June 28, 2012, 12:45 PM — A texting app that showed up in the iTunes store Wednesday is restarting the conversation about how to have secure conversations – especially via text – on smartphones.
The app, from startup Wickr is designed to make text, photos and videos sent from iOS machines more secure by encrypting them using 256-bit symmetric AES and RSA 4096 and proprietary algorithms.
Messages are encrypted on the device and while they're being transmitted – a vulnerable time for most secure-messaging apps, which protect messages when they're stored but not in transit.
Messages are sent to Wickr servers to be routed and delivered, rather than through those of the carrier or another messaging service, to give Wickr full control over them.
Message content is never stored on Wickr servers; Wickr keeps no records of the content, or any data about a particular message to identify the device that sends and one that receives it. Once the message transit is complete, Wickr loses that data, too, according to Wickr's FAQ.
Users can define who should be able to receive or decrypt the message and for how long it should be available. Once it passes its set time limit, the message self destructs.
Wickr won't even know users' identities if users want it that way:
"Your username, along with all other user and device information related to your account, is irreversibly encoded with multiple rounds of salted cryptographic hashing prior to being sent to our servers. Even we cannot determine the actual values based on the hashed values we store." – Wickr FAQ June 28, 2012
The goal is to leave no trace of either the message itself or evidence that two users ever communicated and give users the ability to control that level of security, not the app provider.
Wickr also has "anti-forensic" capabilities the company describes as having been designed to match the way mobile devices store data. Rather than letting data representing a text sit on a particular chunk of memory, Wickr continually wipes areas of main memory and storage that were used to write or display texts and pictures, according to the FAQ.