Messaging app Confide, which was last year touted as a popular option in Trump’s White House for staff wanting to leak intel to the press, has added protection against screenshotting to its iOS app.
The iOS app previously put some limitations on how users could screenshot contents when using the app — but full anti-screenshotting tech was limited to its Android app.
Not anymore, says co-founder Jon Brod. “ScreenShield is a collecting of several different technologies that work together to prevent various screenshots and screen recording techniques, ” he says, discussing the new feature.
“There are many ways to capture a screenshot or make a screen recording on iOS, and each technique requires different handling. One of the newest prevention technologies that we added to our toolkit utilizes the same content protection APIs already used by Netflix, iTunes Movies, and other video streaming apps. We have built upon the underlying engineering to prevent capture of other media kinds including text, photos, records, stickers, and more. Importantly, we are only use public iOS APIs in our ScreenShield technology.”
Anti-screenshotting technology like this is really simply security theatre, of course.
Not least because all it takes is a second device, unconnected but in close proximity to the first, to snap away and record its on-screen contents regardless.
Even so, Brod claims there’s still value in the feature, despite such an obvious loophole. “While “theres nothing” 100% foolproof, we believe the combined effects of our end-to-end encryption, ephemerality, and now complete screenshot-prevention builds Confide the most private and secure messenger available, ” he claims.
However rather more serious accusations of flawed security were leveled at the messaging platform last March — when researchers demonstrated it was possible to intercept encrypted Confide messages, and claimed the platform could in fact decrypt and read users’ missives( rather undermining its end-to-end encryption assert ).
Asked about this now, Brod says all the security issues raised by the researchers were addressed “in a timely fashion as soon as they were reported to us last year”.
“Confide implemented safety codes, which are a cryptographic hash that includes all public encryption keys for an report. Users can substantiate the keys used by Confide‘s end-to-end encryption by ensuring that the security code displayed on their machine matches the one displayed on their contacts’ machine. We likewise allow users to be notified if the security code for one of their contacts changes, ” he tells us.
“We also underwent a comprehensive third-party security examination including blackbox, greybox and whitebox testing, encompassing both the client and server. The executive summing-up of the audit is published on our website.”
And while a third-party audit is a greeting growing, the presence of such serious flaws in Confide’s crypto implementation in the first place remains concerning.
And for anyone with ongoing concerns about the robustness of its crypto, other end-to-end encrypted messaging apps are available.