Sicher

From Wikipedia, the free encyclopedia
  (Redirected from Sicher (software))
Jump to navigation Jump to search
Sicher
Sicher Messenger Service Logo.png
Developer(s) SHAPE GmbH
Initial release June 2014 (2014-06)
Operating system Android, iOS, Windows Phone
Type Instant messaging
License Freeware
Website shape.ag

Sicher (German language word meaning "safe", "secure" or "certain") is a freeware instant messaging application for iOS, Android, and Windows Phone. Sicher allows users to exchange end-to-end encrypted text messages, media files and documents in both private and group chats. Sicher is developed by SHAPE GmbH, German company which pioneered mobile messaging with IM+ multi-messenger app it has been offering since 2002.[1]

Security[edit]

Sicher uses asymmetric point-to-point RSA cryptosystem with 2048 bit long key.[2] All data exchange between mobile apps and Sicher servers is protected using SSL. Company claims that encrypted messages are deleted from servers as soon as they have been delivered to recipient.[3] Lifetime of encrypted data (pictures, voice messages, files) is defined by message self-destruction timer value which has a maximum of 14 days, however the chat participant may choose to manually purge messages. On mobile devices all messages, received files and metadata are encrypted before saving them to internal storage, where application passcode is used as a key to symmetric encryption.

Privacy[edit]

Sicher uses phone number for user authentication due to phone number being a unique identifier that can be easily confirmed and an efficient anti-spam measure. User’s address book is used for discovery of Sicher contacts, however address book data is not stored on Sicher servers. User may choose to receive anonymous notifications about new messages, which means that notification on lock screen will not display content of incoming message, including sender’s name.[4]

Controversy[edit]

Because Sicher is a closed source proprietary application, it is not possible to verify whether the claimed encryption standards are properly used and well implemented. Furthermore, it can not be verified if the servers are free of intentional or accidental security flaws.[original research?]

See also[edit]

References[edit]

External links[edit]