One of the best secure-messaging apps on the market just got even better: Wickr 2.0, released today (Dec. 20) for iOS, has increased its privacy options by putting increased limitations on the way the app accesses users' address-book information.
Most instant-messaging apps scan the phones on which they're downloaded for contact information, and then upload the contact info to their servers.
This makes sense from a business perspective; the app makers want to make it easy for you to switch from regular SMS-based text messaging to their services, and they want to gather information on other potential customers.
That's good for the company, but not so good for customers who'd prefer to keep their friends and other contacts private, even from the messaging services used to communicate with them.
In Wickr 2.0, however, users' address-book information never leaves the device on which it is stored. Instead, Wickr creates "a cryptographic representation of your contacts that we store on our servers to match with your friends," Nico Sell, Wickr co-founder and CEO, said in a statement.
True information security is a difficult claim to make, especially since former National Security Agency contractor Edward Snowden revealed that the agency gathers troves of data on individuals both in the United States and abroad.
In some cases, the NSA and other intelligence agencies have used court orders to force communications services to turn over their customers' information. That was the case with Lavabit, an encrypted email service allegedly used by Snowden himself.
Because Lavabit worked by storing its users' encryption keys (the long strings of numbers used to "unlock" cryptographically scrambled messages) on its own server, the government was able to force Lavabit to turn them over via a court order.
Wickr, however, doesn't have that problem, because it never has its users' encryption keys in the first place. In version 2.0, it won't have its users' unencrypted addressing data, either.
"We don't want to hold that sensitive information on our servers," Sell said in the statement.
Wickr still needs to know some contact information in order to send your messages, however, so it creates a "cryptographic representation" — probably a cryptographic hash, or string of seemingly random data — and stores that on its servers. Cryptographic hashes mask the length of the text to which they correspond, and it's extremely difficult, if not impossible, to reverse a well-constructed hash back into plaintext.
Sell said Wickr will also license its address-book solution to other messaging apps and companies, according to Engadget.
Wickr is free on both iOS and Android. The 2.0 update is coming to Android within the next few days.
- Encryption: What it Is and How it Works for You
- 12 More Things You Didn't Know Could Be Hacked
- How BitTorrent Will Keep Your Chats Private
- Technology & Electronics