Encryption is a hot and controversial topic these days and the latest to join the encryption party is popular messaging app Viber.
Following in the footsteps of rival WhatsApp, which turned on end-to-end encryption earlier this month, Viber now extends the same courtesy to its users.
Viber flipped the encryption switch on Wednesday and announced that it's now protecting users' conversations with end-to-end encryption.
Upon announcing the latest update, Viber chief operating officer Michael Shmilov said that the new encryption will prevent anyone from snooping on the private conversations of its 700 million users. With this end-to-end encryption, only those part of the chat can access the conversation while all others - including Viber itself - are locked out.
While this is a commendable move, it also sparked some questions. If WhatsApp explained how it achieved that end-to-end encryption for its users' messages, Viber offered no specific details regarding the protocols it's using. This prompted researchers to question whether Viber's messages are indeed as private and secure as the company says.
WhatsApp, for instance, published a security whitepaper to explain how it would encrypt users' messages. The Facebook-owned company also reckoned that it collaborated with the developers behind Signal, one of the top 3 messaging apps designed to keep users' data safe.
With no specifics from Viber, security researcher Frederic Jacobs says that Viber may have based its encryption on an MD5 algorithm, which is deemed as "cryptographically insecure."
Viber’s encryption appears to be a custom C++ implementation. Super reassuring they use MD5 for attachments. pic.twitter.com/wi6lB30KjY
— Frederic Jacobs (@FredericJacobs) April 19, 2016
In a statement to TechCruch, however, Viber now defends its practices and says that it's not using MD5. The company also highlights that it will not grant any backdoor access, regardless of the circumstance or country.
"Viber can access records that show only that one phone number has contacted another phone number," says a Viber spokesperson. "However we cannot access the content of messages or phone conversations."
The spokesperson further tells TechCrunch that Viber has conducted internal audits on the encryption protocol it implemented, and it will also perform external audits soon.
"Our encryption protocol was based on an open source protocol concept, with an extra level of security developed in-house," adds the Viber representative.
Viber's new encryption feature is set to roll out over the next couple of weeks, reaching all of its 700 million active users worldwide. The rollout has already started in several regions, pushing the Viber app to version 6.0, but not all users will get the update at once.