Enhance iMessage security using Confide

One of the new features in iOS 10 offers the possibility of deploying specially crafted applications within iMessage. Most users will probably (ab)use this new functionality for sending tiresome animations and gestures, but some applications can actually provide added value for iMessage communication.

imessage security confide

Confide for iMessage seems like a nice addition for those who want to build on the already solid security foundation of the iMessage/Messages environment.

Confide is a confidential messaging app. It has been available for iOS since 2013, and for Android since 2014. To take advantage the benefits of the iMessage “add-on”, all parties involved in the communication will need to install the iOS app. It generally requires the use of a free account, but the developers say that if you want to use just the iMessage part, you don’t need to set up an account.

You can create messages via the Confide option located behind the App Store icon of the iMessages input field. As you can see from the accompanying images, the actual text of the communication is shielded and it is only available when you open the message and swipe with your finger from top to bottom.

As you swipe, parts of the message will appear. If the message has a couple of lines, you will initially see just the first portion of it – you’ll need to slowly swipe down to show the rest of the text. Strangely, it works the same for photos, so you never have the full image in front of you, just fractions of it.

imessage security confide

All messages between Confide users are encrypted end-to-end. The encryption keys are generated locally, and this ensures that only the intended recipient can read your messages.

The company says the app uses “military grade cryptography”, but I couldn’t find any details about it. Communication is executed through Transport Layer Security. Users cannot view sent messages, and all received messages are deleted after they are read. Any unread confidential message will be automatically wiped after 48 hours.