On Android, someone could be tricked into installing a hacked app from outside the Play store. In contrast, this is hidden when using mobile apps. Also, when looking at a website, you can tell what computer you are communicating with. In contrast, with secure websites, the browser indicates when encryption is used and assorted websites can test and verify the encryption.
On mobile devices, you can not see the end to end encryption, so you have to take it on faith. Taking a step back, Android and iOS are probably not the best place for secure communication. Even with messages that self-destruct, the recipient can take a picture of their screen showing a message. On mobile devices, messages can also leak if the sender's device was hacked, the recipient's device was hacked or the recipient is simply not trustworthy and leaks messages, either on purpose or by accident. Likewise, the app that receives an E2EE message might save the message in an insecure manner.Įven if both the sending and receiving app store messages securely, the app still needs to retrieve messages and if either device is seized, the messages probably can be read (there may be an app configuration setting for this). Because messages are sent using end-to-end encryption, does not mean that everything leaving the app is always and only sent that way. The app sending an E2EE message sees the message before encrypting it, so the app could save it or send it or send parts of it in an insecure way. Note that there are limits to the protection offered by end-to-end encrypted apps.
It is offered by Signal, Threema, Wire, Session, WhatsApp and others and is often abbreviated E2EE. For messaging apps, End-to-End encryption is the top of the line.
0 kommentar(er)
