HI there:) can anyone please explain shortly, how (relatively) secure you personally would deem a messaging app`s privacy concept, if the app implements things like:
1) “messages, voice messages and files/pictures are exchanged between peers using WebRTC data channels”
2) “video/audio calls are based on WebRTC media channels”
3) “Information is always Client-side encrypted with dynamic keys.”
4) WebRTC multimedia calls and data channel exchanges are end-to-end encrypted using the Secure Real-time Transport Protocol (SRTP) and the Stream Control Transmission Protocol (SCTP) over the Datagram Transport Layer Security (DTLS) protocol.
–Current modes used for – video: AES_CM_128_HMAC_SHA1_80 – data/audio: AES_CM_128_HMAC_SHA1_32.
5) “The local data base storing profiles, contacts, relationships attributes and exchanged contents on the device is encrypted using SQLCipher- algorithm is 256-bit AES in CBC mode. Each database page is encrypted and decrypted individually. Every page write includes a Message Authentication Code (HMAC_SHA1) of the ciphertext and the initialization vector. SQLCipher encrypts data pages in journal files.”
6) Perfect forward secrecy: Yes
7) Authentication: No
8) Renting dedicated bare servers – control all software running on the hosts and in the VMs