Software:Sicher

From HandWiki
Revision as of 17:25, 27 June 2023 by WikiGary (talk | contribs) (link)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Short description: Instant messaging software
Sicher
Sicher Messenger Service Logo.png
Developer(s)SHAPE GmbH
Initial releaseJune 2014 (2014-06)
Operating systemAndroid, iOS, Windows Phone
TypeInstant messaging
LicenseFreeware
Websiteshape.ag

Sicher (German language word meaning "safe", "secure" or "certain") is a freeware instant messaging application for iOS, Android, and Windows Phone. Sicher allows users to exchange end-to-end encrypted text messages, media files and documents in both private and group chats. Sicher is developed by SHAPE GmbH, German company which pioneered mobile messaging with IM+ multi-messenger app it has been offering since 2002.[1]

Security

Sicher uses asymmetric point-to-point RSA cryptosystem with 2048 bit long key.[2] All data exchange between mobile apps and Sicher servers is protected using SSL. Company claims that encrypted messages are deleted from servers as soon as they have been delivered to recipient.[3] Lifetime of encrypted data (pictures, voice messages, files) is defined by message self-destruction timer value which has a maximum of 14 days, however the chat participant may choose to manually purge messages. On mobile devices all messages, received files and metadata are encrypted before saving them to internal storage, where application passcode is used as a key to symmetric encryption.

Privacy

Sicher uses phone number for user authentication due to phone number being a unique identifier that can be easily confirmed and an efficient anti-spam measure. User's address book is used for discovery of Sicher contacts, however address book data is not stored on Sicher servers. User may choose to receive anonymous notifications about new messages, which means that notification on lock screen will not display content of incoming message, including sender's name.[4]

Controversy

Because Sicher is a closed source proprietary application, it is not possible to verify whether the claimed encryption standards are properly used and well implemented. Furthermore, it can not be verified if the servers are free of intentional or accidental security flaws.[original research?]

See also

References

External links