As a smartphone app for anonymous broadcast messaging, Vibe is going after an important idea. In fact, it’s been promoted as an anonymous version of Twitter. Anyone with the app can post – there are no accounts – and users are able to limit the lifetime of the messages (from a few minutes to a few days) and the location to which they are broadcast (from a few meters to anywhere).
Vibe is clearly a useful tool. Some of the ways it has apparently been used include asking anonymous questions at a conference, and communicating with neighbours about local events. The ‘anonymity’ of not having to create an account may be perfectly adequate for these situations. However, when it comes to its use by activists – where it is being promoted as an appropriate tool for people with serious security implications should their identify be revealed – we need to delve deeper into promises of anonymity.
In the case of Vibe, our analysis revealed some serious concerns. Some of these have come up in other reviews as well.
- First, we have no information on whether messages that expire (and are therefore no longer visible to vibe users) are actually removed from Vibe’s servers and server logs. If they aren’t, this is a permanent record subject to requests from law enforcement.
- Second, all communication between the app and the server is unencrypted (HTTP), and vulnerable to eavesdropping on insecure WiFi networks, or by mobile network operators or Internet service providers.
- Third, the app stores and transmits an internal user ID alongside each message. This is what the messages look like. Even if you can’t immediately link a user ID to a specific person, the mobile network operator (MNO) or someone eavesdropping on a WiFi network probably can, and someone who has even brief access to a phone with the app installed certainly can.
The table below is from Evaluating Security Apps, MobileActive.org’s guide to deciding whether specific apps are suitable for communicating sensitive information. Not everyone has the same security requirements, or the same operational environment, and we encourage you to assess your security risks in a systematic way.
|Will it work on my phone?|
|Vibe is available for iPhone and Android. Testing on Android, it required continuous Internet access to work and crashed without it.|
Installed through the iPhone app store. Android users can download the .apk file directly from http://zami.com/v.html
|Risks, Costs and Benefits|
|Vibe is like Twitter without accounts – no need to sign up, just send out a ‘Vibe’ to people nearby.|
The potential risks are significant if you need better anonymity than just not having to show a screen name – the app uniquely identifies users and transmits data unencrypted, and may also store data on its servers for longer than it is visible to users.
The app is free, data charges apply.
|Is this app trustworthy?|
|When tested on Android, Vibe requested location permissions, as well as Internet access.|
Development of Vibe was outsourced to Zami.com by its creator, Hazem Sayed. The complete lack of security features suggest that this app was not built for secure communication, and the fact that it crashes when it doesn’t have continuous Internet access does not instill confidence.
There is no public-facing website for Vibe, and no way to get support or connect with the user community besides possibly using the app itself.
Source code is not publicly available, and there is not information about how data is stored on servers.
Data is transmitted unencrypted using HTTP
Image from Adrian Kinloch on Flickr