Secure Messengers That Didn’t Make It

Not every messaging app, no matter how good its features and solutions are, can be as popular as WhatsApp, the ultimate global market leader. In fact, there are only 25 countries in the world where it doesn’t top the charts. Here, we’ll take a look at some of those pretty good apps that didn’t gain popularity, and we’ll try to understand why.

Google Allo

Launched on September 21, 2016, Allo wasn’t Google’s first messenger. In fact, it was a logical step to make after Google Hangouts. One of the new features the messenger introduced was Allo’s virtual assistant. Google’s idea was to make the assistant the user’s right hand, doing everything from searching data to online shopping.

Another Allo feature was “smart reply”, which analyzes how a user texts by employing Google’s machine learning technology. It generated automatic reply suggestions to the messages they received.

Allo didn’t use end-to-end encryption by default but gave users an option to switch on “incognito” mode to enable end-to-end encrypted messaging. However, it didn’t support either Google Assistant or the smart reply feature.

The app gained some popularity after launch, and was downloaded over 10 million times in the first six months. Nonetheless, shortly afterwards it dropped out of the top 500 most downloaded apps on Google Play. Many users said Google had sacrificed user friendliness when it went for new AI features. A bigger concern was voiced about the safety of user data. Prior to Allo’s release, whistleblower Edward Snowden warned that Google’s decision to disable end-to-end encryption by default makes the app “dangerous”. On the very day it was launched, Snowden sent out a simple tweet: “Don’t use Allo.”

Allo’s story came to an end just18 months later. In April 2018, Google announced its decision to “pause investment” in the app. Head of the communications group at Google, Anil Sabharwal, said his team would now focus on Android Messages, explaining that “the product as a whole has not achieved the level of traction we’d hoped for. […] We set out to build this thing, that it [would be] a product that we would get hundreds of millions of people to get excited about and use. And where we are, we’re not feeling like we’re on that trajectory.”

Allo wasn’t Google’s first ill-starred project. Sometimes, it seems the company can’t decide what to focus on and just goes ahead with a number of somewhat vaguely-targeted projects, hoping that some will make the grade. We think it may be due to weaknesses in their market research. The fact remains that over time Google’s failed project count keeps growing. Google Wave suffered a similar fate and folded back in 2012; and just as this article was going to print, Google announced shutting down Google+, its own social network . So it seems that Allo was just another one to bite the dust.

ChatSecure

ChatSecure was originally released in 2011 and was the first iOS application to support Off-the-Record (OTR) messaging. This is a cryptographic protocol providing encryption for instant messaging conversations. With OTR, message exchange remains completely secure, provided both conversing users opt for a messenger supporting it, even if it’s not ChatSecure — say, Jitsi, Adium or Pidgin. ChatSecure’s advantage was that any message sent through the app left no record in the device memory.

By 2012, ChatSecure had been noticed and struck a partnership deal with the Guardian Project, which was then busy developing Orbot, an instance of the Tor network for the Android operating system. As a result of this partnership, the Gibberbot app was rebranded as “ChatSecure Android”.

In November 2014, the ChatSecure + Orbot combination received a perfect score on the Electronic Frontier Foundation’s “Secure Messaging Scorecard” for a number of achievements that included having communications encrypted with keys the provider didn’t have access to and enabling users to verify their correspondents’ identities independently. The project was also praised for its proprietary solution that keeps past communications secure if the keys are stolen, using an open-source code approach, having well-documented security designs, and having passed an independent security audit.

By the end of 2016, the Android branding partnership was dissolved and ChatSecure Android users were advised to migrate to another app (Conversations was recommended for best compatibility). Later, ChatSecure Android became Zom, and the app’s iOS version remained ChatSecure.

It’s possible ChatSecure’s real audience is iOS users. However, if they had wanted to expand, fighting for the Android market was definitely worth it, especially since, in ChatSecure’s opinion, Android’s only fault was hard-forking the code. There is no way ChatSecure can become a global market leader without winning the Android audience. So, while the app is definitely a good product, it looks like the developers have reined in their ambitions, and of course it’s their right to do so.

Tor Messenger

Tor Messenger was a cross-platform chat program, but it never made it through the beta testing stage. The app was released in 2015, with big promises extended to users about ultimate protection: the entire stream of data traffic was to be handled by Tor’s proxy servers, while user anonymity was to be ensured by OTR encryption. The plan was for Tor Messenger to support a wide variety of chat networks, such as Jabber (XMPP), IRC, Google Talk, Facebook, Twitter, etc.

The client–server model that was supposed to be implemented in this project has a hypothetical weakness in that some user data risked ending up on third-party servers, although tracking it and decrypting it would be extremely difficult.

The app went through 11 beta releases, but never got to the launch stage. One of the reasons for this was the discontinuation of the Instantbird instant messaging client that Tor Messenger was based on.

The problem with leaking metadata was just too serious to overlook, and at the same time too difficult to fix. If accessed and cracked, the metadata could have been used to determine users’ communication circles and patterns, such as who they talk to, when and how often, and so on… Not good!

So after all of the 11 beta releases and two internal audits (they never got to do the independent audit), the Tor Messenger developers put out a final statement saying they had failed to deliver the final product. They even confessed that they had been forced to ignore user feedback and bug reports due to limited resources. In the end, instead of rolling out an unfinished app, they decided to withdraw from the market.

In this case, it seems the development team didn’t assess the challenges correctly and were over-optimistic about their ability to deliver solutions. Some of the stumbling blocks were pretty obvious at the project’s outset, but they probably thought they could cross those bridges when they arrived. In fact, when those bridges did loom, they proved insurmountable! Development limped on until Instantbird was finally discontinued in 2017, effectively scuppering the whole operation.

Confide

Launched by Yext CEO Howard Lerman and former AOL exec Jon Brod in 2014, Confide, a messaging app introducing a new approach to sending and reading confidential messages, was created to provide a solution to a problem Brod had talked about: “Spoken words disappear after they’re heard. But what you say online remains forever. We think this is crazy.”

Confide offered users a completely new experience: the words and lines of each arriving message are covered with solid-color blocks, like in a redacted document. In order to uncover the text, the user has to press down and drag a finger along the words to unveil them. The blocks reappear to hide the words as soon as the finger is no longer touching them on screen. Once the whole text is seen, the message evaporates, thus providing confidentiality and preventing screenshots. All exchanges are fully encrypted. The app doesn’t let you take selfies and doesn’t support attachments apart from Word, Excel, PowerPoint and PDF documents.

Despite the pretty high level of data security it provides, Confide remains in demand with a fairly limited audience, mostly politicians and businessmen. Obviously, not everyone needs that much security, and, importantly, not everyone is ready to sacrifice convenience for the sake of protection. Let’s face it, the traditional way of reading messages is far more convenient. However, this inconvenience is balanced by a 100% security rate, according to the company, although not everyone agrees with this assessment.

In truth, Confide doesn’t really belong on the list of apps that didn’t make it. The product delivered on its promise and offered a fully-functional app to the “security-obsessed”, albeit it a small share of global users. The majority never bothered with it and the app’s inconveniences versus its advantages were never an issue. From the very beginning, the chance of Confide ever topping the charts was slim.

Cryptocat

CryptoCat, developed by Nadim Kobeissi and launched in 2011, didn’t have an easy life. First, Apple refused to add it to the AppStore (but later agreed); then iSec Partners blasted the app for its security vulnerabilities, maintaining that it was vulnerable to man-in-the-middle attacks. The developer even took the app off the market for two months from February 2016 for a postproduction re-write. After its re-release at the end of March, all official distributors including the Chrome Web Store and the AppStore canceled their contracts. So, in the end, this quite interesting app didn’t make it to the top. In 2017, Kobeissi announced a fundraiser asking for donations to help pay back the project’s 2016 infrastructure costs.

CryptoCat uses OTR encryption over XMPP(Jabber) protocol for data security. One curious feature of the app is that it logs the user out when left on standby. The current version works with Google Chrome, Mozilla, Safari and Opera browsers and runs on all iOS devices.

In our humble opinion, an app that ran into serious problems five years into the project and had to be taken offline looks very much like a dead-ender. It seems crypto-enthusiast Nadim Kobeissi was a bit too sure of his product’s superiority — in the past he hasn’t been shy of criticizing other products, and once said: “Quite frankly it felt like I had coded this in 2011 while drunk.” Well, they do say that people who live in glass houses shouldn’t throw stones… and quite rightly!

This overview is too brief to mention all the messaging apps that have appeared on the market over the years and failed to make a hit, so we just focused on those projects that gained most attention and publicity. There were reasons for each one not making it to the top. There are no easy recipes in this game. One thing these stories can teach us is that it takes a lot more than perfect technical implementation, or a superb security solution, or even a great partnership with a major market player, to really pull it off.

Leave a Reply

Your email address will not be published.

Subscribe to our newsletter

© 2018 Aegees Messenger. All rights reserved.