ChatSecure is a free mobile phone application for iPhone and Android devices that allows users to communicate with off the record instant messaging. ChatSecure allows users to send instant messages and chats using a cell phone, instead of with a traditional desktop or laptop computer. It's compatible with iPhone and Android phones.
ChatSecure supports OTR encryption over XMPP. All messages sent via ChatSecure are completely private, so long as the person you are chatting with is also using an OTR compatible instant messaging client like ChatSecure, Adium, Pidgin, or Jitsi. The app’s capabilities allow it to deliver audio messages, photos, files, or text.
When you send messages using ChatSecure, they are not stored on the phone system's memory. ChatSecure used with the privacy plugin Orbot should be able to bypass most firewalls, network restrictions, and blacklists. The app can manage multiple accounts, so you can chat with your Facebook friends, Google contacts, or other privacy conscious users that use an instant messaging program that supports OTR encryption.
How to Install and Configure ChatSecure
1. Download and Install ChatSecure
Visit the Apple App Store or Google Play store and search for ChatSecure by The Guardian Project. Select “Install” and accept the Terms of Service by clicking “Accept.” The app will download and install automatically.
2. Open the App and Set Your Password
When you open the app you will be promoted to set a password. You will be prompted to create a passphrase in order to locally encrypt your data. If you choose to do this, your data will be encrypted in transit, as well as encrypted locally on your phone.
If you choose to skip this step, your messages will still be encrypted in transit, but will not be protected on your device. For more information on selecting a strong passphrase, see our module on Passwords.
3. Configure Your Accounts
You can add a variety of different accounts your ChatSecure app. To add GoogleTalk or Google Hangouts, choose “Google.” To add any XMPP or Jabber messaging service, choose “Jabber (XMPP).” To add your Facebook account, also choose “Jabber (XMPP).”
Once you’ve added your account, type in your username (or email address) and your password to sign in. Your contacts should load automatically.
To add a second or third account, click on the “accounts” tab in the menu. In the upper right hand corner, click on the “+” sign. You can either choose to add an existing account or create a new account.
How to Use ChatSecure
1. Sign in to Your Accounts
To sign in to your account, click on the “accounts” tab in the menu and turn on the accounts you wish to use. Once you sign in, anyone can connect with you from a mobile or desktop instant messaging application.
2. Start End-to-end Encryption
Once you’ve started a chat with someone, click on the unlocked lock icon on the top menu bar of the display. Choose “Start Encryption.” If the person you are chatting with has an OTR compatible instant messaging system, then you will have the option to verify your (and their) fingerprint.
ChatSecure offers three ways to verify OTR fingerprints, but if you're chatting with someone over a desktop instant messenger and not with ChatSecure, the best way to verify an OTR fingerprint is by communicating through another channel. You can resend your fingerprint over an SMS (TextSecure), say it over the phone if you recognize one another's voices, use PGP email, or verify in person. Click on “manual verification” and ChatSecure will display your and your friend's fingerprints. If you can confirm that you both have the same information, you can click “verify.”
ChatSecure supports manual verification or verification by scanning the other user’s barcode (QR). If you are in the same room as the other person, you can easily scan the barcode on their phone or read your keys aloud to one another.
3. Understand Your Options
- Just like a desktop instant messaging service, ChatSecure gives you the option to appear offline, busy, idle, or away. To change this setting click on your name at the top of your friends list.
- ChatSecure also allows you to initiate group chats and add new contacts, both of which can be done from the main menu. (Note that group chats cannot be secured like one-on-one chats due to limitations of the OTR protocol.)
- The app supports multimedia messaging, can take pictures, and can send photos and files securely if your friend is also using end-to-end encryption and you are able to verify her identity.
- ChatSecure gives you the option to create a new XMPP or Jabber messaging account that supports OTR encryption. If you don't already use XMPP messaging, this is a great opportunity to create one and experiment with non-proprietary messaging.