HushHushApp is a secure Android messenger (iPhone planned), for encrypted chat and file sharing. This app will secure your conversations from eavesdropping but it will not make you anonymous, in fact, you have to register to open an account before you can use the messenger. For this you can use your phone number or an email address that will have to be confirmed with a registration code.
During the registration process you are asked what country you live in and the app makes it very easy sending a text message or email to your contacts, querying if they want to chat with you using HushHushApp. You should be careful not to carry out a mass mail by mistake as all contacts are checked by default, and most likely people will only want to suggest the encrypted chat to a couple of friends.
Smartphone encrypted chat HushHushApp
Once you have opened the account you will be assigned a HushHush ID, HID, and be able to manage your profile where you can upload an avatar. The HID is used for other people to find you in the network and add you to their list of contacts. You don’t need to hand over your phone number to chat with others, the short HID alphanumeric code will be your contact ID. Another option is to individually control if a contact will be allowed to be notified when you read a message and if your location can be revealed to them.
You can create a chat group from the interface where three or four people can chat securely at the same time. If files are sent, they will be encrypted and stored that way, only accessible through the application.
Security wise, you are only told that HushHushApp uses a scrambling algorithm with no additional knowledge of what algorithm is or how it works. HushHushApp mentions that messages are deleted from the server, this means your data flows across a central server, a potential weak spot if the server is compromised. The good points are that messages have a digital fingerprint, with local storage and users database being kept encrypted, but again, no mention of what encryption they are using, you are supposed to trust they are doing a good job but you know nothing about the company either, other than their website features section is unfinished and written all in Spanish.
After I used the “Delete Account” option and uninstalled this app, browsing the storage phone I noticed a folder named com.hushhushapp.android and a tiny file named hushushgirl.3gp left behind on my phone, this shows some sloppiness by the developers part.
HushHushApp interface is user friendly and easy to use but the lack of detailed information about what security measures HushHushApp deploys does not inspire trust. You can’t confide privacy on anybody saying that they will scramble your messages and hope that all will be fine. Using a central server to deliver your messages is also not ok, it adds an additional way to break your security. I would avoid this app for secure chat based on this but it should be fine for non privacy chatting, just like MSN or Yahoo.
Miguel
Hi,
im Hushhushapp developer. I think you wrote a great post. If you have any security question, please, send me a email and I send you information about security. We combine 3 security models for each message and for each contact. The security is the adn of HushHushApp. Regards
hacker10
Hello Miguel and thank you for the offer
I don’t think it would be fair to write a review based on private information about the app security. I think that this should be made public for the user to be informed, and there should be somewhere in the app or the website where the security model is clearly explained.
Best regards,
hacker10
Nano
On behalf of the HushHush Dev team we will like to thank you for the review. We fully agree with editor about telling people how secure our application is. Hence we have made a document for anyone interested about how we protect your conversations and privacy. Thanks for your interest.
https://www.dropbox.com/s/ciw9wharholgy9v/HushHushApp%20Dossier%20English.pdf