- Android messenger open source registration#
- Android messenger open source android#
- Android messenger open source code#
Android messenger open source code#
Have there been a recent code audit and an independent security analysis?
Android messenger open source android#
N/A, Session is excluded from iCloud/iTunes & Android backupsĭoes the company log timestamps/IP addresses? N/A, Wire is excluded from iCloud/iTunes & Android backups N/A, Wickr is excluded from iCloud/iTunes & Android backups N/A, Signal is excluded from iCloud/iTunes & Android backups IOS: Yes (if passphrase enabled) Android: Yes (unsure of function)ĭoes the app allow a secondary factor of authentication?Īre messages encrypted when backed up to the cloud? IOS: Yes (if passphrase enabled) Android: Yes (if master key set in the app)
No (session keys do change after being used 100 times)ĭoes the app use TLS/Noise to encrypt network traffic?ĭoes the app encrypt data on the device? (iOS and Android only) Is personal information (mobile number, contact list, etc.) hashed?ĭoes the app generate & keep a private key on the device itself?ĭoes the app enforce perfect forward secrecy? No (session only, does not provide users' fingerprint information)ĭirectory service could be modified to enable a MITM attack?ĭo you get notified if a contact's fingerprint changes? N/A, Google Messages uses RCS, which doesn't use a directory serviceĬan you manually verify contacts' fingerprints? Yes (clients Element / Riot, server/API )Īre reproducible builds used to verify apps against source code?Ĭan you add a contact without needing to trust a directory server? (optional mobile number sent to third party for registration)
Android messenger open source registration#
(mandatory mobile number sent to third party for registration & recovery) (User data is sent to a third party if a payment is made) User data and/or metadata sent to parent company and/or third parties? Location / identifiers / purchases / location / contact info / contacts / identifiers / usage data / user content / usage data / diagnosticsĬontact info / identifiers / usage data / diagnostics (Information not submitted to Apple Store) (Contact info not sent when using anonymously) Health & fitness / purchases / financial info / location / contact info / contacts / user content / search history / browsing history / identifiers / usage data / sensitive info / diagnostics / other data (Difficult to assess given the app is integrated into Apple's greater ecosystem) (Difficult to assess given the app is integrated into Google's greater ecosystem) Janus Friis / Iconical / Zeta Holdings Luxembourg / Rakuten / friends and family of Talmon Marco (it's very unclear) Surveillance capability built into the app?ĭoes the company provide a transparency report?Ĭompany's general stance on customers' privacyįreedom of the Press Foundation / the Knight Foundation / the Shuttleworth Foundation / the Open Technology Fund / Signal Foundation (Brian Acton) Implicated in giving customers' data to intelligence agencies? Messages: Worldwide (uses de-centralised servers)Īttachments: Centralised server in Canada
USA, the Netherlands, Australia, Brazil, China, Ireland, Hong Kong, and Japan UK (and potentially all jurisdictions, given it's a decentralised messaging platform) USA (Ireland and Denmark planned) iMessage runs on AWS and Google Cloud Worldwide (rollout on-going, unsure of exact locations, most likely Google Cloud regions) Messages can be read by Facebook if marked as "abusive"įormer NSA chief Keith Alexander is on Amazon’s board of directorsįurther limit metadata storage and logging Implement perfect forward secrecy at the end-to-end encryption layer Provide more comprehensive independent assessments of security/privacy Remove the mandatory requirement for users to sign up with a mobile number No independent & recent code audit and security analysis Named as NSA partner in Snowden revelationsĭata not protected, not all data protected Improvements to apps that are recommended Main reasons why the app isn't recommended Is the app recommended to secure my messages and attachments?
0 kommentar(er)
