Post-NSA revelations, Android encrypted texting service released

Wickr's encrypted text messaging service is now available for Android-based smartphones and tablets following bombshell media leaks documenting the National Security Agency's surveillance programs.

The San Francisco-based firm now offers free, international messaging for both Android and iOS platform users, according to a press release (.pdf).

On Monday, Wickr said that the free messaging app does not "require users to give up their right to privacy" while communicating, and the now-available beta version "comes at an important moment in history as this right to privacy is challenged by governments, corporations, starfish organizations and lone criminals throughout the world."

Wickr says that "private correspondence is a universal human right," and one way to advocate this right is to give mobile device users the option to send "self-destructing messages without a trace." Startup co-founder Robert Statica said:

"Wickr not only offers the most secure form of correspondence but also helps protect our users' contacts as we anonymize this information before it leaves the senders phone.

Wickr does not collect any personally identifable information on users nor can we read any messages or contents sent through Wickr, therefore, no criminal or rogue government can take them from us."

The app, which is FIPS 140-2 and HIPAA compliant, includes military-grade encryption (AES256, ECDH521, TLS), and the sender is able to decide who sees what, where, and for how long. Metadata including location, time and identifying markers are also deleted from each message.

The company says that white-hat hackers continually test the system, and quarterly transparency reports are released to the general public. Wickr recommends that users of Facebook, Skype, WhatsApp and Snapchat switch over to its more secure platform, explaining the security barriers put in place:

"Wickr properly encrypts your communications -- only you have the keys. Wickr uses AES 256, RSA 4096, ECDH521, TLS and SHA256 to protect the data in transit and at rest. Our hashing protocol is much stronger than a plain SHA384 as we do numerous rounds and other cryptographic enhancements when using sha256. This meets or exceeds the HIPAA requirements for encryption and privacy.

Wickr is also FIPS 140-2 compliant for military grade encryption and exceeds NSA Suite B compliancy for Top Secret communication. Wickr implements Perfect Forward Secrecy (PFS) by ensuring our encryption keys are unique, used only once and then forensically destroyed."

The startup hopes to keep the basic service free and offer a premium service for "power users" in the corporate world to pay for calls and texts in the future. While the exact number of Wickr users has not been released, the firm says that it has experienced "exponential growth" since its launch last year.

The launch of the service follows the closure of two encrypted email services, Lavabit and Silent Circle's Silent Mail. Lavabit, of which NSA leaker Edward Snowden was a user, closed after the owner, Ladar Levison, said he wished to avoid becoming "complicit in crimes against the American people." Silent Circle's email service grew too fast to keep metadata safe from prying eyes.