Case Study: Secure Chat
Secure Chat originated more than 2 years ago as a project for BlackBerry 7. The Client wanted a simple application with minimal functionality and maximum security that would be realized via encryption. Only then would the software grow several essentials, such as automatic deletion of messages or hiding the app icon from the homescreen. Afterwards building a version for Android was just a matter of time. While BlackBerry has always had the reputation of a secure platform with a tiny marketshare, Android, on the contrary, is the most widespread player on the market, and at the same time the most vulnerable as for security.
Yet it's security that is the cornerstone of Secure Chat, if only for the fact that data aren't stored on the server. Thus it's useless to hack it. Everything is stored on the devices only, all the peer-to-peer transmitted data are encrypted, and the users are verified via the Off-The-Record protocol. A loss of a device is not a problem either – there is a feature of remote wiping of all data.
Why do we call it the topmost secure messenger? Well, just because all of its competitors do store user data on the server, and this means vulnerability. Our task was to keep going several steps ahead of other products. Although it works well for personal communication, it's corporate use that the product aims at. Secure Chat is a perfect candidate to replace any other messenger for internal use with something just as simple but about a hundred times more secure.
• Secure Chat is not limited to texting: users may send images, audio and video files, and various documents. All of these are also protected by the encryption.
• Nothing gets logged on the server. No data is stored on the server. Nobody can track the time, the content, and the participants of a conversation. The chat is secure and anonymous.
• Question-and-answer authentication, so that the user is sure that the other participant is not an imposter.
• Off-The-Record protocol (OTR): the highest level of encryption for instant messaging, with temporary per-message keys that can be decrypted on the recipient's device only.
• For Your Eyes Only: this mode automatically erases every message in a conversation after 10 seconds upon reception.
• Email notifications in case a user receives a message in Secure Chat. Surely no contents are revealed.
• Secure Chat is compatible with other XMPP chats, yet everything that comes from the outside is naturally not protected by OTR.
• An option of erasing all messages upon leaving a conversation.
• Offline mode: messages are immediately delivered upon restoration of Internet connection.
• Removal of selected messages.
• Forwarding messages.
• Chat time-out lock after inactivity for a specified duration of time.
• Push-to-Talk feature (voice clip).
• User presence status (Online / Away / Do Not Disturb / Offline).
• The use of the BOSH (Bidirectional-streams Over Synchronous HTTP) transport protocol reduces the consumption of battery life.
• Secure Chat is available via subscription that actually enables an account to manage a bundle of Secure Apps: Secure Chat, Secure Email, and Secure Voice.
• Java for Android
• OTR (Off-The-Record protocol)
• BOSH (Bidirectional-streams Over Synchronous HTTP)
• Libraries: SQLCipher, asmack (Smack for Android), SAX-RSS-Reader, Material-ish Progress, PhotoView, otr4j
Supported platforms: BlackBerry 6, 7 (a version for BB 10 is currently in works); Android 4.0 and later. The app was tested on numerous devices, including Nexus 4, 5, and 7; Asus TF101 tablet; Samsung S-Series (3, 4, and 5), and LG G3.
We had to fix and adjust plenty of open-source libraries that we used for the project, including the implemented Off-The-Record protocol. We tackled these obstacles and successfully released this beautiful product on the market, polishing the experience afterwards, just as usual. What was great as well was that we moved on to further projects for the Secure Apps bundle.
June 08, 2015
Okadabooks could be named "yet another reader app" if not for several facts. Fact #1: this app was designed for the African... more →
May 29, 2015
SuChef was created for people who don't have to be experienced cooks - that's why the target audience is everyone who loves... more →
Building software products for large companies very often means building just a part of the whole mechanism. Yet it has to... more →