A review on the Malaysian secured messaging application which was build on AES-256 military grade encryption, now ready for the Malaysian market for commercial use.
Print Email Details Published on Friday, 18 September 2015 08:59 Written by Mushamir Mustafa
With the proliferation of leaked secret documents – from Wikileaks to 1MDB’s banking details to the leak of dating and affairs website Ashley Madison’s passwords onto the internet, the need for protecting messages transmitted digitally is at an all time high.
And for those who have valuable information or wanting to hide the cat in the bag, secrecy and privacy has arrived in the form of an app. Is this too good to be true?
One Krypto is a wholly Malaysian developed app that allows users to communicate securely and includes several encrypted communication channels via chats, emails, voice and video.
The way it works is two people will have the app in their phones. Adam and Sarah add each other as friends, and now both have a ‘key’ code that is unique only to them. Now say Adam sends a message to Sarah using One Krypto, the message is encrypted on Adam’s phone, sent to One Krypto’s servers which then transfer the message to Sarah’s phone. The message is decrypted in Sarah’s phone, using their unique ‘key’.
In the end, while the message is placed in the server, it is encrypted, and no one can understand it, unless you have the key.
One Krypto aims to tap into this yet untapped market, banking on the growing need for privacy which applications have yet to provide.
Malaysian Digest sits down with the Vice President of Business Development, Wan Azrain Adnan of mTouche Technology, the developer of One Krypto to find out more about this potential game-changer in the crowded mobile app business.
Why One Krypto?: Because more often than not nowadays there are phones being hacked and tapped. We see that there’s a need now that people are beginning to be more privacy and security conscious as they are looking for more ways to communicate securely.. There’s a void in the market currently for a product that offers secured communications.
How different is it from Silent Circle? (Silent Circle also provides multi-platform secure communication services for mobile devices and desktop): Similar but not quite. One Krypto has it all in one application. We have different pricing and offerings. We do encryption end to end, peer to peer, meaning if someone were to come to our server you cannot see anything as it is encrypted. It will be encrypted on my device, the server acts as the postman, and once it reaches your device, then only will it be decrypted.
Is anything left in the servers? Who owns the servers? : We don’t keep anything in the server. It’s kept in people’s device, the server is just the post office. It will detect if you’re online then it will send the message. If you’re offline, it won’t deliver. Nothing is left in the server per se.
The server can be hacked, but you cannot read the mail. The primary technology that we use is the 256-bit AES encryption technology, a military grade encryption technology. Nobody has been able to hack it thus far.
How do we send each other messages?: You need to add the other person through the app and once approved, then only will the two of you exchange ‘keys’, which is unique. The key is a code, non-hackable. The key is within the phone.
What if one’s phone is stolen?: If stolen, well, there’s no way do deal with it. The only way for someone to view your communication is for someone to actually steal your phone and go into One Krypto per se. We do not discount the possibility of a remote lock function and in the pipeline we also want to release a video messaging platform.
We have what we call Stealth Mode, where we can hide the icon itself, which will reveal only once you’ve type in your passcode. (The app is still findable if you look through your phone’s apps in Settings). For us that could be the best line of defence as no one knows the app is present. Secondly we have a self-destruct timer for the messages, where after they have seen it, it will be deleted. Once it is deleted, it is deleted. Thirdly, we’ve disabled screen capture on Android devices (meaning you can’t use screen capture anymore) however for iOS devices we are restricted from doing so as its part of the software.
What if the police come asking for the data for an investigation?: If the police do come asking us to hand over confidential information for an ongoing investigation, for example, yes we can hand it over but it is encrypted. We would just give the police gibberish because the key is not with us, it’s with the two people. Even we don’t know the message ourselves. We are just the postman, we don’t know what’s inside the mail. We just take the mail and send it.
Right to privacy: People have the right to feel safe and to feel secure in their communications, whether they use the technology for something that is lawful or unlawful that is not up to us to decide. We are just tech providers and cannot tell someone how to use the technology. Just like hand phones, whatever you want to do with it, Celcom or Samsung cannot be at fault for whatever you do with it.
Why One Krypto and not Silent Circle?: There’s room for expansion for us in the Malaysian market. What we offer is much more cheaper, with our basic plan going at RM10 versus Silent Circle’s USD99.
On government surveillance: We have to serve the right to privacy and security of the public so until and unless Malaysia comes up with a limiting regulation to users in terms of mobile devices, then we’ll abide by it.
Can we use One Krypto for criminal, immoral purposes?: Even in the US they have yet to stop companies from using encryption. You can even sell nuclear bombs for all you want, or prostitute children, the concept is that we don’t know what people do with it. We are a tech company, we provide the service to serve the demand for privacy and security.
When will this be released?: We are about to commercialize One Krypto soon. Our testing has showed positive results, user acceptance is good, the application itself is user friendly, not much difference than what they are used to. Eventually one day we’d like our consumers to compare One Krypto with Whatsapp and other services. As far as we know, One Krypto is the only application with multiple communication channels under one application. Whatsapp started with chats then moved onto voice. We have three now, including email, and will also have video soon enough.
Who can use this?: Our target market includes (but not limited to) businesses which communicate and handle highly confidential information, regional businesses who need direct communication channels abroad, professionals who deal in highly confidential environments and clients, government officials and staff, and privacy conscious public.
What’s in store for the future: We want to expand into desktops, besides having video calls as well. Also we’d tailor the experience to suit people’s needs first, for example if business people prefer to use the calendar or business card reader first as opposed to the mass market.
Currently One Krypto is available for iOS and Android and may be expanding into Blackberry and Windows devices as well. Pricing starts from USD8.99 for 3 months to USD28.99 for 12 months.
For more information, check out http://www.onekrypto.com
– Malaysian Digest