Ubinodes

brunomoutier

Features for Communication apps.

Updated 06 April 2021.

Copyright: European Union Public License, version 1.2 (EUPL-1.2).

In order to benchmark communication applications, not overlook some features and have consistency across our articles, we designed a list of features to review.

1.1- Code & developers.

  • Code: Open source or audited by trusted third party.
  • License: FOSS (Free Open Source Software), or Freemium.
  • Liveliness: Actively maintained: App is regularly updated.
  • Support: Emergency support by the provider. The team is answering to support requests from users.
  • In-app communication with support team: 
  • Whitepaper: Whitepaper available explaining in detail the concept.
  • Ownership: Who owns the body behind the development and maintenance of the app.

1.2- Package.

  • Platforms: Multi-platform,  Windows, Linux, MacOS, Android, iOS, Ubuntu Touch etc.
  • App stores: Available from alternative repositories: APKpure, F-Droid, Github, team’s website etc. That way user doesn’t have to use a Google or Microsoft account.
  • Apk Signature: Signature key provided on website to check that APK downloaded has not be tampered with.
  • Digitally signed with Microsoft: So as not to trigger a warning from Windows SmartScreen.
  • Push notifications: Uses the standard push notification service provided by the operating system.
  • OTA updates: Over-the-Air means updates are downloaded automatically by the app.

1.3- Usability.

  • Intuitive: Adoption from the team is easy even for non geeks, from installation to using all most features.
  • Same features: On all types of operating systems: For example features available on the Android is the same as with iOS which is the same as on Windows which is also available on Linux.
  • Administration of users: Example for a communication app: Administrator can Invite, remove, block, mute, define moderators. Example for a website or blog: Not just one single admin access that has to be shared (like Medium), but can create editor’s access to the team (like WordPress, Steemit).
  • Desktop: Has a desktop application, not just mobile apps. For user-friendliness, productivity, ease of adoption.
  • Synchronicity: is it asynchronous (offline) messaging. Parties don’t have to be connected at the same time in order to send messages to one another (which is the problem with p2p apps such as Jami or Briar).
  • Content Search: In app content search engine that works even offline.
  • Contact search: Search field to find contact in the app’s contact list.
  • QR code for contact: Easy to add new contact with QR code scanning.
  • QR code for additional device: Easy to add new device with bar code scanning, no need to re-enter credentials.
  • File support: Type of files supported, like text, images, video, sound.
  • Delivery and read receipts: Lets sender know when messages have been delivered and when they have been read.
  • Typing indicator: Shows when your contact is currently typing.
  • App Notifications:
    • Shows number of new messages:
    • Ability to manage mode of notifications: Vibrate, sound, DEL:
    • Ability to manage per type of incoming message: direct chat, group, forum etc.
  • Trimming: Ability to trim older messages past a certain date/size in the chat.
  • Export: Ability to export data encrypted on external device or in the cloud to move it to another device.
  • Device Synchronisation: Messages and contacts are synchronised between your devices. You can start a chat on one device and finish one another.
  • Night mode: Ability to change to dark mode.
  • Status indicator: Ability to indicate availability of user or hide it.
  • Quote: Messages can be quoted, i.e. you can reply to specific messages within a chat.
  • Format: You can format text in bold, italic and strikethrough.
  • Go to last message button:
  • Chat continuity: When coming back to a conversation, takes you where you left the conversation.
  • Contact list: A separate list of your contacts.
  • Multi-account: Ability to have different accounts on the same device.
  • Message segregation: one-on-one, group, forum, messages are shown in different spaces.
  • Screen rotation: When rotating the device, the app is rotating too, instead of staying in portrait mode.

1.4- Productivity.

  • Provides Forums: 
  • Provides private blog: 
  • Provides RSS feed: 
  • File sharing: Ability to share any type of files with contacts
  • Own domain name: For emails.
  • Can share GPS position​​​​​​: 
  • Supports bots: 
  • Voice meetings: 
  • Video meetings: 
  • Group invite by link: Ability to invite by giving a link.
  • Contact member of a group: Ability to see group members and contact them one-on-one.
  • IRC like commands: Can obtain lists by using “/” commands.

1.5- Security & Privacy.

  • No identifying information: At purchase and set up (email, phone number, credit card).
  • No permission request for device access: Doesn’t access device’s data at installation. Doesn’t scavenge on your contacts and media files.
  • Resistance to state-sponsored criminals: Police, prosecutors etc. Their crimes are “legal” since they’ve corrupted state institutions. They are the most dangerous sort of criminals, to an individual or to a country. If they’ve done something illegal, they can cover it up any ways they like. They can intercept and read IMAP, POP3, TLS, SSL. They can spoof your email provider SSL certificate. They can have access to your SMS, emails, meaning a recovery option is often an easy attack possibility for them.
  • Not in a 5 eyes country: Whether for the servers used or the team/company developing the app: Australia, Canada, New Zealand, United Kingdom, United States.
  • End-to-end encryption: Every message & file is cryptographically secure.
  • Encrypted by default: Not as an option (as with Telegram, WhatsApp). For both direct chats and group chats.
  • Zero-Knowledge: Encryption key stays in the user’s device, not shared with the server. Data doesn’t stay on a central server once delivered to recipient and is encrypted at rest. No logs.
  • Ephemerality. Messages are automatically deleted from all recipients’ devices after a set period of time.
  • Data shredding. Once deleted files are unrecoverable by forensic software (Wickr).
  • Chat history: Are new members able to read all older messages when joining a group or adding a new device? This can be either or Pro or a Con depending on the threat model. Wire prevents this as a security measure, so that an intruder wouldn’t be able to read messages.
  • Tamper proof: warning if MITM (Man-in-the-Middle) type attack or other form of tempering with communication, data, updates etc.
  • Security word: Allows you to verify integrity of the communication by checking a security word at the beginning of each voice call (Silent Phone, Signal).
  • Contact Verification: Can verify addressees by fingerprinting devices. List of verified addressees in the apps settings.
  • Auto log off: The app logs off after a set delay. That’s not screen lock but log off.
  • Password protected: When launching the app, must use a password or a code.
  • No recovery option: Using email or SMS, to protect from state-sponsored criminals. Recovery can be done using recovery code (Tutanota) or seed phrase (Session), or not at all (Wickr Me).
  • Data at rest is encrypted: Decryption happens when launching the app, after entering password or code. Even when compelled by law, messages on the app cannot be decrypted by third party (Forensic).
  • Anonymous: Data is sent through anonymizing network (Tor, Lokinet) and metadata is encrypted (Olvid).
  • Plausible deniability: Can’t create a similar ID (same fingerprint) on different devices.
  • Prohibits screen shot: Can prohibit recipient from taking screenshots.
  • Screen shot warning: If addressee takes a screenshot, sender gets a notification (Telegram).
  • Lock screen. Can set up a delay to lock the screen after period of inactivity.
  • Disable keyboard learning of the device:
  • Disable link preview in messages:
  • ID revocation: Ability to revoke an ID from website in case device(s) are compromised (Threema).
  • Panic button: Ability to trigger an action to delete the data or the account.
  • Mobile data in-app deactivation: Ability to deactivate use of mobile data in app settings.
  • Off Grid connection. Possibility to connect directly using Bluetooth or Wifi, without internet.
  • Decentralisation or distribution: Members can keep communicating even without a central server or host.
  • Delete own messages: Ability to delete a message from all devices and recipients devices.
  • Delete groups: Ability to delete a group in such a way that it disappears from all members’ devices.
  • Transparency report or Warrant Canary: Publicly shares any request received by a governmental agency.
  • Access and activity logs: To know when and by whom the app has been accessed.
  • IP restrictions: To restrict access to only pre-approved IP addresses.
  • TOR sign up: Ability to create an account using TOR.
  • Self-destruct account: Account is deleted after set period without logging in.

1.6- Price and value.

  • Cost-effectiveness: For large user base, affordable monthly fee or one-off license fee. Example for a communication app: If you have 15 people in your team, your organisation can reasonably afford the monthly fee.
  • Anonymous payment: Can pay using anonymous cryptocurrency (Monero).
  • Size of the group: How many members can join a group? Wickr is 50, Threema is 100, Wire is 250, Telegram is thousands.
  • File sharing. What is the maximum size of file sharing, including videos?

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Subscribe to
our newsletter

Create a website or blog at WordPress.com