SureSpot is an Android and iPhone open source app for encrypted end to end chat, you can send pictures and text,nobody can decrypt the messages, not even the app delelopers. AES256 bit encryption keys are created in your phone and the Diffie-Hellman key agreement protocol is used to exchange them securely without having to grant private keys access to a third party, only the person you are communicating with is able to read the messages and view the photos you send.
An spy agency attempting to wiretap Surespot will find that there is not a single server they can attack for mass surveillance, they would have to hack all the end point phones to listen in, this would be impossible to do if Surespot became popular. For further privacy, Surespot can create multiple identities to chat with different contacts, your identity can be backed up, restored or permanently erased and the paranoid person can create new encryption keys as often as needed.
Another nifty feature is that you can delete the messages you have sent from the receiver’s inbox and lock attached images to stop them from being saved outside the app, Surespot also locks itself after a few minutes of inactivity to stop impersonation in case your phone is taken while still on.
SureSpot encrypted mobile phone chat
Unlike WhatsApp and other privacy invasive chat apps, people in your contact list will not get automatically notified when you install Surespot, before a chat can take place you need to know the nickname of the person you would like to communicate with and that person will have to accept the invitation. The app is free for chat, paying a small fee will add voice messaging so that instead of typing in you can talk to your mic, record a message and send it encrypted to your contact, another tab in the app allows you for an optional Paypal or Bitcoin donation.
This privacy app earned of the highest marks in the Electronic Frontiers Foundation score card, the only downside the EFF highlighted were that Surespot code has not been audited and the possibility of somebody getting access to your phone. The common auditing problem comes down to raising enough money, it is not the developers fault, and the danger of having your phone stolen, it can be partially fixed fully encrypting the phone.
I liked this app a lot, it has all I want from a secure mobile chat app, the most important factors being that Surespot is based on trusted encryption algorithms, it is open source which allows experts to peek in and check for bugs or backdoors, and the app does not use your phone number as a contact, the person you are chatting will not find it out unless you tell him, the only missing feature is that you can’t set up a group chat, which I don’t currently use. I am adding Surespot to my list of favourite apps.
Zon Dom
can you share with us what device you use with any custom rom setup etc? I am thinking to move to Android from iPhone and need some suggestions.
Of course i value privacy and free – open source software/hardware the most.
thank you, and keep it up, every post you make is a real pleasure to read and try 🙂
hacker10
Hi Zon Dom,
I am currently running Android because I did not want to risk bricking a new phone installing CyanogenMod or the Replicant operating system, two alternatives to Android. And I did not have enough money to buy the OnePlus One phone that already comes with CyanogenMod installed and would have saved me having to install it.
Android is just what I expected, lots of bundled in Google crapware products that you can’t remove, and some of those products are known to have direct access with the NSA datacenter, like Gmail, Android insists on pushing it down my throat together with their Google Plus and Google Calendar that I also don’t use and I can’t remove.
When I buy a new phone, if I can afford it, I will buy something like the OnePlus One and use the F-Droid marketplace for apps. F-Droid can be installed in Android too but I didn’t do it yet.
I also looked at the Firefox OS, I liked it but the choice of phones is very limited and there are not too many apps for it. If I were you I would look into CyanogenMod, or Firefox OS if you don’t care about not having too many app. With CyanogenMod apps are not a problem because it runs Android apps.
hacker10
b-anon
When I discovered SureSpot about 10 months ago I thought I had finally found the chat client that will be ‘perfect’ soon. I even made a donation (more than I’ve paid for 99% of apps) in hopes the developers would be encouraged that people will pay for quality ‘free’ apps.
The one feature seriously lacking is group chat, and that has been promised “soon” for about a year. Updates have slowed significantly, and the developer (username: surespot) stopped responding to my very occasional and simple inquiries. I fear they have given up.
I do wish other apps (textsecure/signal especially) would take Surespot’s lead on not requiring a phone number, multiple identities on one device, generating new keys anytime, etc.
hacker10
Thank you for your input b-anon. I agree with you that the only importing missing feature in Surespot is group chat, I only have one friend using this app, this is not a huge for me but all of other chat apps have group chat.
According to Android Marketplace Surespot was last updated 4 months ago, based on this I don’t believe the project has been abandoned, it just seems that the developers are fixing bugs first or perhaps it is too very hard to add group chat to an app with that kind of encryption set up. I have in mind reviewing Signal when soon, it appears to be a promising communications app too, and there is also Wickr, already reviewed here.
Best of luck
hacker10
random hero
I do believe that both of surespot and wickr suck. Both lack delivery notification and the latter doesn’t let you control when to delete a message. Telegram combines the best of both worlds although people are skeptic about its encryption algorithm. Anyways it does the job for me for the time being
2 > Random hero
Telegram code has been written by Russians. Telegram requires your phone number for activation of the app. It copies all my contacts, etc. These are two main reasons I do not consider this app as secure. No privacy at all…