Q&A: Tim Gallagher, SafeSwiss

08 FEB 2017

Security communications provider SafeSwiss launched a messaging app it hopes will rival the likes of WhatsApp and Telegram, with a focus on encryption, believing the market lacks “a true competitor”.

Mobile World Live spoke to CEO and co-founder Tim Gallagher, who expects the app to garner around 500,000 to 1 million downloads in the next few months and said: “suffice to say its tracking along very nicely beyond our initial assessment”.

Gallagher said Telegram and Wickr do not provide any secure voice capability and, in the case of the former, users first have to implement a secret chat feature to obtain end-to-end encryption.

Meanwhile Snapchat “has had a chequered history” when it comes to user security. In 2014, usernames and phone numbers of 4.6 million Snapchat users were stolen and made public on the internet.

One of Snapchat’s main selling points is its picture and video messages are temporary – once they have been seen by the recipient they disappear forever. However, this isn’t quite the case, he said.

Gallagher praised a partnership between WhatsApp and Signal communication which “has done an absolutely remarkable job introducing encryption to the masses in the extremely short timeframe it has taken them with having achieved over one billion users.”

However, he criticised WhatsApp’s announcement it is now sharing user data with parent Facebook and said it “is a complete contradiction of earlier promises.” The move faced a severe backlash.

“WhatsApp is not the only company engaging in this type of activity – the reality is many companies are now data mining all our information,” Gallagher said.

Why did SafeSwiss decide to launch a messaging app?
We believe the market lacks a true competitor when it comes to the monopolisation occurring with primary providers such as WhatsApp, Telegram, Wickr and Signal.

The app is not just about secure messaging, it’s a total end-to-end encrypted platform and unlike both Telegram and Wickr, this includes secure peer-to-peer voice calling.

What is your opinion on the narrative that the messaging app market is too crowded for a new entrant?
Overall the messaging market, be it secure messaging providers or otherwise, can be considered crowded, but also extremely fragmented.

Many people are unaware providers within this space only encrypt in transit, and anything sent can become extremely vulnerable whilst sitting unencrypted on a server prior to being delivered.

People really need to better understand this. Almost daily we hear instances of data breaches and man-in-the-middle (MiM) attacks.

When providers collect data on their customers the threat goes beyond the data they may be giving to law enforcement agencies, authorities or selling to other companies.

The Yahoo data breach or the LinkedIn hacks in 2012 show the practice of collecting and storing your information leads to compromised situations – you can keep yourself secure, but the companies whose services you use may not be keeping your data safe enough on your behalf.

What sets you apart from the competition?
At SafeSwiss, all encryption keys are generated and safely stored on user’s devices to prevent any backdoor access or copies completely eliminating any possibility of MiM attack.

SafeSwiss Networking and Cryptography Library is set in concrete to protect (encrypt and authenticate) all messages between sender and receiver, as well as the communication between the app and the servers.

Its encryption code is open to independent audits and it provides two layers of encryption: an end-to-end layer between the conversation participants, and an additional layer to protect against eavesdropping of the connection between the app and the servers.

The latter is necessary to ensure any adversary who captures network packets (for instance on a public wireless network) cannot even learn who is logging in and sending a message to whom.

All message encryption and decryption happens directly on the device, and the user has control over the key exchange. This guarantees that no third party – not even the server operators – can decrypt the content of any messages.

SafeSwiss also allows users to determine their own unique ID, and it’s optional if they want to include phone number and email.

This goes a long way to eliminate potential vulnerabilities associated with SMS/email authentication, which can be intercepted by telcos and shared with hackers or governments, and provides users with anonymity.

This authentication vulnerability was exposed recently in a Telegram hack where Iranian hackers compromised more than a dozen accounts and identified the phone numbers of some 15 million Iranian users.

Other than security, what features of the app set you apart?
SafeSwiss’s user interface offers users simplicity in functionality and is fully customisable.

 

Author

Saleha Riaz

Saleha joined Mobile World Live in October 2014 as a reporter and works across all e-newsletters - creating content, writing blogs and reports as well as conducting feature interviews...More

Read more

Related

Tags