<html><head></head><body><div><div><div style="display:none;border:0px;width:0px;height:0px;overflow:hidden"><img src="https://r.superhuman.com/qYyI7f34fjTR4aC9B0kU4LwaezIRyUOVOPwkhxvubvtj1LADdP2Jl79b4MTDY3y9dWysAavX0A4T_1lkz3SDehBbQaUHEZM-a9Xl4GAaRF6T0OjXIqAIEATn7uDflDhCR9qU-gR2Ux5LHN1Sr0WoxLY.gif" alt=" " width="1" height="0" style="display: none; border: 0px; width: 0px; height: 0px; overflow: hidden; visibility: hidden;"></div><div><div class=""><div class=""><div class=""><div class="">Interesting question.<br></div><div class=""><br></div><div class="">Unfortunately their website offers little more information than the Liverpool Echo article you link to. It appears to simply be a customised Android phone, with a few features that are especially useful for criminals. Without a doubt 95% of the tech in them is the same as you can get on a regular Android phone, but the remaining 5% of the integration and feature work is sufficiently valuable to justify the eyewatering cost.<br></div><div class=""><br></div><div class="">From looking over the advertised feature set, my guess is the value comes from a very small number of features. The majority of advertised features are industry standard and nothing special, e.g. disk encryption, secure boot, tamper proofing, the message cryptography they discuss etc. They advertise them because they're security related, but they're not actually a competitive advantage.<br></div><div class=""><br></div><div class="">I'd dig in to this mysterious "notary" verification process, which is presumably some method of verifying public keys. They say:<br></div><div class=""><br></div></div></div></div><blockquote class=""><div class=""><div class=""><div class=""><div class="">"<span class="colour" style="color:rgb(110,110,110)">All clients directly negotiate keys automatically with each other’s devices. Our servers, located offshore in our datacenter, never create, store, or decrypt keys, message conversations or user data."</span><br></div></div></div></div></blockquote><div class=""><div class=""><br></div></div><div class="">To me this implies some sort of Bluetooth based key transfer or key agreement, probably combined with the ability to send keys between users. Sort of like the PGP web of trust but integrated with the phone itself.<br></div><div class=""><br></div><div class=""><div class="">The point of this would be to ensure police can't force EncroPhone to intercept messages by changing public keys, which is an issue for every centralised messenger otherwise.<br></div><div class=""><br></div><div class=""> Users who buy this phone have demonstrated a huge willingness to make effort up front, as apparently to get one you have to know someone who can supply you. You can't buy them from shops. So, they can probably impose rules like "you may only communicate with someone you interacted with physically before, or someone they vouched for", whereas for normal consumer-oriented software it's all about maximum convenience so the messengers all use centralised public key directories linked to phone numbers.<br></div></div><div class=""><div class=""><div class=""><div class=""><br></div><div class="">The other obvious eye-catching feature is the duress/capture stuff, like being able to request all your contact phones delete all your messages triggered by a panic PIN. There's even mention of a countdown which I suppose can be useful if you suspect you're walking into a trap - you could set up a timer, be grabbed immediately, your phone taken from you without even a chance to touch it at all, and all the evidence is still destroyed. Finally the ability to hide that you're using this phone via dual boot is quite clever.<br></div></div></div><div><br></div><div>I'll now say something that may be a bit controversial for this list (though it's a point I've made before).<br></div><div><br></div><div>It's worth observing that these sorts of features are in many ways a meaningless shell game. EncroPhone are a Dutch company with (presumably) known owners who can be found. All the fancy stuff they advertise is controlled by software. That makes it meaningless because EncroPhone can push a "security update" to their users that disables all of it, or adds arbitrary message interception facilities, without any visible change and at any time. For example, how do the users know the message deletions are really working? The only trustable evidence is complaints from the police. <br></div><div><br></div><div>Even though stock Android will notify users that an update is available and ask them to apply it, users can't tell the difference between a real security update that makes their phone harder to hack by the police, and one that makes it easier. No matter what option they take (apply/ignore) there's a risk it's the wrong one.<br></div><div><br></div><div>This is a fundamental problem with all end-to-end encrypted messaging services. Despite all the progress made in this space, it all still boils down to the trustworthiness of a brand because the service owners always have the option of just switching it off - and in ways users cannot actually detect except via some sort of hypothetical continuous reverse engineering effort, which nobody anywhere has ever mounted.<br></div><div><br></div><div>Whilst pitched for privacy advocates, if that were true they'd presumably make it easier to buy them via their website and charge less. The fact that it's so expensive and that they're only leasable implies something odd is going on there. It won't surprise me if at some point EncroPhone gets silently taken over by the Dutch police and used in a sting operation, in the same way that Tor markets sometimes were. For them to be legally safe they'd have to avoid anything that could be used to prove a criminal conspiracy, which from your description of how they operate and the news articles sounds unlikely.<br></div></div><div class=""><br></div><div class="">W.R.T. your last question. All consumer messaging systems on smartphones route all messages via central datacenters. That's not unique to WhatsApp and is the entire motivation for the end-to-end encryption features to start with. The only "peer to peer" messaging system that works is SMS, and obviously it's peer to peer only in some pedantic technical sense that the telcos themselves communicate directly with each other (so e.g. messages stay in country). All app-based messengers route messages either via Google/Apple datacenters, or their own, or more typically a mix. Moreover most modern messengers use the same cryptography. Certainly Signal, WhatsApp and probably this EncroPhone thing (which sounds like it uses a modified version of Signal) all use the same underlying tech developed by the sort of people who are on this mailing list. Telegram I don't know, someone else can tell you about that, last I heard they were different and used their own thing. <br></div><div class=""><br></div><div class="">From a pure cryptographic perspective none of them are really hiding the message metadata people care about and indeed cannot, as the Liverpool Echo story points out (police can still track EncroPhone users via cell sites and messengers must still route messages to the right devices).<br></div><div class=""><br></div><div class="">So with respect to what you can use that your contacts will trust, sorry but I have no idea.<br></div><div class=""><br></div><div class=""><br></div></div></div></div></body></html>