Most messaging apps use one of two different types of database to store and relay messages and content between users. One is a self-hosted, on-premises database instance utilising corporate level software. The other is a cloud provided provision that allows for near instant scalability anywhere in the world anytime. In those instances most messaging apps, even the popular ones, use Google‘s Cloud Firebase. This is what a typical Firebase app looks like:
Firebase uses Google Cloud’s strong security features, including encryption in transit with HTTPS, and encryption at rest for many services, including Cloud Firestore. This means that if an evil-doer were to listen in on the network calls your users make to Cloud Firestore, or if they were to break into one of Google’s data centers and make off with a hard drive, they still wouldn’t be able to access your users’ data.
But this data is unencrypted as it passes through frontend and backend servers, and is also available to admins and developers in the live database. This means that anybody in your company with “view” access to your Cloud Firestore database could still see this data. And if there’s an error in your Firebase security rules that allows rogue parties to download documents they shouldn’t, those parties could see the data contained in those documents.
A two year study in the UK found that 88% of data breaches were caused by developer error, not cyberattacks. While Google is doing a great job protecting the cloud infrastructure, end-to-end encryption is a layer on top that protects developers from both mistakes and hacks.
End-to-end encrypted applications utilising scalable cloud based storage solutions operate vastly differently. This is how our app implements client-side end-to-end encryption:
Using a chat app as an example, the messages will be encrypted on the users’ devices and remain encrypted everywhere in between. In other words, none of the networks, servers and databases (not even you) will see anything but scrambled data passing through.
What Can I End-to-End Encrypt?
Anything – chat messages, files, photos, sensory data on IoT devices, permanent or temporary data. You decide what data you want to end-to-end encrypt — you can encrypt some fields in a Cloud Firestore document, but not others. For example, you might want to keep benign information related to a chat app (like timestamps) in plaintext but end-to-end encrypt the message content.
Why Should I Use End-to-End Encrypted Solutions?
The world around us is dangerous. We are all under constant threat from data theft and manipulation. We have never lived in a more ‘untrusted’ age than the one that we live in now. According to the Economist:
“The world’s most valuable resource is no longer oil, but data.”
Economist
06/05/2019
Source Link
Some of the world’s biggest companies have been found to be completely unsuitable for administering to the safety and security of our personal data. Our personal data is under threat. Your data is under threat.
“Major security bug shows there is a risk to everyone using chat apps.”
Independent
14/05/2019
Source Link
Given that the main major players in the personal digital communications market, chat messaging have shown a complete lack of interest in ensuring the ethical utilisation of user generated data and content the time has come for all of us to take the protection of our digital selves very seriously. By using end-to-end encryption in your applications you can ensure the security and integrity of your data, not only from actual service provider but also all other Corporate and Government systems.
What is the solution?
There is a new solution, Vox Messenger. Designed and developed in the UK by British Developers, this cutting-edge app combines the features of other popular chat messenger apps with end-to-end encryption and no ads or retargeting.
Check out Vox Messenger today and chat with colleagues, friends and family on an end-to-end encrypted platform that ensures that no one but you and your intended can read your messages. Our app also features Incinr8. An incredible new feature that allows you to delete your messages not just from your handset but also all messaging servers that the message was stored on.