On 03/09/2013 04:17 PM, Alex Comninos wrote: > 1> Request opinions on the security of WhatsApp and Viber (I understand the > security of the previous has been discussed extensively on Libtech)
They have reasonable network security from the app to the server (basic HTTPS / SSL), but NOT end-to-end security between you and the person you are communicating with. It is also unclear how well they validate their server's SSL certificate, so it might be possible for that traffic to be broken by a man-in-the-middle attack. Storage of message data locally on the device is in a relatively standard manner with all/most messages being logged by default, meaning it your message history can be easily extracted if the device is physically compromised, and possibly also by malware on the device (especially in the case of a rooted Android device). > 2> Request suggestions on secure mobile messaging apps. These apps s hould > not just run on Android and iPhone devices, but should also run on the most > basic and cheapest of internet enabled phones (feature phones or dumb > internet enabled phones, particularly Nokia and older versions of Symbian). > These apps must also be free and easy to use. Security on older Nokia and Symbian phones is a tricky subject, especially when you want interoperable security with Android and iPhone. There were some Java/J2ME "crypto SMS" implementations around in the past, but these have not been maintained. There definitely isn't something interoperable with open-standards like Off-the-Record Encryption, as far as I know. Based on some work towards a Blackberry OTR app, it seems like the necessary Java libraries for strong cryptography on J2ME The best that I can offer is Gibberbot, our app for Android, that can work just fine on really, really cheap Android phones (<$50 USD), and also works with ChatSecure on iPhone, and Pidgin desktop chat on Windows, Linux, and Adium on Mac. It also can work on slower networks like EDGE. https://guardianproject.info/howto/chatsecurely/ Best of luck finding a solution that address all of your needs, and let us know how it goes. I am sorry we can't provide better support for these more limited devices. Best, Nathan -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
