• High quality peer to peer encrypted voice calling
• Encrypted voice messaging
• Encrypted text chat
• User defined self-destruction feature on both sender and recipient’s devices from one second to one year after transmission
• Encrypted location share
• Encrypted selfies
• Encrypted share of pictures, videos, documents (up to 10MB)
• Secure share of contacts to other SafeSwiss members
• Secure group chat
All primary servers that are needed directly for the operation of SafeSwiss are located in secure facilities in Switzerland offering one of the world’s strictest privacy laws. Some auxiliary servers that only host public information, e.g. DNS servers, public websites or software download mirrors, may be hosted outside of Switzerland for capacity, latency and redundancy reasons.
Unlike majority of other messaging providers, your identity in SafeSwiss is not dependent on you providing a phone number or email address. Every SafeSwiss user can choose its own SafeSwiss ID (when creating a new SafeSwiss account). This unique ID is your address in SafeSwiss and makes it possible to use SafeSwiss with complete anonymity, with the option of not disclosing any personal information.
Your unique SafeSwiss ID is one of three key components that make up your identity in SafeSwiss. The other two components are a public key and a private key used for the encryption process. Your unique SafeSwiss ID is permanently tied to your public key. While the public key is sent to our SafeSwiss secure servers to be distributed to your recipients, the private key remains securely stored on your device.
Our current freemium model will allow us to keep the current SafeSwiss basic version entirely free. SafeSwiss will also shortly introduce SafeSwiss premium and SafeSwiss business plus versions available as an in-app purchase providing video conferencing along with ability to encrypt and share very large files.
Each SafeSwiss user defines its own SafeSwiss ID as well as password which are the only required mandatory information. A phone number or email address is not required to use SafeSwiss. This unique feature allows you to use SafeSwiss completely anonymously unlike many other messaging apps.
SafeSwiss uses state-of-the-art asymmetric cryptography based on Elliptic Curve Cryptography (ECC) in general and on the “Box” model of the NaCl Networking and Cryptography Library in concrete to protect (encrypt and authenticate) messages between sender and receiver, as well as the communication between the app and the servers. SafeSwiss encryption code is open to independent audits.
There are two layers of encryption: end-to-end layer between the conversation participants, and an additional layer to protect against eavesdropping of the connection between the app and the servers. The latter is necessary to ensure that an adversary who captures network packets (e.g. on a public wireless network) cannot even learn who is logging in and sending a message to whom.
All SafeSwiss message encryption and decryption happens directly on the device, and the user has control over the key exchange. This guarantees that no third party — not even the server operators — can decrypt the content of any messages.
The asymmetric keys used in SafeSwiss have a length of 256 bits, and their effective ECC strength is 255 bits. The shared secrets, which are used as symmetric keys for end-to-end message encryption (derived from the sender’s private key and the recipient’s public key using ECDH, and combined with a 192 bit nonce), have a length of 256 bits. The random symmetric keys used for media encryption are also 256 bits long. The message authentication code (MAC) that is added to each message to detect tampering and forgery has a length of 128 bits.
For detailed technical information about the cryptography in SafeSwiss, read the SafeSwiss Security Whitepaper.
SafeSwiss servers are keeping registered SafeSwiss IDs as the only mandatory information, any further data such like own profile pictures as well as email and phone number are optional and only used for synchronization purposes. However during synchronization process all provided Email addresses and phone numbers from your address book get anonymized (hashed) before they reach SafeSwiss servers. Once the comparison is finished, all data is immediately deleted from the server.
As we don't have the secret keys of our users (your secret key never leaves your device), there is no possibility to disclose any user related information. Our servers do need to know who is sending a message to whom, so that they can route it to the correct recipient, but they do not log this information, and cannot decrypt the message's content. Any conversation, video, text, or video teleconference is encrypted from your device to the other party's. We have no access to it, so we can’t disclose what we don’t have access to.
Many providers of secure messengers claim that their product encrypts the messages that users exchange. However, most of the server operators can still read the content of the messages due to the following reasons:
• Transport encryption only: usually only the connection between the mobile device and the server is encrypted, e.g. using SSL/TLS. While this means that messages cannot be intercepted while in transit over the network (a common problem in public WiFi hotspots), they are in an unencrypted format once they reach the server.
• End-to-end encryption without key verification by user: in this case, the provider claims that they utilize end-to-end encryption, but due to missing user interface functions, the user has no way to verify that another contact's public key really matches with the private key that is only known to that contact. Therefore, it is relatively easy for an operator to perform a MITM (man in the middle) attack by manipulating the automatic key exchange without being detected. Subsequently, they can decrypt and even forge exchanged messages.
SafeSwiss uses state of art end-to-end encryption technology and enables users to verify the public keys of their conversation partners.
Yes, SafeSwiss includes its own, specific encryption based on XSalsa20 stream cipher as well as Poly1305 MAC authentication to protect stored messages, media and your private key. The key used for this encryption is generated randomly the first time you start SafeSwiss. Please note: the application protection PIN which can be enabled independently is simply a UI lock and does not cause any additional encryption.
Lost SafeSwiss passwords cannot be recovered. However, in this case you can only reinstall the SafeSwiss app and then set up a new SafeSwiss account again. You will lose all saved messages as well as SafeSwiss ID (unless you have a backup).
Lost application protection PIN can be recovered by typing ten times wrong application protection PIN which will automatically lead to the login screen again when SafeSwiss ID and password can be provided again.
Contact synchronization is entirely optional; however, contact synchronization will make it easier for you to communicate with other validated SafeSwiss users.
In the contacts, main screen there is a context menu option provided "Synchronize Contacts" which can be triggered to synchronize SafeSwiss contacts with all device’s address book contacts.
SafeSwiss is protecting you and your friends' contact information from any third parties including SafeSwiss. The app will send a hashed representation of your friend’s phone number, email address (if provided as this is optional) to our servers. At this point our server will automatically check these details against our database and determine if the contact already has a specific SafeSwiss user ID. If they have you can then send them an end to end encrypted message, share data or make a secure voice call. If they don’t yet have a SafeSwiss ID you can very easily invite them (by SMS, email, etc.) directly from SafeSwiss.