Self-destructing encrypted messaging apps, such as Confide, Signal and Wickr, have recently become popular among politicians. These apps claim to remove the messages once they have been read by the intended recipients to avoid potential leaks: no record, no paper trail. But Appthority researchers investigated Confide, one of the popular messaging apps among politicians, and found that it sends users’ messages to Apple when they use Siri with the app. In this case these supposedly self-destructed secret messages are retained at Apple for at least 6 months and up to 2 years.
This leak is caused by the app’s use of Siri commands and dictation feature. Confide allows users to launch the app and send messages using Siri. Users can launch Confide by saying, “Hey Siri, text [senior White House official] on Confide” to Siri. After the app is launched, users can send any secret messages using Siri’s dictation. What Confide and users may not know is that all Siri voice commands and messages are sent back to Apple’s data farm for analysis. This counteracts the users’ intention of using a confidential messaging app and may lead to sensitive government information being stored at Apple servers.
Siri’s privacy statement says, “When you use Siri and Dictation the things you say and dictate will be recorded and sent to Apple to process your requests. Your device will also send Apple other information such as your name, nickname; the names, nicknames, and relationship with you (e.g., “my dad”) of your address book contacts… If you have Location Services on, the location of your device at the time you make a request will also be sent to Apple… ”.
Thus, if users use Confide via Siri, important information, such as who the users send messages to, what secret messages they send, and where they send the messages from, are all recorded and retained at Apple. Although Apple claims to delete recent user voice inputs if users turn off both Siri and dictation in Setting app, older voice input data will remain on Apple servers. Moreover, these data may be subject to subpoena or warrant. For instance, an Amazon Echo, which passes voice messages to its speech-recognition neural network, was confiscated by police in the investigation of a murder.
Appthority researchers also notice that the Android version of Confide uses SpongyCastle to encrypt and Signpost to sign the HTTP requests. The encryption keys of these protocols are stored on the user’s device for both Android and iOS. Although the storage of keys on user devices is to enable end-to-end encryption, Appthority would like to remind users that a significant number of mobile malware are capable of rooting the devices, compromising all the secret keys that are stored on the devices. After an attacker has the secret key, the attacker can decrypt all the encrypted communications on the fly, while remaining hidden on the devices.
Overall, self-destructing messaging apps increase user privacy to some extent by covering messages from shoulder surfing and giving some controls over users’ messages. However, there is still a long way to go to fully prevent users from malware, hackers, spies, or government surveillance. Therefore, Appthority urges enterprise users and government officials to be aware of the limitations of protection by self-destructing messaging apps for confidential communications and to avoid using Siri, for maximum security.
photo credit: https://getconfide.com/media