encryption is the first step. It makes sure that your message cannot be read while in transit from sender to receiver. Many hackers and other criminal elements have many different ways in which they can intercept data. The worst part is that techniques to achieve communication interception are becoming more common, and some individuals are able to take tools meant for legal and legitimate purposes, such as testing network security and engineer them to be used for criminal purposes.
Most communication apps use 256-bit AES as their encryption algorithms. Now this is good, but it is being replaced by more advanced and stronger encryptions as time goes on. SecureCrypt uses 512-bit ECC and with this advanced protocol, we can keep your communications secured for years to come, as it is resistant to quantum computing attacks.
Keeping your metadata private
Metadata is one of the main targets that criminals and other malicious state or non-state actors will try to go after. Message metadata can tell a lot, from who you talked to, when the conversations happened and even where in the world the people were. Protecting metadata is not easy. This is due to many apps and networks needing small amounts of metadata to function, such as with messaging apps that need it to send messages. Think of it like writing the address on an envelope when you send a letter. The messaging app needs the metadata to know where it is being sent to. Think of how many messages you send a day. That stacks up to a lot of metadata.
If someone was to observe someone else’s metadata, there are distinct patterns that could be easily figured out. It could potentially be used to plot where you travelled and who you are with in real life. If you were to send a message from a friends or family members house, metadata would have the address. Metadata may not hand over the messages, but it tells a lot on its own. SecureCrypt uses no server storage, and we encrypt all metadata at all times, while most encrypted chat apps, (free or paid) do not encrypt metadata. This is a huge distinction that separates SecureCrypt from all other commercial mobile security solutions.
Signing up privately
When you first sign-up for an app, you do not want that information you have given to be then used so that people could track you down. Sadly, many sign ups with free and paid apps can be used to track your IP address, the email you use, phone number or even the way you payed for it. All of these take away your anonymity in an instance.
For true privacy, anonymous chats are essential. While anonymity can take many different forms, it starts when you first sign up. If people are allowed to sign up without phone numbers or emails, using any name they wish or randomly generates identifiers, it allows for sign ups to be truly private.
Self-destructing messages to ensure complete privacy
While it sounds like something right from a James Bond film, self-destructing messages are a fantastic feature when it comes to keeping your privacy secure. Messages from a loved one maybe nice to keep around or a postcard from far away, but important messages carrying sensitive information need to be kept from any person viewing them. Yes, you could try and store the message, but it could still be potentially be read. If the message is no longer there, then there is nothing to read.
Apps with self-destructing message features often allow for the sender to choose the time frame from when the receiver first reads the message to it being deleted, be it a single minute to a week. This guarantees that the message can never be seen again or that someone could access it a few months later. Once it is deleted, it is gone for ever.
Also, allowing users to set an expiry time/date for each message can be seen as a great way to influence the retention period relating to GDPR/HIPAA/PIPEDA) privacy laws (Art 5(I)e GDPR).
Keeping your contacts private
If anyone can message you at any point, if you can have your messages besieged with spam and malware from unknown contacts, then it is not private. WhatsApp, Viber, Telegram and many other messaging apps suffer from this. And this can affect anyone, such as with Jeff Bezos. A spam message was sent to him which contained a video laced with a malicious code, which then stole data from his phone.
Contact security features are needed on apps as it make it impossible for people from contacting anyone with just a name. Alongside this, you need features that will block those you do not want messaging you, as well as letting the user have approval over who can message them. Having a private contact list, encrypted and native to your app is essential for your privacy. There is simply no alternative. Having an app require permissions to access your contact list breaches not only your privacy, but your contacts privacy as well. A private, encrypted contact list is the only way to guarantee that your work and personal contacts are guarded, and protected at all times.
Privacy for devices
One of the biggest mistakes that so many chat apps fall on is making sure the device is secure. If it does not have the app in a separate container and does not have tamper-resistant chips, then no matter what you install, it will never be 100% secure or private. Should a supply chain attack happen, every aspect of the device is compromised when it comes to safety.
Be it apps stealing data, apps spying on your device, mobile malware, or stalkerware and keyloggers, the data on your device is at risk potentially being stolen without you ever realizing. There is a high level of focus currently on the safety of apps, but the quality of the hardware is just as important to security and privacy. Both need attention if a device is to be truly secure. SecureCrypt does sit in a separate, encrypted container on your device, and we also use the latest devices with the most advanced security chips.
Device management to keep your information protected
People lose their phones every day. And when you do lose a phone, all the information on it is suddenly at risk. However, with device management, you can remotely lock and even wipe your device remotely, making sure that no matter where you lost it, you can always make sure your data is protected.
Hackers can easily extract data from your phone and take what they wish. With device management measures, you can make sure that you always have your devices protected, even if you lose them, with our Remote Wipe function that can ensure that even if your device is lost, stolen, or otherwise compromised, it can be remotely wiped, and any data rendered unrecoverable due to the overwriting we do when wiping a device.
Privacy strategies for networks
The biggest problem with networks is that regardless of Wi-Fi, cellular data or the internet in its entirety, very few providers can actually control or secure any of them. Every network you use is controlled by an array of public or private companies, all with varying views and policies on protecting your privacy. And if any of these systems are vulnerable, then all the data being shared across these networks can be compromised, and your messages read, and calls listened in on.
Some of these vulnerabilities have been around for many years, such as Signalling System No.7 (SS7) vulnerabilities which by connecting to mobile networks can allow a hacker or malicious state or non-state actor to listen into calls, read messages and take over devices of anyone on the targeted network. To prevent this, encrypted communications is required, as well as other security measures at the network level.
With secured hardware running on a private protected global network like SecureCrypt with encrypted voice calling, you can rest assured you can never be affected by these types of vulnerabilities. SecureCrypt also uses encrypted SIM cards with an onboard VPN on our SIM cards. This is an enhanced security feature not available with traditional cellular service providers like AT&T, Bell, T-Mobile, Rogers and any other traditional mobile network service provider. SecureCrypt also uses a private APN (Access Point Network) to further enhance your privacy while sending data over mobile wireless networks.
With SecureCrypt we have put in place many unique features not found in any other free or commercial based solution on the market. SecureCrypt features a Remote Wipe option in case your device is lost, stolen, or otherwise falls into the wrong hands. SecureCrypt also features a Duress Password option which when keyed in (instead of the regular unlock Password) will wipe all app data. We also feature a Panic Wipe option, which is a quick way when pressed to also wipe all app data. Anti-Brute Force mechanisms will prevent any forensic tools from brute-forcing your password, and our Stealth Mode is perfect for travelling dignitaries, diplomats, government employees, and anyone crossing international borders concerned with device examination. This feature hides our communication modules and makes it indistinguishable from a regular device.
Keeping your communications safe
Every single day, thousands of people around the world fall victim to hackers, and other malicious actors who use online messaging to take advantage of people and compromise their privacy. And this is before even mentioning how many companies and developers track your movements online as well. Data privacy is something we all deserve, and have a right to. By educating ourselves on the issues, choosing the right apps and being aware of new developments, everyone can ensure their data privacy. At SecureCrypt we make sure that every day we approach with the mindset of defending data privacy, so we can help keep your communications secure.