Encrypted P2P FOSS communication for Android and iOS that works - Android Q&A, Help & Troubleshooting

I´m sorry for putting up a question like this, but I´ve really been diving deep on the web and can´t seem to find anything that works and really would appreciate anybody´s perspective on this.
So the question is, does Encrypted P2P FOSS communication exist that runs on both Android and iOS, that actually works?
If not, is it feasible to do at all if some amount of dollars appeared for a project like that?
Some additional discussion:
----------------------------
I remember that ICQ was P2P and seemed to work pretty well back then.
It could be a simple text messaging app, but of course it would be great with calls and video.
It´s ok that messages are only transmitted when the devices that are attempting to communicate are both online, but I expect them not to throw away messages if there´s no communication and to retry sending.
The communication on XMPP runs through a server and often the encryption is not working, Jami doesn´t really work for many people, Tox doesn´t work on iOS and some Android devices. I consider Signal government sponsored and not truly Open Source.
Why is it important to me that the communication doesn´t run through a server?
1) Privacy
2) Load on the server makes this model a heavier burden on somebody and thus less sustainable.
It´s fine that the contact is established through a server, but there´s no need for the communication to run through the server too.
Additional question:
----------------------
Are there anybody brave enough to guesstimate what amount of dollars could lead to the goal of creating:
*Easy to install/setup/use app and some form of server (probably federated) (both open source)
*That communicates P2P (establishing contact through a server)
*That can run on both iOS and Android?
*That can deliver text messages, images and transfer files.
*That is designed to be able to handle calls and video in the future
?
Best regards,
Frederik

Related

looking for CRM and WORKFLOW apps for my XDA

XDA, apart from its cellphone functionality, has a great value as business tool I am considering getting some CRM (customer relationship management) tool and also possibly worflow application
I have been looking through many similar solutions available on the net and either they are very pricey or need very extensive hardware and software platform to operate
Although I have a smallish home network I would rather stick to simple solutions that do not make me learn to to use sophisticated and pricey tools. I need a tool that:
- I can use
- that is user friendly
- allows me to use my XDA, laptop and desktop PC to access it
- has an interface or either www (maybe php) or sth else to server based resources
- keeps track of all ongoing business transactions
- uses Microsoft Outlook (if possible - although it might be a serious limitatin) for contacts, email, scheduling etc
- other
Of course easy integration with Microsoft Office is not a key but helpful, other viable solutions are warmly welcome
uffffff, for the time being no more thoughts, heh
Is anyone using any CRM and/or WORKFLOW kind of appliaction ????
regards, monika
Try Pocket Informant
Hi
Try the Pocket Informant 5.0 from webIS, you can buy it from http://www.pocketinformant.com/
Good luck!
// J.
Witam.
Myślę, że takie oprogramowanie to chyba najlepiej sobie zamówić (nawet niekoniecznie u mnie) w php byłoby dość rozsądnie, tanio i bez problemów sprzętowych.
Pozdrawiam Maciej
monika69 said:
XDA, apart from its cellphone functionality, has a great value as business tool I am considering getting some CRM (customer relationship management) tool and also possibly worflow application
I have been looking through many similar solutions available on the net and either they are very pricey or need very extensive hardware and software platform to operate
Although I have a smallish home network I would rather stick to simple solutions that do not make me learn to to use sophisticated and pricey tools. I need a tool that:
- I can use
- that is user friendly
- allows me to use my XDA, laptop and desktop PC to access it
- has an interface or either www (maybe php) or sth else to server based resources
- keeps track of all ongoing business transactions
- uses Microsoft Outlook (if possible - although it might be a serious limitatin) for contacts, email, scheduling etc
- other
Of course easy integration with Microsoft Office is not a key but helpful, other viable solutions are warmly welcome
uffffff, for the time being no more thoughts, heh
Is anyone using any CRM and/or WORKFLOW kind of appliaction ????
regards, monika
Click to expand...
Click to collapse

how to create a communication system between an android and other asp.net

Guys, good afternoon.
I'm doing a project where I need a web system, done in ASP.NET, to communicate with an android system.
Thus, the two systems will use the same database.
I came to find out about WEBSERVER, but I found this on a forum that left me a little confused:
"It is worth noting that the consumption of Web services on mobile devices is not recommended by the Android development team due to the processing overhead of SOAP calls. If you have control over the server, the ideal is to use REST-based architectures such as OData . "
It is not recommended to use webserver in android?
How then can I do to create that communication between the two systems?
Now appreciate everyone's help.

[Q] Is android right for my project?

Hi folks,
I have had this idea in my mind for a couple of years now and would like to get on with it and stop dreaming about it and just jump in and do it already!
My experience during the past 20 years has been working as a programmer on MSSQL and VB and VB.net with good working knowledge of C, HTML5, Javascript, VB, VC, Access, MSSQL, MySQL, PHP, CSS, some Java, etc...
I don't mind learning new skills and actually looking forward to getting started, but I need to know that I am not barking up the wrong tree.
I intend to make this an open source project and not as a commercial product.
My dream is to make my phone, my voice-driven computer. Where the phone might not have enough resources, I need to use my main computer as top tier and act as server.
I know ubuntu touch might be a contender but it lacks many drivers for GPS, Propriety drivers, etc...
Let me tell you about my idea first as a high level plan due to my ignorance of the details of this implementation.
I want to make my phone (Nexus 4) be able to listen to my commands via a Bluetooth headset (Through a speech recognition engine), and tell me in in natural speech, things that I need to know or care about. For example: "You have a new email from David. Do you want me to read it or display it?" Sort of like what is now a movie called "Her" without the science fiction and the lovey dovey story part .
I want to write an internet agent that would search the net (from a list of sites) for what I am interested (through an AI program like freehal.net), and keep them for display in the order of relevance when I query it.
I also need to take over the telephony hardware when needed. For example: A call comes in, I want to be able to look-up their number in my database of contacts, if an entry is found, to tell me "Sam is calling. Do you want to answer it?"
I also want to keep a black list table where I know they are trying to sell me something and answer the phone (without me pushing any buttons) and tell them that I am not interested in answering their calls and that they are on my black list. Then hangup. Without sending them to voice mail.
I tried asking the android community on Google 2 years ago to ask why the SDK doesn't provide telephony API front end to answer the call without user interaction, but got no replies.
I've installed ubuntu on my laptop to learn Linux and got it working properly after a couple of days and have downloaded and installed all the programs and sdks I think I'd need. There are a lot of interesting projects in AI and user agents going on and I like to participate in them once I am up to par with the linux environment.
Can anyone give me some guidance, pointers or what to look for. If there are any project in development that I could join, would be much appreciated.
I tried to explain my interest as best as I could. If you need more info, please let me know.
Thanks for all your help guys.

Sicher, new mobile encrypted chat app with safe file transfer

Hi all,
I'd like to share great news. Sicher, our free secure messenger finally comes to Windows Phone.
Sicher features true end-to-end encryption of both text messages and file attachments. With anonymous push notifications and the ability to set a timer for when messages will self-destruct, Sicher also includes password protection for the app itself.
Please try Sicher and share your feedback in this post.
FairyMary
Sicher Team
App is free, store link is here: EDIT: Removed because this thing looks like a scam and its description is a lie
I haven't been able to find a lot of info about how the app works (I'm talking about at a very technical level). My general advice regarding crypto code is to open it up for review, either publicly or by a professional security assessment firm (disclaimer: I work at one of those). If the code is already open for review somewhere, that would be awesome; if not, I recommend getting in touch with some external security experts (same disclaimer, but I can provide contact info if you want). The Internet is full of things that the developer claimed (and often even sincerely believed) were secure.
Aaaand just for fun, I decided to take a look at the app and see if there was anything obviously wrong. Let's start with the presence of no fewer than *three* advertisement networks, shall we? Begun Advertising is Russian and Google-owned, Google AdMob is self-explanatory, as is Microsoft Advertising Mobile. Your store description claims you
don’t use any advertising engines
Click to expand...
Click to collapse
. Did you really think nobody would check this?
WTF are you trying to pull here?!? I can't think of any way to faster burn trust in a "secure" app than to make a claim that is trivially disprovable in a way that benefits nobody except you.
I'll come right out and say it: Sicher looks like a scam!
Oh look, a Facebook library as well. Totally expected to see that, given that you
don’t integrate social network SDKs
Click to expand...
Click to collapse
Oh, and before anybody asks about responsible disclosure, that's for when there's an unintentional bug in somebody's code. This just looks like pure exploitation of your users! (I say "looks like" because I haven't actually decompiled the code to see if those libraries are being used, but it's hard to imagine why you'd have them otherwise...). The only responsible way to disclose malware is to do it publicly, and this looks malicious.
EDIT: I'll give you 24 hours to give me a good argument why I shouldn't report my findings to the stores themselves.
Time's up. You actually got over 48 hours because I was busy yesterday. Hope not too many people got scammed and tracked by your "secure" and "private" app...
Hey @GoodDayToDie, unfortunately I don't know where else to ask this, since you seem to be really interested (and skilled) in this topic, what messengers do you consider secure? WhatsApp is obvious, the only ones on Windows Phone I know of that come to my mind are Telegram and (soon) Threema.
What do you think about the two? I have basically no knowledge, but what seems odd to me about Threema is their faqs answer to "what about MITM?" they just say they use certs, hardcoded in the app. Aren't they with their servers in control then? How I understand this, the Threema servers could perfectly perform a MITM attack.
And Telegram has a completely confusing protocol.. So please share your thoughts!
I have no personal knowledge of one, sadly. Take anything I say here with a huge grain of salt (including the fact that Sicher looks like a scam; I haven't actually verified that it *uses* all those ad networks + Facebook that it integrates, just that it has them) as I'm not spending the time & effort for a full security review of these apps at this time.
Threema actually looks quite good.
Pros:
They don't try to implement the crypto themselves (they use NaCl, which is both written by people who know what they're doing, and well-reviewed).
The design of their end-to-end solution makes sense (it connects through the server since phone networks won't allow incoming/direct connections, but the messages are encrypted to only the recipient and doesn't require that the recipient be online to receive the message).
They are relatively open about how things work (although those *could* be lies; I haven't pulled the app apart).
It is possible for the user to verify the key of another user.
Cons:
They don't have Perfect Forward Secrecy on messages. PFS would require that the intended recipient be online at the start of any given conversation (to negotiate the ephemeral keys) so this isn't terribly surprising, but it is disappointing. An attacker (including a government agency) who gets access to your private key could decrypt historical traffic to you if they'd recorded it.
The app is proprietary; there's nothing stopping them from pushing a malicious update.
The server supplies the public keys of users; until such time as the user validates the other party's key (which is difficult to do except in person) the server could have sent a public key that the server has the private key for (instead of the user's own public key) and then MitM the user's traffic. This would break down when verified though, unless the app lied about the result of the verification process (you don't actually see the key itself).
To address your concern about MitM, the app says they use certificate pinning (a standard and very smart security measure, assuming they did it right) for app-to-server communication, so nobody (including third-party security engineers) can MitM the app traffic. They also claim to use PFS. However, if the server itself is untrusted (i.e. some government thugs show up to demand access, although bear in mind that apparently the servers are all in Switzerland) then the server could give you the wrong public key for a user you try and add, allowing the server to MitM you. Also, the company could push an update that is malicious.
The only protection against the server-sends-wrong-key threat is to either require that the user manually import all keys (think PGP minus keyservers and assuming trustworthy key exchanges) or exactly verify the key (i.e. personally ensure that it matches the other user's key by actually checking the bytes or at least the hash). The only protection against the malicious update is to make the source code available and have a method by which users can either compile it themselves (though see "Reflections on Trusting Trust") and/or have a way to verify the application binaries.
I'll look at Telegram later. For the moment, though, I would loosely recommend Threema once it's available. There's also Skype, of course, but while it was decompiled once long ago (and found to use secure encryption, although some non-crypto vulns were found) that was many versions ago (and, in particular, was before Microsoft bought them).

[Q] Security framework aproach (ROM for Kids)? APP or ROM?

Hello.
I am here seeking for help and advice on how to approach the development of a security framework (via APP or via hacked Android ROM to be used by kids, that could be monitored by adults (parents or legal tutors).
The idea would be to develop a (white hat) hacked ROM, that would allow the kids to communicate with their friends, but also would allow their parents to supervise/monitor in real time what their children are doing, who are they communicating with and that way protect their children. The thing is not to spy on our kids, but to be able to check regularly if there is anything wrong going on with our kids (mobbing, insults or harassment). Kids aged (10-14) could be influenced by other kids, adults, or adults simulating being kids, and on some occasions they can be tricked to do things without their parents consent/knowledge that can lead to a tricky situation.
When I was a kid, we had the telephone (wired telephone, of course) on the middle of the hallway, so all our conversations were basically family-public. The truth is that there are not many secret things a 10yo kid could/should talk about, but nowadays, it could be a little bit worrying to lend a smartphone to a kid. I think it's just as letting a kid drive a car; he can do it right, or not be able to evaluate the whole consequences of driving a car.
Talking to other parents around me, they all found very interesting the idea of having a telephone that one could lend to their son, having the kid available all the time, and with the peace of mind that you could know what's going on. Of course the kid should be aware of this, and that the telephone comms are being supervised. I think it's no big deal. "Kid, it's very simple. The telephone is mine, and if you want to use it you have to use it under my terms".
Probably, all of us working for a company, have also our communications supervised, cannot make personal phonecalls with the company's telephones, probably cannot navigate to webs looking for personal content, and we asume those rules (because neither the company's phones nor the computers are ours but our company's). It's basically the same, switching the company-employee role to a father-son one.
So, let's get to the point (technically). I am a tech-geek, linux pro-user, have compiled a few ROMs just for personal use, but don't feel capable enough of starting a project of these magnitude alone. If there is anyone willing to help, opine, or whatever, will be very welcome.
First of all, APP or ROM? I basically think that the ROM is the way to go, but I'm asking just in case someone can convince me on the contrary. I will make a poll on this question.
APP An APP could be easily downloaded and installed but would require a rooted phone, and I don't see it clearly if an APP could resolve all the needed issues (access to communications for example) and could be fairly easily uninstalled too.
ROM On the other hand, a ROM would be trickier to uninstall (basically flashing another ROM) but wouldn't be as easy to install as an APP (though the installer model of cyanogenmod could be kind of a solution). There could be an universal (if possible) independent flashable module, over whatever android ROM, or an entire ROM solution.
Features that I want to develop in this ROM (by the way, I call it 'Vigilante ROM'):
Suitable for as many devices as possible
Web interface for parents available to see device-related information
Some hack-proof measures to avoid kids bypassing the ROM's security
Alerts triggered on some events (offensive words, whatever)
Position of the mobile -just in case-
Suitable for as many devices as possible
The first thing I though was what platform should be used for this ROM. To select Android over others (iOS, Blackberry, W7) was a no-brainer. Now, the question is should we use pure Android or make a CyanogenMod fork?
In my opinion, even though every phone maker has to supply their ROM sources publicly, they usually introduce so many modifications (HTC Sense, Samsung Touchwizz and so on) that it looks more difficult to develop a common security framework over each manufacturer's version of Android, rather than using a more standardized one like CyanogenMod.
CyanogenMod already works with a wide number of devices (and a wider one if you count the unofficial supported devices), I think CyanogenMod should be the base of this ROM. If all the 'things' needed could be flash on top of any Android device, would be even better, but technically I need help with this one.
I understand that basically there should be an internal proxy setup, so that all the communications go through this internal proxy, and based on the kind of communication, we could log whatever we need. For example:
Visited URLs
Whatsapp or other messaging apps should be decrypted
Incoming/Outgoing calls/SMS
Social network activity
I know the Whatsapp protocol because I'm familiar with a project called WhatAPI. The key point to be able to intercept whatsapp messaging is a key generated and exchanged during the app install (although there are ways to later ask the Whatsapp server to renegotiate this keyword) and that's used later to encrypt all the messages between the phone and the whatsapp server.
Web interface for parents available to see device-related information
Behind every kid with a smartphone there should be a responsible adult supervising the kid -even if it's remotely-. In my idea, logs of messaging activity, incoming/outgoing calls/SMS and even the position should be available to the supervisor through a web interface.
Some hack-proof measures to avoid kids bypassing the ROM's security
That's an easy one. CRC checks on some keyfiles would guarantee that the device is not being 'counter-hacked'. Some kids are also very techie, and we should make some defences against kids trying to hack (counter-hack?) the phone.
Alerts triggered on some events (offensive words, whatever)
It could be interesting if somehow the supervisor could receive a notification whenever the kid sends/receives and offensive word, or tries to enter some special tagged website.

Categories

Resources