Our security philosophy
No matter in which country you live, security and privacy issues are rarely out of the news headlines these days.
As a result, we know that when choosing a security product, most people question why they should trust the software and those who created it. Credibility and trust are at the heart of the CryptTalk service.
This is why we operate with total transparency. We want what we offer to be crystal clear because this is important to our clients who value their personal privacy.
Our mission is to offer a product that gives the best protection in the world at an affordable price, and which is designed with the future in mind. Our team of more than 20 security specialists and telecommunications and software engineers apply their wealth of expertise to the design and implementation of CryptTalk with this objective in mind.
Let me explain our guiding principles in greater detail.
The five pillars of CryptTalk's approach to security:
Your security is at the heart of everything we do.
We know that CryptTalk's success is entirely based on trust and reputation, which take years to build, but only moments to lose. This is why we have to be systematic and exceptionally thorough.
Over the past five years, we assembled an experienced team of top-level telecommunication and software engineers, IT security experts, and operational managers whose mindset reflects these qualities.
They are a very talented, clever, and dynamic group who also know that especially in our line business, they must constantly adapt to change in order to succeed and excel. So we constantly look for ways to test ourselves, and we challenge assumptions about everything.
We have enormous respect for our customers, large and small. We know you're entrusting us with the task of protecting your confidential mobile voice communications and safeguarding your private and business secrets. Failure to protect these private conversations could well result in reputational and financial loss, and in some circumstances may even put lives at risk. This is why we are continually improving CryptTalk, fine-tuning its security features while enhancing convenience of use.
All our staff adhere to a strict code of contact:
- We follow strict internal security policies.
- We adhere to the latest and most secure software development standards and methods.
- We only use best-practice cryptography in our systems.
- Internal security tests and challenges are part of our everyday quality control procedures.
- We only work with in-house developers on our payroll. Freelance developers working elsewhere may be cheaper, but ensuring the security of such an open network is impossible in practice.
- We keep up with emerging security-related developments and trends. We constantly update our thinking, seeking to strike a balance between maximal security and ease-of-use.
- We have an on-going dialogue with external, independent security experts and auditors, quickly implementing their recommendations. We also work with prominent ethical hackers who review our solutions and strengthen our quality control procedures.
Best-Practice Cryptography
CryptTalk only uses best-practice algorithms that are recommended by thought-leaders in IT security. These algorithms are also approved and recommended by government security and military services.
Just as in the space industry, our product must work every time and under any condition. Accordingly, CryptTalk exclusively uses proven encryption and key-exchange algorithms.
We only work with secure platforms
When we started the development of CryptTalk, we reviewed all the available platforms. We chose the one providing the most comprehensive security features, Apple iOS.
Apple's closed-operating system guarantees that no third-party applications can surreptitiously access the device's speakers or microphone, memory or any other parts where information security could be compromised. CryptTalk checks for suspicious activity characteristic of jailbroken operating systems. If such activity is detected, CryptTalk stops immediately.
Ever since Android has released its 6th generation operating system with enhanced security functions, we have been enabled to provide the same level of security which previously was available only on Apple devices.
We operate under Swedish law for several reasons
When we founded CryptTalk, we looked for the country that had the best legal protection of the privacy of its citizens.
Our choice to headquarter CryptTalk in Stockholm, Sweden was deliberate. We operate under Swedish privacy laws, which many acknowledge to be among the strongest in the world. Many countries' legislation has not kept pace with technological progress. Typically national legislation in this area is a patchwork of compromises.
Sweden was the first country to enact a comprehensive statute regulating privacy online. The Data Act of 1973 was a first in the world, ensuring the protection of the privacy of personal data on computers. Certain personal freedoms, including the right to protection of personal data, are also found in the Swedish Constitution.
Accordingly, we believe that being established in Sweden ensures a level of legal protection for CryptTalk and its clients that is unavailable elsewhere in the world.
Ongoing regular third-party security assessments
CryptTalk is constantly reviewed and benchmarked by third-party reviewers. We analyze their feedback as part of our quality assurance program and use their recommendations to make improvements to the system. If our non-disclosure agreement allows it, we make third-party reviewers' findings public. The following list summarizes the disclosable reviews/audits. We regularly update this list as new reports become available. Copies of the full (disclosable) reports are available from Arenim upon request.
CryptTalk's third-party security review track record
| Date | App version |
Review done by | Description |
| 2012 June | 1.4 | YS | Re-assessment of the new registration process of the app's iTunes version. Review of the user management and admin interface. |
| 2013 April - 2013 October | 1.8 | Gergely Trifonov - independent auditor | Application and system plan review |
| 2013 November | 2.0 | One of the "Big Four" firms | CryptTalk 2.0 Client and server system plan review |
| 2013 December - 2014 May | 2.0 | Gergely Trifonov - independent auditor | Continuous code and application review |
| 2014 May | 2.0 | Silent Signal | Mobile application security assessment |
| 2014 June - 2014 August | 2.4 | Gergely Trifonov - independent auditor | CryptTalk 2.4, 2.5 development support - continuous review |
| 2014 September | 2.4 | Gergely Trifonov - independent auditor | Mobile application security assessment |
| 2015 January | 2.5 | Gergely Trifonov - independent auditor | CryptTalk 2.5 Client and server system plan review |
| 2015 May - 2015 June | 2.5.0 | NCC Group, UK | Complex mobile application security assessment |
| 2015 September | 2.5.3 | Silent Signal | Re-assessment including new CT standard version's registration process and internal admin interface |
| 2015 November | 2.7.2 | Silent Signal | CryptTalk iOS 2.7.2 |
| 2017 February | 2.9.5 | NCC Group, UK | CryptTalk iOS 2.9.5 |
| 2018 February | 3.4.0 | Silent Signal | AUMI 3.4.0 |
| 2018 March | 3.1.2 | Silent Signal | CryptTalk Android 3.1.2 |
