Zendo is a free iPhone and Android app for encrypted chat, users communicate directly with each other using One Time Pad encryption keys that will have previously exchanged in person.
After installing the app you will see two options on the screen, one displaying a QR code and a second button to scan other people’s codes. Pointing your camera phone to the QR code seen on the screen of your friend’s phone authenticates both devices via Wi-fi direct and encrypts the connection with AES256, it then exchanges multiple One Time Pad encryption keys (o.5MB). If anybody listened nearby and captured the exchange you would not have to worry as the connection was initially encrypted.
The strength of One Time Pad encryption is that a new key is used for each one of your messages, this is why you need multiple keys, and why if anybody managed to crack one of the keys they would only be able to read a single message, to be able to decipher a whole conversation taking place your adversary would have to crack hundreds or thousands of encryptions keys.
Another security feature is that the messages and photos you send are encrypted before they leave your phone, to extend the longevity of One Time Pad encryption keys, photos are encrypted with AES256bit.
In advanced settings an “Out-of-Band Messaging” option enables you to send encrypted Zendo messages via email or SMS, you are not required to use Zendo servers to deliver messages to other users you have exchanged keys with, another option deletes all messages on close, ticking the box will automatically erase all messages and photos when you close the app while keeping your contacts and encryption keys you have exchanged, and a third option steps up security to paranoid level allowing you to exchange large encryption keys, this choice will reduce phone performance in low end devices.
For privacy, Zendo servers do not log any IP, they are quickly erased, and you never facilitate the company any email address or phone number, contact list, messages and photos remain in your phone and not in Zendo servers. The company can’t spy or help anybody spy on you with the information and capabilities they have.
When you run out of One Time Pad encryption keys you will have to meet again in person and top up, this will seem annoying to many people but it is a good excuse to have a face to face meeting with somebody, there is a certain social element in Zendo. This is an app to communicate with people you know in real life and are close to you. The biggest downside of high security is usability as Zendo proves, you can’t use this app to chat with people you just met, keys can not be sent over the Internet.
Zendo is a niche app where the person you are chatting with will be as overtly suspicious about privacy and security as you are, I see next to zero options to convince my friends to use it otherwise. The app is not open source but the code was opened for an independent audit. The developers say that Zendo will always be free, monetization will be made in the form of premium features to be added in the future.
Before using this app remember that, no matter how secure your messaging app is, if somebody manages to introduce a virus in your smartphone, they will be able to read everything, security has to be implemented all over the device.
Visit Zendo in the Apple Store or Visit Zendo in Google play
Anon
0.5MB keyfile. Ridiculously small. Creating a keyfile with cellphone PRF is the equivalent of expanding a stream cipher keystream beforehand — marketing it as OTP is snake oil.
Zendo does not generate keys with a HWRNG, therefore the keys do NOT have prefect secrecy property. The keys are deterministic — if the adversary can figure out the IV, all future keys can be generated. The system does not use standard one-time MAC / Wegmann-Carter MAC so given the impression of OTP being unbreakable, people won’t realize Zendo does NOT provide unconditionally secure authentication.
ALSO, nothing is spoken about the keys being overwritten after use, and finally, a smartphone is absolutely not the secure endpoint you want to use: with it’s proprietary blobs, proprietary OS and proprietary baseband processor.
To be frank, the endpoint security sucks, you’re better off using PGP/OTR with standard Linux.