CallProtector FAQ for secure calls & messages

Why CallProtector?

We implemented REAL end to end encryption with perfect forward secrecy.
We use OpenSSL which is one of the most used encryption libraries worldwide.

Symmetric Encryption with 256 Bit(OpenSSL)
Assymetric ECC Public Private Key with 521 Bit(OpenSSL)
ECDH 521 Bit (OpenSSL)
Perfect Forward Secrecy
EC curve secp521r1
Company located in Hongkong

Important: 521 Bit ECC is the same as 15360 Bit RSA or 256 Bit symmetric encryption!

What makes CallProtector safe?

Perfect Forward Secrecy
We implemented Perfect Forward Secrecy on the end to end layer.
If somebody takes control of your device he can only intercept future calls. Older calls are still safe!

Well tested library for algorithms
OpenSSL is one of the most used libraries worldwide, it is used in most of the internet.
All of the bugs found in the last 2 years(01.07.2015) did NOT influence the security of CallProtector!

No Systemencryption
All data is encrypted by us using SQLCipher(AES 256) instead of using system API.
If somebody can unlock your device there is no way to get your data out of CallProtector if your database password is still secret.

When I get a incoming call why doesn't it display the saved name?

This is impossible because of technical reasons, you could tell the other person to use their real name as their nickname.

Why doesn't it ring when I get a call?

iOS

If it is not ringing check if you have all permissions for CallProtector enabled. You can do this by opening your iPhone settings then tap on “Notifications” then tap on CallProtector. Everything should be enabled also the message style should not be “none”.

Android

Please check if you have any energy saving options or apps enabled.

Which data are we saving for each call?

For our internal statistics we are saving call duration and sometimes reasons for call interruption.

Additionally we are saving if your devices established a direct connection or if the call went over our relay servers.

We don’t want and can’t save your voice data. There are no possible ways to get the content of your call.

Which data is sent over GCM or APNS?

For incoming calls we are sending nickname, phone number and ID of the call.

For missed calls we are sending the ID of the call.

What do I pay for a CallProtector call?

We are not charging for calls, but the data is sent over your internet connection.

1 minute will be around 0,5 MB of data volume.

What are the 4 words?

The 4 words is the SAS(short authentication string) this is showing if the other person and you are using the same keys for the call.

If somebody would intercept the call the 4 words would be not the same. If somebody is attacking your call by a MITM(man in the middle) attack which is the only possible attack on CallProtector, your 4 words would not match!

Why do I get a security warning?

If somebody is reinstalling his app you will get this warning. The meaning of this warning is that your saved key of the other person is not matching the new one and CallProtector is warning you about that. This can also happen when somebody is intercepting the call, so you should always improve your security strength by comparing the 4 words.