Help me understand why I should rely on the privacy of this app, if the OS on which it's running is untrusted. Wouldn't it be trivial for Apple (or iOS malware) to record keystrokes?
Short of a serious undisclosed bug in iOS, malware should not be able to record keystrokes from other apps.
But you are right in that if you don't trust the OS manufacturer not to be snooping on you, you can't trust the app. In addition to logging keystrokes they could be logging the contents of UI text controls as they are set. Even if you implement your own custom keyboard and UI controls and your own encryption prior to sending anything over a socket they could still be snapshotting the phone's framebuffer regularly. There's no way to reliably hide data that you can see visually (or data that has to be unencrypted in memory at some point, even if you don't see it) from the lowest levels of the OS.
Having said all of that, they probably aren't doing any of this, but they could.
> iOS7 provides settings for "background app refresh". Disabling unnecessary app's background refreshing contributes to preventing the potential background monitoring. However, it can be bypassed. For example, an app can play music in the background without turning on its "background app refresh" switch. Thus a malicious app can disguise itself as a music app to conduct background monitoring.
Of course, the idea is that the app would actually do something useful, would do that useful thing correctly, and only activate the malicious code for targetted users (none of which would be Apple testers).
If you think apple is spying on you through your phone, then change phone. If you don't, then it's a strong improvement over non-encrypted chats. If you are doubtful, then I would still get it because it's an improvement and thus why not, just in case Apple is not spying.
You could say the same about any current mobile OS. I think that having this kind of apps is better than not having them at all. Nothing in this life is 100% secure.
I went through this while experimenting with cryptocat, it's confusing as hell. the group fingerprint is your fingerprint, in that chatroom, for that session.
I peeked at some of the issues on Github and it looks like they're adding challenge-response for OTP verification so you can have a way to prove identity without an active out of band channel.
No, this is the one written by a guy that just wanted to make "secure chat" accessible. And went on to have plenty of flaws. (And no, Telegram is another one, where they came up with their own scheme and brushed off all criticism by saying they had some math PhDs so that's that.) IIRC the web version does JS crypto and tries to sell that as more secure.
Cryptocat and Telegram seem to be very popular though, proving again that technical superiority isn't really a good indicator of product success. (WhatsApp had terrible security too, at least for a while, but they never went on about how secure they were.)
I think that's unfair - both text secure and cryptocat are interested in making secure chat more accessible.
Making security applications accessible is an important problem to try and solve. Security is difficult and I think they were fairly up front with the potential issues with what they were building.
They've also been doing it for a few years now, the code is open source, they've had professional security audits - what more could they possibly be doing?
TextSecure is solid as far as I know. What I meant with my comment is that Cryptocat/Telegram put marketing and accessibility over security. They rather sell a veneer of security in a cute package instead of actual security, along with the difficult problems it brings. Both products ignored (and actually told off) expert advice, which is quite telling.
I like what Whisper is doing, and deeply respect the crypto talent that went into building it. Personally, I think the soundness of the cryptography is the most important attribute of a cryptographically secure chat application. Other people think other things.
> They'll come around to your point of view in time.
The quote from Keynes was merely a slightly whimsical way to make the point that people can hold false beliefs for a very long time, and that it's probably better not to personally invest in the idea that they will come around by themselves in any specific timeframe.
