“Privacy guaranteed;” now that’s a tall order, especially if the promise is in regard to your text messages. Yet when German security firm G Data released Secure Chat for Android, the company did guarantee to protect your privacy “against data leaks and cyber eavesdropping, and offers the freedom of exchanging chat messages and data securely.” The new chat app “offers multiple-encrypted SMS and chat communication and guarantees the secure exchange of photos, videos and other media.”
G Data is celebrating its 30th anniversary by releasing Secure Chat for free. It’s currently only available for Android; it allows regular one-on-one secure text communications as well as encrypted group chats with the option of setting the messages to self-destruct. The company claims, “Middlemen have no chance: Only your smartphone and the receiving device can decrypt the messages sent. Your data traffic remains secure” and you “retain the rights to the content.”
Regarding the encrypted communication, G Data’s press release stated:
Due to its elliptic curve cryptography process, the Axolotl protocol is internationally considered to be practically impossible to hack. G Data insisted on a method that allows the servers for Secure Chat to be located on company premises. This lets G Data guarantee its customers’ adherence with the German data protection act.
There are numerous Android apps that allegedly offer secure communication. If you are so inclined as to download Secure Chat from Google Play, then here’s an overview of what you can expect.
Your phone number should autofill and you can either register or skip registration. If you choose to register, it happens quickly. Your phone number is verified, a text message is sent, your key is generated and registered on G Data’s servers. Then you’re ready to rock.
If you tap on “My identity key” then you will see a QR code. “This key is your identification,” explains the app. “It should be scanned by your contacts, so they can be sure that messages from this key were indeed sent by you.” I was not near my fellow tester to scan his key, so in the box where you enter text, the very first message warned, “Send unsecured SMS.” Well that’s not cool, I thought, yet after exchanging texts, and apparently also our keys, our texts were secure and marked with a lock icon.
G Data also said, “Send images and photos quickly, simply and, above all, securely via cryptography.” You can choose to attach a photo, take a picture, attach audio or video; the video has a 5120kb limit. You can also set your messages to self-destruct in 60, 15 or five seconds. To enable self-destructing messages, tap the clock icon and select the time limit. When you receive a self-destructing text, you’ll see a message that states, “the contents will self-destruct in five (whatever time was set) seconds.” If you tap on that message, you can view the text as the timer ticks off the seconds until destruction.
If you receive media along with a text, audio in the screenshot example above, you will see a warning that the data has to be temporarily decrypted and written to text if you wish to view it with an external content viewer.
Tapping on the message icon gives you the options to either sent text via Secure Chat, secure SMS, or insecure SMS.
Below are screen captures of the default settings; if you use Secure Chat then it would be wise to set a password under app protection as that will “enable local encryption of message and keys.” Screenshots are blocked by default and attempting to capture a screenshot will return a DRM-protected warning; that’s because “users retain the rights to their images and texts without fear of third party exploitation or re-use.” To allow screenshots, turn off screen security...that's not wise but it is how I got these images.
G Data security evangelist Andy Hayter added, “In today’s world, the privacy of the individual as well as businesses is in constant peril with the growing ability of hackers to tap into and steal data. We created the Secure Chat app with the strongest encryption protocol possible, to offer users the ability to easily communicate with each other without having to worry about the security of their conversations and data.”
When a company claims their service is unhackable, it’s inevitable that someone will try to prove that to be untrue. It’s also a pretty good bet that some security researcher will look into the “tap proof” and “privacy guaranteed” promises of Secure Chat, but there’s no reason right now to believe it’s not what it claims.
If you want to try Secure Chat, you can download the new app from Google Play; it’s free, but there is also a premium version that includes a phishing filter for URLs, and offers the ability to filter and hide text messages from specific contacts.