Upstart encryption app walks back privacy claims, pulls from stores after probe
Try not leaving a database full of user info, chats, keys exposed, eh?
A new-ish messaging service that claimed to put privacy first has pulled its end-to-end encryption claims from its website and its app from both the Apple and Google software stores after being called out online.
Converso – a comms app launched in September 2022 – billed itself as a "next-generation messaging app that keeps your conversations completely private." This, according to the developer's website, included "proprietary state-of-the-art end-to-end encryption technology," no storage of messages on servers, and "absolutely no use of user data." It claimed it could stand up to the likes of Signal and WhatsApp in the security stakes.
A blogger who goes by Crnković and has an interest in encryption protocols heard about Converso from an ad on a podcast and decided to poke around to see if the software lived up to the hype.
To this end, he downloaded the APK and said he'd found Converso's code made references to AES and RSA cryptographic algorithms, and a drop-in software development kit from Seald for encryption and public key authentication.
Crucially, and most concerning, Crnković found the app talked to a Google Cloud-hosted database that was left completely open to the public by the software's developers. This Firestore database, we're told, included encrypted message content, metadata about people's messages, their private encryption keys, phone numbers, and more. Essentially, it would be possible for anyone to fetch that information and decrypt a stranger's message that went through the app, according to the researcher.
Crnković concluded:
Not only is metadata public, but so too are the keys used to encrypt messages. Anyone can download a Converso user's private key, which could be used to decrypt their secret conversations.
There's no longer any real distinction between cleartext and encrypted messages – nothing is meaningfully encrypted. For your security, you shouldn't use Converso to send any message that you wouldn't also publish as a tweet.
"Dissecting Converso was in large part a learn-as-you-go exercise for me, as I don't have prior experience reverse engineering mobile apps," Crnković told The Register. "I was shocked at each exponentially worse mistake."
Crnković published an article about these findings on May 10, and The Register contacted Converso on May 12 for its response. By May 13, much of the wording on the website – including the "proprietary" E2EE claims – had since disappeared or been watered down quite a bit.
Converso CEO and founder Tanner Haas, in a long email to The Register, said his startup "takes issues with privacy very seriously, and when we were informed of vulnerabilities we immediately worked to patch them as quickly as possible."
"Any information related to users, phone numbers, and data is protected and not accessible to attackers," Haas said. Well, we'd hope so by now. He declined to answer a question about a Google Analytics tracker found in the app, the presence of which in a privacy application is frowned upon by some in the infosec world.
When asked what encryption protocol(s) Converso uses, Haas directed The Register to the Seald website.
- Google: You get crypto, you get crypto, almost everyone gets email crypto!
- International cops urge Meta not to implement secure encryption for all
- Accidental WhatsApp account takeovers? It's a thing
- Meta, Twitter, Apple, Google urged to up encryption game in post-Roe America
We also asked Haas if Converso uses Seald as the app's only certificate authority for mapping identities to public keys, as Crnković noted in his blog.
"Although Seald is used as a third party certificate authority, there are additional authentication steps that are designed to prevent anyone from reading other users' protected messages," Haas wrote in the email. "This includes preventing users from accessing cipher texts that are not intended for them."
The messaging service had "already rebuilt the app authentication flow before any potential issues were exposed. Any secrets that are leaked on the client side are from an older version of the app, and anyone who is on the latest updates is no longer using the identities generated on the previous version," he claimed.
Haas encouraged Crnković to retest Converso in 60 days "with the same enthusiasm" as the original blog. He also reiterated "we never have and never will have commercial use of user data."
Additionally, the app has been "temporarily taken off" of the App Store and Google Play "while we address and improve any remaining potential vulnerabilities."
Let the countdown begin. ®