Hacker 10 – Security Hacker

Computer security
Menu
  • Anonymity
  • Encryption
  • Mobile Phone
  • Other
  • Security

Protect your privacy with a no logs VPN!

Join TorGuard
Home
Mobile Phone
Open source mobile phone app SureSpot for encrypted chat
Mobile Phone

Open source mobile phone app SureSpot for encrypted chat

John Durret 20 March, 2015

SureSpot is an Android and iPhone open source app for encrypted end to end chat, you can send pictures and text,nobody can decrypt the messages, not even the app delelopers. AES256 bit encryption keys are created in your phone and the Diffie-Hellman key agreement protocol is used to exchange them securely without having to grant private keys access to a third party, only the person you are communicating with is able to read the messages and view the photos you send.

An spy agency attempting to wiretap Surespot will find that there is not a single server they can attack for mass surveillance, they would have to hack all the end point phones to listen in, this would be impossible to do if Surespot became popular. For further privacy, Surespot can create multiple identities to chat with different contacts, your identity can be backed up, restored or permanently erased and the paranoid person can create new encryption keys as often as needed.

Another nifty feature is that you can delete the messages you have sent from the receiver’s inbox and lock attached images to stop them from being saved outside the app,  Surespot also locks itself after a few minutes of inactivity to stop impersonation in case your phone is taken while still on.

SureSpot encrypted mobile phone chat

SureSpot encrypted mobile phone chat

Unlike WhatsApp and other privacy invasive chat apps, people in your contact list will not get automatically notified when you install Surespot, before a chat can take place you need to know the nickname of the person you would like to communicate with and that person will have to accept the invitation. The app is free for chat, paying a small fee will add voice messaging so that instead of typing in you can talk to your mic, record a message and send it encrypted to your contact, another tab in the app allows you for an optional Paypal or Bitcoin donation.

This privacy app earned of the highest marks in the Electronic Frontiers Foundation score card, the only downside the EFF highlighted were that Surespot code has not been audited and the possibility of somebody getting access to your phone. The common auditing problem comes down to raising enough money, it is not the developers fault, and the danger of having your phone stolen, it can be partially fixed fully encrypting the phone.

I liked this app a lot, it has all I want from a secure mobile chat app, the most important factors being that Surespot is based on trusted encryption algorithms, it is open source which allows experts to peek in and check for bugs or backdoors, and the app does not use your phone number as a contact, the person you are chatting will not find it out unless you tell him, the only missing feature is that you can’t set up a group chat, which I don’t currently use. I am adding Surespot to my list of favourite apps.

Visit Surespot homepage

Reddit
Tweet
Email
Prev Article
Next Article

Related Articles

List of mobile apps to film incidents with the police
The following mobile apps allow you to record casual encounters and conversations …

List of mobile apps to film incidents with the police

Exchange encrypted SMS messages with Tinfoil-SMS
Tinfoil-SMS is a free open source Android app to exchange …

Exchange encrypted SMS messages with Tinfoil-SMS

About The Author

John Durret

6 Comments

  1. Zon Dom

    can you share with us what device you use with any custom rom setup etc? I am thinking to move to Android from iPhone and need some suggestions.

    Of course i value privacy and free – open source software/hardware the most.

    thank you, and keep it up, every post you make is a real pleasure to read and try 🙂

    21 March, 2015
    • hacker10

      Hi Zon Dom,

      I am currently running Android because I did not want to risk bricking a new phone installing CyanogenMod or the Replicant operating system, two alternatives to Android. And I did not have enough money to buy the OnePlus One phone that already comes with CyanogenMod installed and would have saved me having to install it.

      Android is just what I expected, lots of bundled in Google crapware products that you can’t remove, and some of those products are known to have direct access with the NSA datacenter, like Gmail, Android insists on pushing it down my throat together with their Google Plus and Google Calendar that I also don’t use and I can’t remove.

      When I buy a new phone, if I can afford it, I will buy something like the OnePlus One and use the F-Droid marketplace for apps. F-Droid can be installed in Android too but I didn’t do it yet.

      I also looked at the Firefox OS, I liked it but the choice of phones is very limited and there are not too many apps for it. If I were you I would look into CyanogenMod, or Firefox OS if you don’t care about not having too many app. With CyanogenMod apps are not a problem because it runs Android apps.

      hacker10

      21 March, 2015
  2. b-anon

    When I discovered SureSpot about 10 months ago I thought I had finally found the chat client that will be ‘perfect’ soon. I even made a donation (more than I’ve paid for 99% of apps) in hopes the developers would be encouraged that people will pay for quality ‘free’ apps.

    The one feature seriously lacking is group chat, and that has been promised “soon” for about a year. Updates have slowed significantly, and the developer (username: surespot) stopped responding to my very occasional and simple inquiries. I fear they have given up.

    I do wish other apps (textsecure/signal especially) would take Surespot’s lead on not requiring a phone number, multiple identities on one device, generating new keys anytime, etc.

    21 March, 2015
    • hacker10

      Thank you for your input b-anon. I agree with you that the only importing missing feature in Surespot is group chat, I only have one friend using this app, this is not a huge for me but all of other chat apps have group chat.

      According to Android Marketplace Surespot was last updated 4 months ago, based on this I don’t believe the project has been abandoned, it just seems that the developers are fixing bugs first or perhaps it is too very hard to add group chat to an app with that kind of encryption set up. I have in mind reviewing Signal when soon, it appears to be a promising communications app too, and there is also Wickr, already reviewed here.

      Best of luck

      hacker10

      21 March, 2015
  3. random hero

    I do believe that both of surespot and wickr suck. Both lack delivery notification and the latter doesn’t let you control when to delete a message. Telegram combines the best of both worlds although people are skeptic about its encryption algorithm. Anyways it does the job for me for the time being

    21 March, 2015
  4. 2 > Random hero

    Telegram code has been written by Russians. Telegram requires your phone number for activation of the app. It copies all my contacts, etc. These are two main reasons I do not consider this app as secure. No privacy at all…

    22 November, 2016

Hacker 10 – Security Hacker

Computer security
Copyright © 2025 Hacker 10 - Security Hacker
Privacy by TorGuard VPN