Insights For Success

Strategy, Innovation, Leadership and Security

iMessage

Whatsapp to become more secure than Apple Messages

technologyEdward KiledjianComment
Image by   downloadsource.fr   used under Creative Commons License

Image by downloadsource.fr used under Creative Commons License

I'm an advocate of personal privacy through encryption. I love the Threema instant messenger (Link) but none of my contacts used it. This is the problem with secure instant messenger apps, your friends aren't there so it becomes useless. 

Now Whatsapp is including the encryption functionality of TextSecure from Open Whisper Systems in their Android client and this will make Whatsapp the most secure instant messenger (beating even Apple's a Messages/iMessage).

Like Whatsapp, Apple's iMessage/Messages offers end to end encryption but in Apple's design, they control the encryption keys which means they could create a man in the middle type situation and you would never know. In the new Whatsapp with encrypted messenger app, the keys are controlled by the client and you will be able to verify the counter-parties encryption key using QR code scanning (similar to Threema) or by verbally exchanging the encryption key verifier. This will make sure beyond any doubt that the messages are encrypted for the intended recipient and no one else. 

How will it work?

When you start a conversation with another Whatsapp android users using the latest version, you will be asked to initiate a secure session. Once initiated, you will see visual marker (lock icon) in a couple of places to remind you the session is protected : next to the send button, next to each encrypted message and in the title bar.

When?

If you are using the latest android client, your version already includes the new end-to-end encryption mechanism and it is activated when talking to other Android based Whatsapp users.

Although I haven't seen any promises for an IOS version upgrade containing this secure technology from Whatsapp, I am confident we will eventually see it on iPhone as well. 

Apple Messages most secure messaging platform

technologyEdward KiledjianComment
Image by  Daniel Dudek-Corrigan  used under Creative Commons License

Image by Daniel Dudek-Corrigan used under Creative Commons License

The Electronic Frontier Foundation has released an interesting comparison chart showing how well the most common instant messaging platforms compete on security.

The EFF analysis looked at these criteria:

  • Encrypted in transit
  • Encrypted so the provider can't read it
  • Can you verify contacts identity
  • Are past communication protected if keys are stolen 
  • Is the code open to independent review
  • Is security design properly documented
  • Has the code been audited
    Are

The highest rated tools (scoring 7 out of 7) were:

  • ChatSecure
  • CryptoCat
  • Signal/Redphone
  • Silent Phone
  • Silent Text
  • TextSecure

Not surprisingly, Apple's Facetime & iMessage (Messages) were ranked as the most secure mass market messaging tools. 

although neither currently provides complete protection against sophisticated, targeted forms of surveillance
— EFF

Google Hangouts, Facebook Messenger, Blackberry Messenger and Microsoft's Skype were dinged on several fronts including lack of protection of past communications and lack of detailed documentation about security.

EFF Press Release : Link

EFF Scorecard : Link

 

Diversity coming to Unicode

technologyEdward KiledjianComment

Tech companies are working with the Unicode Consortium to implement a new skin tone control for character emoji to allow users to more accurately express themselves (and their identity). 

We now learn how these companies propose Unicode implement this change using a skin tone modifier. The technique being proposed is simple enough to be implementable and usable on a phone. Additionally this technique is backward compatible with devices that don't yet support the skin tone modifier (i.e. the emoji would fall back to the original non skin tone adjusted version). 

The Unicode consortium hasn't accepted this new proposal just yet but it would be hard pressed to turn it down (considering most tech users today are members of a visible ethnic group).

I'm all for diversity and think this is a positive step. Hopefully this becomes a new standard soon.

You can read the proposal here (link).

Apple to fix messaging issue for users migrating to Android

technologyEdward KiledjianComment

When an iPhone users sends a message to another iPhone user it is done via Apple's proprietary iMessage platform and users are identified by their telephone numbers. If you are a user that switches from an iPhone to Android without first disabling all iMessage logins on all your devices then you may end up in a situation where iPhone users can no longer message you. Anytime they try sending you a message, Apple will think you still have an iPhone and hold them until your iPhone comes back online (which may be never if you have migrated).

Apple seems to acknowledge the issue to Re/Code (link) with this statement

We recently fixed a server-side iMessage bug which was causing an issue for some users, and we have an additional bug fix in a future software update,” Apple told Re/code in a statement. “For users still experiencing an issue, please contact AppleCare.

Users had complained that AppleCare agents were also unable to fix the issue but Apple says this limitation has since been resolved. As for what software changes could be implemented to fix this with a future update, we'll have to wait and see.

Apple's iMessage on Android via Google Play

technologyEdward KiledjianComment
iMessage_Android_1.png

There is an app on the Google Play store that claims to offer iMessage functionality to Android users. The app comes from a developer named Daniel Zweigart . Apple typically isn't forgiving and I am fairly confident Cuppertino lawyers are gearing up as you read this.

Some users on Twitter claim the app actually works.  

WORD OF WARNING - There is a very strong possibility that this app is harvesting your Apple ID and password. I recommend not using this with any Apple ID tied to a credit card.

You can download it here

Expect this app to get pulled and Apple to find a way to kill it technically quickly.