Encryption hasn't made it to mainstream consumers because it isn't always easy to use and because the person at the other end needs to be using it too. A new free iOS app called Wickr solves at least the first of those issues.
Wickr, which is available on the iTunes store beginning today, offers military-grade encryption for protecting text, photo, audio, and video messages.
All messages you send disappear within six days, unless you want them to self-destruct earlier than that. You can also set individual messages to autodestruct within a set period of time after the recipient opens them.
Wickr co-founder Nico Sell advises a number of security companies and handles public relations for the Defcon hacker convention, so she has a good handle on the privacy risks that can come from storing data on unencrypted smartphones. Encryption protects data from prying eyes in the case of theft or loss, or if the device gets hit by data-stealing malware or other remote attacks.
"Reporters always asked me how they can securely and anonymously communicate with sources, and there hasn't been an easy answer. That was my first use case," she said in an interview with CNET today. She also wanted her children to be able to freely express themselves in a safe space. "My 3-year-old can send encrypted messages" using Wickr, Sell said.
Once the app is downloaded, you create an account by providing a username and typing in a password. I found it was straightforward to send a test message to Sell and to send invites to friends from my contacts list via e-mail or text message. I set the app so alerts pop up when someone sends me a message via Wickr. The app also allows you to block certain users or allow only certain ones.
In addition to data on the device being encrypted, all data on the Wickr servers is encrypted too (the service uses AES and RSA encryption standards), so Wickr never sees the plaintext of messages. Users can remain completely anonymous; the service doesn't require an e-mail address to create an account.
The app also offers advanced antiforensics features so deleted files are not recoverable, and it "sanitizes" the device by cleaning files that have been deleted by other apps such as the native camera program, said Wickr co-founder Robert Statica, director of the Center for Information Protection at the New Jersey Institute of Technology. "The security of the message stays with the message until it disappears," he said.
A version of the app for Android will eventually be available, as well as a premium version that will give users enhanced capabilities, such as the ability to send messages to more than 10 people at once and to send video and voice messages that are longer than 15 seconds.
"Wickr is part of a new wave of security technologies that is about being user-friendly for the average person," said security expert Dan Kaminsky, who is serving as an advisor to Wickr. "Wickr is an attempt to take a very rich communication experience with voice and video and text (messages) and provide it with some of the best-of-breed technologies for creating a safe space to communicate."
Wickr does not encrypt voice calls. For that there isfor Android or for Android and iPhone from PGP creator Phil Zimmermann. A beta version is due out next month.