What’s App – and what’s the appernative?

What's App I’m sure you’ve heard about “What’s App”. If you haven’t, “What’s App” is an application available for smartphones such as the iPhone, Android, Windows Mobile, Blackberry and more. It allows you to send messages, similar to SMS, to friends who also use the same application. On the upside, it’s free of charge (you only need to pay for the internet traffic generated), on the downside it’s very insecure. But what are secure alternatives out there?

Let’s start and answer the obvious question: Why is What’s App insecure?

The main reason is: What’s App is storing all your communication on the servers unencrypted. The company claims there is encryption, but that is only limited to the transfer between your phone and the servers. Once the message (or photo, video, location information) reached the server, anyone with access within the company can read your message.

I don’t need to mention, that being the most popular instant messaging application, What’s App surely attracts hackers as well. And once these have gained access to the servers, they will also have access to your communication.

So you better make sure that What’s App is not your only means of communication. And you shouldn’t use it for anything that is confidential.

But sometimes, we need to send confidential messages. Your wife forgot the password to the computer, or you want to send her the code to open the order. So what are the secure alternatives?

There are a few out there that I would like to introduce:

 

1) Wickr – leave no trace

WickrWickr is an iPhone-only application focused on “providing communication that leave no trace”. The Android version is in the works, but the fact that it only works on the iPhone is limiting its usage quite a lot.

Wickr claims to be totally secure. All messages are encrypted on your device before being sent to the server. Once the message reached its destination, it will be erased from the server in a secure manner by overwriting the message twice. Even if Wickr will be hacked (or government agencies try to intrude), there will be nothing left with the company. Hence, it’s also not interesting for hackers.

What’s more, Wickr allows you to set an expiry date of your message. That means, after a time of between 10 seconds to 5 days (it’s your choice) the message will be deleted from the recipients device. This is quite a nice feature and allows you to completely clean all traces you left.

I personally find the app very useful, although sometimes I would like to keep messages for longer. Hence, a feature to de-activate the self-destruct function would be nice.

You can download Wickr on the App store for free.

 

2)  Threema – security first

ThreemaCompared to Wickr, Threema is available for the iPhone and Android making it available to a larger audience. Like Wickr, Threema puts its focus on security. By using end-t0-end encryption, the company will never be able to read your messages as they are encrypted on your device and decrypted on the recipients device.

Compared to Wickr, which is based in the U.S. and operating under U.S. jurisdiction, Threema is based in Switzerland and all servers also remain there. That adds an additional layer of security as U.S. companies will need to comply with the all mighty NSA when presented with a secret court order, enacted by a secret court with secret judges.

Threema has a three-stage verification approach for contacts. If you add a contact by his/her nickname it will be red. Once they are verified with your address book, the status is switched to orange.

To fulfil the verification you actually need to meet the person and scan his/her ID from his/her phone with your phone. While that is a nice spy-like gimmick, it doesn’t have any effect on the ability to send and receive messages from this person.

Threema doesn’t have a message-destruct mode. Whatever you send to your friends will remain on their mobiles.

The app can be purchased from the App store or the Google play store. The price is USD 1.99 and worth it.

Threema’s local encryption is using the built-in features of the iOS or Android operating system. Wickr, on the other hand, is using a custom-built system. Hence, the local security is better on Wickr compared to Threema.

Both apps, Wickr and Threema, don’t support group chats. Threema claims this feature is in the works though and will be available soon.

Advertisements

Tags: , , ,

About Basti

I've been living and working for ten years in Greater China (Mainland China, Hong Kong). I'm working in the field of Product Design / Product Consulting and Manufacturing for accessories and wearable devices. My passions are travelling (especially China and Asia) and I used to ride a motorbike. Now, with two children, my hobbies switched to changing diapers, cleaning and feeding babies.

7 responses to “What’s App – and what’s the appernative?”

  1. beowulf222 says :

    Didn’t know about Wickr but am using Threema. Not sure how secure it really is since its code is neither open source nor independently audited, but probably (hopefully?) better than WhatsApp, Line, or WeChat.

    • Basti says :

      I’m also using Threema now. “Signal” for iOS offers end-to-end encrypted phone calls (on Android it’s called “Red Phone”). They will add messaging later. The app is open-source so you can review it…

      • beowulf222 says :

        The beauty of Threema is that it’s really easy to use. Even my mom can handle it. LOL For phone calls, well I run my own SIP Server; internal calls are theoretically contained.

      • Basti says :

        Yeah, my mum also uses Threema. I also run my own jabber server so messaging and video conferencing on computers are covered.

      • beowulf222 says :

        Does your Jabber server connect to other Jabber users (using a different server) or do you have to give out User-IDs? A Jabber server is something I am actually interested in but always shied away from.

      • Basti says :

        Jabber allows communication across servers. That’s one huge advantage compared to apps that lock you in a walled garden (Skype, MSN, WhatsApp, etc). However, you can also set up your server that it only allows connections from your domain. If you run a company, that might be an advantage. Jabber is built into OS X Server so it was quite easy to set up.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: