play.google.com/store/apps/details?id=com.kstych.SecureIM
Do you care if your messages are scanned/read/provided to the highest bidder or the authorities without ever asking or even notifying?
SecureIM is the first Secure-Chat application which is built to protect you from any possible or potential leak of privacy. These days organizations spy on our chats to target ads and Governments in the name of security, however there is no excuse of not demanding and having access to privacy when we want.
SecureIM secures your communication in 2 ways
1. Secure Transmission :- A chat message will be encrypted and only readable on the device it is sent to/from.
2. Single Use Keys :- The Keys generated while messaging are discarded when the application is closed, which means it is impossible to decode a message once the app is reloaded.
The application is extremely simple to use, no need to bother about the complexities of encryption and underlying privacy details, rest assured your messages will always be out of reach from snoopers.
This app uses Public Key Cryptography, each session generates its own private/public keys.
Keys are never stored but kept in memory until the app is running.
So it'll support XMPP?
Or just gtalk?
supports xmpp
Sleepy! said:
So it'll support XMPP?
Or just gtalk?
Click to expand...
Click to collapse
yes, the app uses XMPP below the encryption layer, and so any XMPP server is supported, however this version is binded to login to Google talk server
Thanks
Related
https://github.com/venomous0x/WhatsAPI
What is WhatsApp?
According to the company:
“WhatsApp Messenger is a cross-platform mobile messenger that replaces SMS and works through the existing internet data plan of your device. WhatsApp is available for iPhone, BlackBerry, Android, Windows Phone, Nokia Symbian60 & S40 phones. Because WhatsApp Messenger uses the same internet data plan that you use for email and web browsing, there is no cost to message and stay in touch with your friends.”
Click to expand...
Click to collapse
Late 2011 numbers: 1 billion messages per day, ~20 million users.
Modified XMPP
WhatsApp uses some sort of customized XMPP server, named internally as FunXMPP, which is basically some extended proprietary version.
Login procedure
Much like XMPP, WhatsApp uses JID (jabber id) and password to successfully login to the service. The password is hashed and happened to be an MD5’d, reversed-version of the mobile’s IMEI (International Mobile Equipment Identity) or equivalent unique ID, stored in servers upon account creation and used transparently everytime the client connects the server.
The JID is a concatenation between your country’s code and mobile number.
Initial login uses Digest Access Authentication.
Message sending
Messages are basically sent as TCP packets, following WhatsApp’s own format (unlike what’s defined in XMPP RFCs).
Despite the usage of SSL-like communication, messages are being sent in plain-text format.
Multimedia Message sending
Photos, Videos and Audio files shared with WhatsApp contacts are HTTP-uploaded to a server before being sent to the recipient(s) along with Base64 thumbnail of media file (if applicable) along with the generated HTTP link as the message body.
FAQ
What’s with the hex chars floating all over the code?
Mostly WhatsApp’s proprietary control chars/commands, or formatted data according to their server’s specifications, stored in predefined dictionaries within the clients.
What’s your future development plans?
We don’t have any.
Would it run over the web?
We’ve tested a slightly-modified version on top of Tornado Web Server and worked like a charm, however, building a chat client is a bit tricky, do your research.
Can I receive chats?
Indeed, using the same socket-receiving mechanism. But you have to parse the incoming data. Parsing functions aren’t included in this release, maybe in the next one?
I think the code is messy.
It’s working.
How can I obtain my password?
It depends on your platform, with Android for example, you can use TelephonyManager
Code:
TelephonyManager tm = (TelephonyManager) getSystemService(Context.TELEPHONY_SERVICE);
tm.getDeviceId();
With the sufficent permissions of course
Code:
<uses-permission android:name="android.permission.READ_PHONE_STATE"/>
NOTES
This proof of concept is extensible to contain every feature that make a fully-fledged client, similar to the official ones, actually could be even better.
During the two weeks of analysis of service mechanisms, we stumbled upon serious design and security flaws (they fixed some of them since 2011). For a company with such massive user base, we expected better practises and engineering.
Perfectly working as PHP and JAVA ports.
License
MIT - refer to the source code for the extra line.
Venomous
Team of Bahraini Developers.
Ahmed Moh'd and Ali Hubail (@hubail) contributed to this release.
I really would like to know whats your debugging strategy in this case? I'm still not able to capture the traffic from my Android 4 VirtualMachine in order to decypher the ssl traffic.
I documented my setup on my blog, just search for "WhatsApp für Android 4.0.X-X86 ICS auf VirtualBox" on Google.
Could you please provide some infos on your setup?
Except for some requests ( Syncing and Status update) , all requests go on plain text ( although they use SSL port , they still send in plain text )
onnsoft said:
I really would like to know whats your debugging strategy in this case? I'm still not able to capture the traffic from my Android 4 VirtualMachine in order to decypher the ssl traffic.
I documented my setup on my blog, just search for "WhatsApp für Android 4.0.X-X86 ICS auf VirtualBox" on Google.
Could you please provide some infos on your setup?
Click to expand...
Click to collapse
WebOS port!!!
Sent from my R800x using XDA
Looks like Whatsapp is quite secure...
Swypesation
Isn't there anyway to hack it???
Sent from my MT11i using xda premium
google it
The Internet was designed to be a free network. “Don’t be evil” is the formal corporate motto of Google.However a subjective good from Internet institutions can't guarantee Internet freedom.What the true freedom? The true freedom is assuming all the participators are evil, get rid of all the participators capacity for evil through architectural design.
Apps often used to deliver sensitive data or used for personal and corporate communications, so the data stored by the service provider should be encrypted end-to-end, There are many App messaging applications like Line, WeChat, KakaoTalk, and many more, but they are not end-to-end encrypted messengers. Time is loudly announcing the need to shift to some alternates who provide end-to-end encryption for communication between two devices and respect your Privacy. There are a number of solutions available includes for privacy like, Telegram offers end-to-end encryption and have a 'Secret Chat' feature, that self-destruct messages after the conversation, Sure spot allows you to send and receive text messages, pictures and audio clip with end-to-end encryption, Threema use end-to-end encryption and gives you all features like text messaging, image sharing, and voice chat as well, Text Secure and Red Phone also provides end-to-end encryption for messaging and voice calls respectively. Red Phone allows you to upgrade a normal call to secure call whenever it senses the possibility to fulfill the requirements.
Therefore we have developed a complete decentralized, third-party End to End encrypted communication APP.
What is “a complete decentralized” concept?
IMAP/SMTP are standard communication protocol for retrieving and sending emails from mail server, our APP users communicate via the protocols, as if they are sending emails.
What is “third-party End to End encrypted communication”?
Since we are using zero-server solution, the developer themselves can't read the communication information from users at all. We encrypt the E-mail communication. The advantage of third-party encryption is no one can read APP user's communication information without permission, include APP official, operator, E-mail service provider and so on.
Why “APP”?
We used smart phone longer than sitting in front of a PC. We hope to develop a 100% free of charge future-proof secure communication app that is convenient and suit for long-hour usage.
After completing the APP, as long as there is user, nobody include us can prohibit this product from being used. As in nobody can prohibit the use of email protocol. Furthermore there will be no server deployed to manage this APP. It enables free flow of APP in conformity with the spirit of free Internet environment.
freedom is only an illusion. Your never free, I'll never be free, no living thing can ever be truly free, as every action is determined (or can be seen as determined a posteriori) by various factots. So, as the Internet is constructed by humans, logically it won't be free as well.
Stop talking about freedom and give us a secure App
this is not meant negatively.
Regards
Needs to be idiot proof, lightweight and versatile. Good luck.
Sent from a stolen phone!
Hufu is a next generation encrypted messenger that combines best-in-class message encryption seamlessly with an intuitive user interface. Unlike the mainstream encrypted messaging applications, Hufu encrypted messages pass from your mailbox directly to the recipient's mailbox, removing the possibility for the software provider to compromise your communication security directly, by, e.g., MITM attack, or blocking your IP from accessing the server, or indirectly by collecting your metadata.
__________________________________________
HIGH STRENGTH END- TO-END ENCRYPTION
All messages are encrypted before they leave your phone and not decrypted until they reach the receiver's phone, encryptions are implemented using highly secure and efficient industry-standard algorithms(128 bits AES-GCM for symmetric encryption, and 2048 bits RSA for public key encryption ). Keys are stored locally in an encrypted database, with each page encrypted using a separate key. Additionally, connections to the mail servers are protected with SSL/TLS whenever possible.
__________________________________________
COMPLETE AND PROVABLE PRIVACY PROTECTION
Ciphertexts or plaintexts, all of your data belong to you! Hufu never connects to any server run by us(which can be easily proven by wiretapping your own connection or scrutinizing the code), thus there is no
possibility we collect or store your data without your permission, or violate your privacy in any other way. All private chat messages are deleted from your mailbox 24 hours after they are received/sent.
__________________________________________
MINIMALISTIC DESIGN AND INTUITIVE UI
Completely private chat has never been easier as Hufu makes encrypted messaging a seamless experience in a decentralized environment. The UI is designed under the principle of KISS(keep it simple, stupid), the number of UI elements are kept to a minimum but tuned to improve user's operational security awareness. Setting up is a breeze, all cryptographic processes happen under the hood and are unnoticeable. It should take less than minutes for a user completely new to Hufu to set up his Email account and start using Hufu.
__________________________________________
ROBUSTNESS
Any IMAP-supported mailbox can in theory be used with Hufu, making it nearly impossible to censor all Hufu encrypted messages, and the serverless and open source nature of Hufu allows it to function independent of the status of our business.
__________________________________________
MINIMUM PERMISSIONS
Device & app history
* retrieve running apps
Identity
* find accounts on the device
Photos/Media/Files
* access USB storage filesystem
* modify or delete the contents of your USB storage
* read the contents of your USB storage
__________________________________________
OTHER
* close other apps
* full network access
* view network connections
* control vibration
* use accounts on the device
__________________________________________
Precautions:
1. Avoid using on rooted devices, rooting could potentially allow malicious memory snapshotting/key recording programs to be installed without the user's consent, and breach Hufu's security.
2.If you are using any third-party software to manage your processes, please make sure that Hufu is allowed to run in the background, otherwise the retrieval of your messages may be delayed.
I've been looking at various messaging apps that are encrypted.
Things like
delta chat
Pretty easy privacy
Conversations.
K9 mail with pgp encryption
And others.
They all have various issues
Conversations uses xxmp servers which don't work well if there are extended times offline.
Delta chat uses smtp which is great for offline but it has very little key management features for advanced users
Pretty easy privacy is still beta but promises a lot of good features in the future, but they might go with a subscription service for advanced features(that they call enterprise edition otherwise it might be the best when they get it done)
K9 mail with open pgp key management just is too complicated for everyday people.(sadly it's the best security)
What are you using and why?
nutpants said:
I've been looking at various messaging apps that are encrypted.
Things like
delta chat
Pretty easy privacy
Conversations.
K9 mail with pgp encryption
And others.
They all have various issues
Conversations uses xxmp servers which don't work well if there are extended times offline.
Delta chat uses smtp which is great for offline but it has very little key management features for advanced users
Pretty easy privacy is still beta but promises a lot of good features in the future, but they might go with a subscription service for advanced features(that they call enterprise edition otherwise it might be the best when they get it done)
K9 mail with open pgp key management just is too complicated for everyday people.(sadly it's the best security)
What are you using and why?
Click to expand...
Click to collapse
I'm kinda a rookie and only play a knowledgeable geek on tv, but security is pretty important to me. So I've tried a few different apps. Currently I'm using a combo of Threema and Signal on my Mi Max 3. I really like Threema. I wish signal had a few more bells and whistles, so I'm casting about for another SMS messaging app. It's not very scientific but one of my main criteria is just how many permissions the app asks for.
Telegram app or website
Signal app
There is no security on smartphones.
Depends on a few things.
1. Keys stay encrypted and on phone not online or "in the cloud"
2. Even if encrypted end to end like Whatsapp, the company was sold to Facebook so.....
3. Has to connect send and receive peer to peer or adversaries attack any centralization because that makes it too easy for them, so no telegram
I think Signal by Whisper Systems is "best", but the phone has android which Google and nsa have backdoored and suppress zero day exploit knowledge and keep discovery secret, so they read and keylog it all.
Ive been using Wickr they seem to be more secure than a regular text messages at least, I hope maybe. They say in their disclosure they dont keep any messages on the servers they use but its stiil the end users device thats the weak point. Lately wickr has been updating alot, which seems to be another term for uploading. idk i may be way off.
I found my rooted Nexus 6 had directories that were hard to get to containing screenshots of my phone taken randomly during a 24 hour time frame and zipped. Also simply watching the logcat it was uploading files regularly, dropbox and I cant find much about it but the Sahara protocol was what seemed to be querying uploads.
I use telegram
The best is to use secret chat in Telegram
It's available when use mobile telegram
Millions flock to other messenger apps as fears grow over Big Tech.
SignalSignal uses Open Whisper System to automatically end-to-end encrypt all conversations.
Encryption keys are stored on users’ phones and computers, minimising the risk of them being spoofed. You will also be notified if any of your contacts’ encryption key changes.
Users can verify each other using either a passcode of numbers or by scanning a QR code, which means Signal holds almost no data about you.
The app does not store metadata, logs, or information on its users. It also does not store a record of your contacts, conversations, locations, profile name, avatar, group memberships or group titles.
Your chats do not get backed up by default, but you can choose to back them up to a secure cloud if you wish.
There is also a setting which allows you to receive “sealed” messages from non-contacts with whom you have not shared your profile, an option that hides your IP address, and a self-destructing messages option that disappear completely after a set time.
Telegram
Telegram uses its own end-to-end encryption service called MTProto. However, it is not entirely open source.
Its default cloud chat messaging system is not end-to-end encrypted, with chats stored on Telegram’s servers and backed up to a cloud. This means Telegram can gain access to your messages.
However, it also has a secret chat option, which is encrypted. Messages sent through secret chat can only be read on the device you sent them to.
BatChat
BatChat is a private & secure messaging app with end-to-end encryption which provides the highest level of data security.You can use it FREE to voice or video call families, friends, colleagues anytime and anywhere without worrying about data leakage.