Mere weeks after Whatsapp’s adoption of end-to-end encryption, Viber also announced that the calls, texts and group chats of its 700 million users are also now protected by end-to-end encryption. Users will also be able to hide chat logs in their phones from anyone that may get their hands on them.
The Rise Of End-To-End Encrypted Apps
Other than iMessage, which may have to switch to a more solid end-to-end encryption protocol soon, Whatsapp was the only major chat application to feature end-to-end encryption for all of its communications, until now.
Viber, which is made by an Israeli company, is now another another major chat app that embraces end-to-end encryption by default. Multiple other chat applications offer it as an option, but this on-by-default trend seems to point to end-to-end encryption as an indispensable instant messenger feature these days.
Both users and the companies making these apps have realized that the best way to keep private conversations private is to allow users to encrypt the conversations with their own keys, but do it in a way that’s almost automatic, or at least easy to set up.
Similarities And Advantages Over Whatsapp’s Encryption
Unlike Whatsapp, which seems to have buried the man-in-the-middle protections in the settings, Viber puts them front and center and always reminds you to set them up via its encryption level icons. In the Compose window, users will be shown one of these four icons, each describing the level of protection that the conversation with another person has:
No icon: the conversation is not using the latest end-to-end encryption technology because the Viber user you are communicating with is not using a Viber version that supports it. Gray Icon: The conversation is encrypted using the updated end-to-end encryption technology. Green Icon: The conversation is encrypted. Additionally, you and the other Viber user(s) have verified one another through an authentication process. Red Icon: The conversation is encrypted with a user that you have previously verified through an authentication process; however, there may have been a breach in the established authentication.
What everyone should want to see is the green icon. To obtain it, users need to be verified through a security code, much like what we saw with Whatsapp. However, Viber’s method may lead to more verifications between users because they don’t have to see each other in person to verify themselves with a QR code. They can call each other, read the security codes out loud, and see if they match. Then they hit the “trust this contact” option to finish the process.
Whatsapp users can also verify each other’s security codes through a phone call, but the process is not integrated into the app, which makes it less appealing. With Whatsapp, users also have to enable another setting to be notified when the users’ security codes no longer match.
This was perhaps one of Whatsapp’s most puzzling choices when it announced its adoption of end-to-end encryption, as it makes little sense to have this setting disabled by default. Viber warns users when they no longer use the same security code, via the red icon that appears in the chat window.
Lack Of Documentation
Viber hasn’t released any documentation or whitepaper with the technical details, so we have yet to see whether it’s using a completely homegrown protocol or perhaps a modified Signal protocol (such as OMEMO). Because it's not open source or well documented, we also don't know how good it is. It covers the same type of encryption features as Signal, so the two protocols seem quite similar, at least at a high level. However, Open Whisper Systems has already said that Viber is not using the official Signal protocol:
One extra feature it does have over both Whatsapp and Signal is end-to-end encrypted video calls. This has been a feature that’s been lacking from the Signal app for some time, and what’s kept it from becoming a real replacement for apps such as Hangouts or Skype (even after it was released as a desktop app). Viber may now be better suited for that role.
The Hidden Chats feature, which is introduced in the latest version of Viber, allows users to hide certain chats from the main screen of the app. This doesn’t seem like a major feature, considering phones could already be locked with a PIN, passphrase or fingerprint. There are other ways to lock individual apps, as well. However, it probably doesn’t hurt to have this functionality in the app; if the Viber team can also llow an option for fingerprint locking, it may become even more useful and more convenient to use.
What would be even better than this type of feature is self-destructing texts. The users could select between various time periods, and then the other person on the other end would have to confirm the chosen time period (to ensure that both ends keep the data for the same amount of time). Self-destructing texts don’t help against mass surveillance (end-to-end encryption is better suited for that), but they are good for keeping sensitive conversations from lingering dangerously on devices that could be stolen, hacked, or infected with malware later on.
The new features announced today can be found in Viber version 6.0 on Android, iOS and desktop, as well as in the Windows 10 store app.
Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.