R U secure? Encrypted texting expands to Android OS.
- By William Jackson
- Sep 04, 2013
Silent Circle has expanded its circle of encrypted communications applications with the release of its Silent Text for the Android OS, providing texting and file transfers with strong end-to-end encryption between Android and iOS devices.
The new app is available through the Google Play app store.
Like the rest of its suite of communications tools for voice and video over mobile devices, laptops and desktops, the text apps use peer-to-peer encryption. Calls, texts and video are routed through the Silent Circle network, but keys are generated on the end devices and are not held on a central server. The company has no access to content and does not have metadata that could be vulnerable to snooping or subpoena.
Silent Circle is on track to have up to 3 million customers by the end of the year, said company CEO Mike Janke. About 35 percent of those are in North America. The U.S. government is among the company’s largest customers.
It was the vulnerability of metadata that prompted Silent Circle to shut down its “secure” email service in August. That service encrypted content, but was built on traditional email architecture with server-side encryption that leaves accessible information in the wake of messages, Janke said.
The Silent Text app, which enables transfer of files of up to 100 megabytes, has the ability to wipe messages from the recipient’s device after a prescribed time with a Burn Notice. The app will be the basis for a new secure email service expected to launch early next year, Janke said. The new email app will not do anything that Secure Text does not do, but it will have a traditional email interface for those who are more comfortable with that.
“The existing email structure is 40 years old,” Janke said. While the interface will be familiar, “underneath, the guts are peer-to-peer, a completely different system.”
The peer-to-peer scheme uses the Zimmermann Real Time Transport Protocol, a crypto key agreement protocol using the Diffie-Hellman key exchange and the Secure Real Time Transport Protocol. Encryption is done with NSA Suite B cryptography, a public interoperable set of crypto tools that include the Advanced Encryption Standard, Secure Hash Algorithm 2 and elliptic curve digital signature and key agreement algorithms. The company has its own network with SIP servers and codecs to support communications, but all cryptography is done on user devices.
Silent Text originally was released for the Apple iOS, which has a large market share in North America and in the U.S. government. The Android version was added because of what Janke called “an overwhelming call for it” in the rest of the world.
“We had to take our time for it to make it right, because Android is the weaker platform,” and because of the fractured nature of the Android ecosystem, Janke added.
With multiple versions of the operating system in use on a variety of hardware devices with different capabilities, porting the app was complex. The less expensive phones have only recently become powerful enough to support the processing required for strong cryptography, key generation and management. “A year ago we would have had to limit it to the top two or three types of phones,” Janke said.
William Jackson is freelance writer and the author of the CyberEye blog.