[liberationtech] Suggestions on low-tech, free secure mobile messaging app

Sun Mar 10 13:54:11 PDT 2013

Sorry about the top post, but have you looked at Telerivet? <http://www.telerivet.com> It's active most in East Africa but the founders and company are located… near Stanford, California.

Stackoverflow has a good summary and discussion:
http://stackoverflow.com/questions/11291196/android-as-an-sms-gateway-for-integration-with-web-application

-louis

On 13-03-10, at 12:29 , Nathan of Guardian <nathan at guardianproject.info> wrote:

> On 03/09/2013 04:17 PM, Alex Comninos wrote:
>> 1> Request opinions on the security of WhatsApp and Viber (I understand the
>> security of the previous has been discussed extensively on Libtech)
> 
> They have reasonable network security from the app to the server (basic
> HTTPS / SSL), but NOT end-to-end security between you and the person you
> are communicating with. It is also unclear how well they validate their
> server's SSL certificate, so it might be possible for that traffic to be
> broken by a man-in-the-middle attack.
> 
> Storage of message data locally on the device is in a relatively
> standard manner with all/most messages being logged by default, meaning
> it your message history can be easily extracted if the device is
> physically compromised, and possibly also by malware on the device
> (especially in the case of a rooted Android device).
> 
>> 2> Request suggestions on secure mobile messaging apps. These apps s hould
>> not just run on Android and iPhone devices, but should also run on the most
>> basic and cheapest of internet enabled phones (feature phones or dumb
>> internet enabled phones, particularly Nokia and older versions of Symbian).
>> These apps must also be free and easy to use.
> 
> Security on older Nokia and Symbian phones is a tricky subject,
> especially when you want interoperable security with Android and iPhone.
> 
> There were some Java/J2ME "crypto SMS" implementations around in the
> past, but these have not been maintained. There definitely isn't
> something interoperable with open-standards like Off-the-Record
> Encryption, as far as I know. Based on some work towards a Blackberry
> OTR app, it seems like the necessary Java libraries for strong
> cryptography on J2ME
> 
> The best that I can offer is Gibberbot, our app for Android, that can
> work just fine on really, really cheap Android phones (<$50 USD), and
> also works with ChatSecure on iPhone, and Pidgin desktop chat on
> Windows, Linux, and Adium on Mac. It also can work on slower networks
> like EDGE.
> 
> https://guardianproject.info/howto/chatsecurely/
> 
> Best of luck finding a solution that address all of your needs, and let
> us know how it goes. I am sorry we can't provide better support for
> these more limited devices.
> 
> Best,
> Nathan
> 
> 
> 
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech