Threat model Phone

Even if you use the world’s most secure electronic communication system, advanced encryption does you no good if there is a "keylogger" on your Phone recording all of your keystrokes.

 

If an adversary (like a government) takes possession of Your Phone, all advanced encryption used while sending and receiving messages does you no good if the information saved locally on your Phone is not protected.

 

What is a Keylogger?

 

Keylogger is one of those words which make more sense when you say it backwards. It is a ‘logger’ (recorder) of ‘key’(strokes). To expand on that a little, it is software installed on a computer, or a hardware device attached to a computer, which records all the keystrokes made on that computer. Anything typed is recorded and stored so that it can be checked later.

 

Of course, for the last ten years, anything called a computer includes the very smart phones in our pockets! Here, we are only concerned with smartphones, and can ignore the hardware solutions which were once more common with desktop computers.

What we have described above is the most basic functionality of a keylogger. As little as twenty years ago, being able to view exactly what someone else had typed, was the stuff of espionage, spy movies, the fantastic imagination of James Bond’s Q. However, in recent years, in this super-connected world, simple keyloggers have developed into much more sophisticated tools, offering an amazing range of functions. The original function of keyloggers now extends to being able to check all SMS, email, Facebook Messenger, Whats App, Viber, Snapchat … in short, all communications, in terms of what was said, and who it was said to. Using GPS to be aware of a person’s location and have a record of their movements is a potentially very harmfull feature. The list now starts to get very long, and can become very sophisticated, with geo-fencing, call blocking, browser history, calendar entries, contact changes, a record of photographs taken … and so on … call recording even!

 

Some keyloggers boast of the possibility of being installed remotely, without physical access to the target phone, but we have heard mixed reports of success in this respect. As it seems to be, an adversary need physical access to the unlocked Phone to install the "keylogger" or a user must install the "keylogger" himself eg. by clicking on a link in the webbrowser and give the "keylogger" the permissions to do it's job.

 

 

How is sMessenger helping You?

 

sMessenger constantly keeps track of all installed applications on Your Phone. This includes all system applications and all applications running in "stealth mode". If an application is newly installed, sMessenger will warn You and gives You the option to remove the newly installed application.

 

sMessenger also keeps track of all accounts on Your Phone. If a new account is added, sMessenger will warn You and gives You the option to remove the newly added account.

 

sMessenger keeps track GPS, BlueTooth. If either GPS or BlueTooth is switched on, sMessenger will warn You and give you the option to switch it back off.

 

sMessenger keeps all Your contacts, messages, notes and the private key needed to decipher messages in a seperate database. This database is protected with it's own password and an additional key that is kept on the server. This key is not known to the user and not saved on the phone. Sending an email containing a "wipe message" to sMessenger removes this key from the server blocking all access to the private information on Your Phone. Even if a strong adversary (like a government) takes possession of Your Phone, they can not read the messages, notes and contacts stored in the database of sMessenger. Because this adversary also has no access to the private key needed to decipher received messages, they are unable to read the content of messages they obtained from other resources.

 

sMessenger assumes that the protection of the Phone can be broken and even then, your messages, notes and contacts must stay safe. The downside of this system is that the Phone must have access to the server of sMessenger before the user has access to messages, contacts and notes stored on the Phone.