This section needs expansion. You can help by adding to it. (December 2015)
In May 2015, Channel 4 News published an investigation in which they alleged that "at least 115 ISIS-linked people" appeared to have used Surespot between November 2014 and May 2015. In June 2015, a Surespot user wrote a blog post about how the Surespot developers had stopped responding to his repeated questions regarding "governmental demands for information", leading to the user alleging that the Surespot developers were "under a gag order".[self-published source]
Surespot was specifically mentioned in a plea agreement in which a 17-year-old US citizen was charged with providing material support to ISIS.
As of November 4, 2014, Surespot has a score of 5 out of 7 points on the Electronic Frontier Foundation secure messaging scorecard. It has received points for having communications encrypted in transit, having communications encrypted with keys the provider doesn't have access to (end-to-end encryption), making it possible for users to independently verify their correspondent's identities, having its code open to independent review (open-source), and for having its security design well-documented. It is missing points because past communications are not secure if the encryption keys are stolen (no forward secrecy) and because there has not been a recent independent security audit.
Surespot provides offline backup via iTunes (PC or Mac) on the iOS version, or to local device storage on the Android version. App users can use multiple identities, for instance for private or business use.
The application supports the deletion of messages from the receiving device; the sending of pictures, audio messages (in the past only after an in-app purchase, currently for free), and Emoji icons; and user blocking.
So far there is no support for group messages and sending files other than photos.
Surespot uses 256 bit AES-GCM encryption using keys created with 521 bit ECDH. It is a Public-key cryptography system with public and private keys in order to obtain a shared secret. The shared secret is used to exchange information securely.
The app is free to install and use. Via in-app purchases one can add functionality, such as a voice-message feature. Apart from earning money via in-app purchases, surespot is donationware. Donations can be done via Bitcoins, creditcards or PayPal.
- "surespot encrypted messenger - Apps on Google Play". play.google.com. Retrieved 2019-04-27.
- "surespot encrypted messenger". App Store. Retrieved 2018-11-29.
- "Kurztest Whatsapp Alternativen". Retrieved 2014-11-24.
- "Apps to easily encrypt your text messaging". 2014-11-24. Retrieved 2014-11-24.
- "Intel fears as jihadis flock to encrypted apps like Surespot". Channel 4 News. 26 May 2015. Retrieved 18 November 2015.
- Maschke, George (7 June 2015). "Developer's Silence Raises Concern About Surespot Encrypted Messenger". AntiPolygraph.org. Archived from the original on 29 June 2015. Retrieved 17 November 2015.
- "Statement of Facts as to Ali Shukri Amin" (PDF), USA v. Amin (Court Filing), E.D.V.A., No. 1:15-cr-00164 (Docket 7), Jun 11, 2015, retrieved Jul 25, 2017 – via Recap at ¶ 11, p. 4
- "Secure Messaging Scorecard". Electronic Frontier Foundation. 4 November 2014. Retrieved 5 December 2015.