I was wondering if encrypted apps like Tigertext messaging hackable?
I am thinking of using their API for a game I am looking to develop and I want to make sure the game clues that will be messaged can’t be hacked. I looked on the Tigertext API site http://www.tigertext.com/developers/ but I couldn’t find anything about this.
I mean if somebody wanted to hack the phone, could they read the encrypted messages on it?
Tigertext is HIPAA compliant, does that make it more secure?
Well, in short I would deem nothing 'unhackable'. Most people would have considered OpenSSL to be safe, and the Heartbleed-bug showed that in certain cases this was unsafe as well. A cynical answer would therefore be: nothing is unhackable.
The other part of this is that everything that will be decrypted on your user's client side will be accessible to him/her. So, by asking for something unhackable, who is not allowed to have the information? Is it your user that cannot see the information? Or is it just the data as it is in transit?
In the encryption debate, I think it is important to strike a balance between 'unhackability' and 'impact if hacked'. If the consequences of an intercepted message would be that one player would know the location of another, and would be cheating, it would probably be more efficient to implement a good banning system, instead of trying to create a really secure system.
Are you worried that (a) the player to whom you are sending the message might read the message early? Or (b) that a player could hack into the messages sent to a different player? Or (c) that a player could hack into the server itself and see *all* the messages?
You can trivially avoid (a) by not sending the message until the player should be able see it. You can avoid (b) by designing the game such that the clues for each player are different. And you can avoid (c) by not generating/storing the clues until they are needed.
All 3 of these situations seem to presuppose that the clues needed by each player are identical, in which case I don't need to hack into anything to cheat at your game. I can just wait for all the clues to be posted to a wiki somewhere (which will inevitably happen if your game is even moderately successful).
Thanks for the feedback
DaBono - I guess unhackable is not the best concept. For tigertext.com it seems that the effort to hack it looks like it is high, so that it might take too much time and effort to do so which is a good deterent.
Swiftcoder - The clues would be only for the user, and the ones who would want to know are the direct competitors for that day, so the clue would not be relivant in the game after 24 hours, so that it not and issue.
Again, thats for the feedback.
