Is Grapherex Secure?
Grapherex is a multifunctional application that allows users to communicate and transfer cryptos to anyone from the user’s smartphone contact list or to any e-wallet address. Also, Grapherex plans to implement a feature that will make it possible to exchange cryptocurrencies within the app.
Sounds good. But is the app safe? In this article, we will discover how the application is built.
What a Signal Protocol Is and How It Provides Security
Grapherex is built on Signal protocol. A Signal Protocol is a cryptographic protocol that offers end-to-end encryption. It’s used by a wide range of communication applications that provide instant messages, as well as video and voice calls. Skype, WhatsApp, and Facebook Messenger are among them.
How It Provides Security
The Elliptic-curve Diffie-Hellman key agreement protocol, Double Ratchet key management algorithm, and Sesame message encryption algorithm are the basis of the message encryption Signal protocol. Let’s figure out what each of them means.
Elliptic-curve Diffie-Hellman enables two parties to create data available only to them over an unsecured channel. The participants of the communication get an elliptic-curve public-private key pair, which can be applied as a key or an instrument to get another key.
Public and Private key formats are used to make and verify XEdDSA, which is an EdDSA-compatible signature. This signature provides cryptographic deniability and privacy to the chat by setting a shared secret key between two parties (sender and receiver).
The Double Ratchet key management algorithm is implemented for end-to-end encryption in instant messaging. The algorithm helps exchange encrypted messages between two parties with the use of a shared secret key.
The participants of the communication get new keys for every message that uses Double Ratchet. The keys created earlier aren’t calculated from the following keys as the outcomes of Diffie-Hellman calculations are mingled into the derived keys. Parties send Diffie-Hellman public values together with the messages. If there is a compromise of keys of any party, these features allow for protection to encrypted messages.
The Sesame algorithm is applied to regulate sessions of message encryption in an asynchronous and multi-device setting.
What Is Personal Information Recorded When Using Grapherex?
All the information you provide, such as a valid phone number, name, or picture, is end-to-end encrypted. Moreover, when creating a Grapherex account, you must add only your phone number; other personal data is not required.
The client’s message history is kept only on the app device. Grapherex servers keep only messages that weren’t delivered as the device wasn’t temporarily connected to the Internet.
Synchronization of the personal contacts with Grapherex is safe, as all the data is cryptographically hashed.
Still, the application uses the minimum of the data just to provide a proper service operation.
Personal Data and Third Parties
Any communication on the platform can’t be decrypted or accessed by the company or a third party.
The app has the rights to share private data with legal authorities. Also, private information can be used if there is a threat to user or application assets. To protect clients from any security issue, the app can appeal to private data.
Grapherex cares about user’s privacy. However, data protection is not only about encryption provided by the Signal protocol but about using part of data to prevent security issues.