Case Study: Secure Email
Emailing is one of the essentials in communication. Not the safest one, though. Yet we were assigned the task of correcting this vulnerability. We had to build a software product that would be as loved by users as Secure Chat, and not any less effective, being presented in one pack.
Let's count our tasks: first, it had to be a cross-platform product supporting Android, BlackBerry, and Web (available as Google Chrome, Mozilla Firefox, and Outlook Desktop extensions). Second, it had to offer its users absence of spam, phishing and anything that goes along. What's more, it had to shield users with an encryption mechanism that would make their mailing activities fully protected from any intruders. And third, it had to be as easy for the end user as regular mailing tools. We solved all of these tasks successfully.
We took an open-source technology PGP (which is short for Pretty Good Privacy) for encryption of emails. Although it's one of the most advanced encryption standards, we had to work a lot on debugging and adjusting it to the product. Most of software products with PGP are created for corporate use or for tech-savvy individuals. We did not need any learning curves or complex installations. We wanted to make it simple and excellent for everyone.
• The software has end-to-end PGP encryption, and it's fully compatible with other PGP solutions;
• Flexible account and global application settings logic that allows to customize Secure Email for better user experience;
• Nothing gets logged on the server. There are no records of communications or direct attachment to users and organizations. Nobody can track the content of an email;
• Validation algorithms for protection of the sender's identity;
• A set of editing features. Encrypted and regular emails can be composed, edited, and read in both HTML and plain text;
• Remote wiping of devices via email. If a device is lost or stolen, confidentiality remains intact;
• Storing encrypted email drafts;
• Compatibility with Microsoft Exchange;
• Compatibility with third-party imported/exported keys and application settings. They can be securely synced between Android and PC;
• Support for multiple accounts;
• Push notifications logic allows to receive emails at the same time as they appear at exchange;
• Advanced PGP key management features and multi-key support for each account;
• Secure Email is available via subscription that actually enables an account to manage a bundle of Secure Apps: Secure Chat, Secure Email, and Secure Voice.
• Java for Android
• EWS protocol (Exchange Web Services)
• Libraries: SQLCipher, JwebServices, SAX-RSS-Reader, NewRelic, OpenPGP Library for Android, UnboundID LDAP SDK, Guava, JUtf7
• PGP encryption: AES-256 encryption with 4096-bit keys, along with data compression and hashing
Supported platforms: BlackBerry 6, 7 (a version for BB 10 is currently in works); Android 4.1 and later. The app was tested on numerous devices, including Nexus 4, 5, and 7; Samsung S-Series (3, 4, and 5), and LG G3. The app also has extensions for Google Chrome, Mozilla Firefox, and Outlook Desktop.
Secure Email became a successful contribution to the Secure Pack. It was a great experience of delving into the world of secure software products and technologies that are applied in many spheres of modern business.
For the team it was a great way to boost their skills in taking open-source software, getting rid of the litter and creating a truly secure and reliable solution, not to mention its complexity, which was to be dressed in intuitive UX, which had to be just as simple as any conventional mailing tool.
April 30, 2015
Prommpt is a beautifully stylish iOS app created by MobiDev for Angermeier & Partner. It's a personal tool for project... more →
IMS TILES is an investigative interviewing planning tool for law enforcements. It is a secure, scalable, and flexible system with... more →
March 10, 2015
Think Inside The Box Scibox was designed as a comprehensive solution for Customer Relationship Management in the staffing... more →