DEV Community

Cover image for Using end2end encryption for ensuring mobile app security and data privacy
Diana Maltseva
Diana Maltseva

Posted on • Edited on

Using end2end encryption for ensuring mobile app security and data privacy

After Edward Snowden case, the entire world became concerned about ensuring mobile app security and user data privacy.

For today, end2end encryption (E2EE) is the most reliable and advanced way of protecting user data, that has special significance in building mobile messengers.

For example, WhatsApp integrated end-to-end encryption in 2016, thus having made impossible for governments and security service to view user information.

In the same year, Viber also decided to add E2EE in order to provide data security and privacy. But what does end2end encryption actually mean?

How does E2EE work?

End-to-end is the system, that implies devices transmitting encrypted information to each other without third-party (servers') participation. The communication (data exchange) is direct, there are no intermediaries, and all the data (text messages, calls, images, and video) is completely encrypted.

E2EE means that only those people (devices), who are involved in the communication, have the keys for both encrypting and decrypting messages.

So, only the users participating in chat (including one-to-one chats, group chats) will be able to read the messages or hear the calls exchanged between them.

In other words, the files and emails will pass through various third-party services, but being fully encrypted, they are completely unreadable for them. Thus, only the end user can read information.

Considering the situation from the point of view of companies owning mobile messengers and having added E2EE to them, remove the possibility of gathering data about their users.

The end2end encryption works according to the following rules:

  • Encrypted messages are transmitted via a communication channel (via HTTP protocol).

  • A private key is stored on the user device only.

  • The server stores public keys only. To decrypt messages with a public key is impossible (you need both keys).

  • After deleting a mobile application private keys are also deleted. So, to read messages, that you received earlier, becomes impossible. When a user reinstalls the app, the encryption keys are generated again.

Encryption algorithm

An encryption algorithm is a mathematical process of turning information into understandable data strings.

The source data is often called open or plain text. Noteworthy that it doesn’t matter for the encryption process what the information is – real text or another kind of data.

Find out more about using encryption algorithms and the ways to add E2EE to your mobile app.

Top comments (1)

Collapse
 
rpinna profile image
Rob Pinna

Another approach to providing this level of privacy is to use transform encryption. It provides end-to-end encryption, but users decide who can and cannot access their data, and they can change their minds at any time.

My team and I are building an SDK around transform encryption, there's a tutorial at github.com/IronCoreLabs/getting-st....