Bridgefy Security Update
On October 30, Bridgefy is launching a major update for the Bridgefy SDK and the Bridgefy App, improving security and privacy for all users. The Bridgefy SDK is an innovative development framework that developers can use to make their apps work without Internet, by enabling offline mesh-network communications between users. Powered by the Bridgefy SDK, the Bridgefy messaging app is a tool that has been used by millions of people during natural disasters, large events, and, most recently, protests.
Security updates to the Bridgefy SDK and Bridgefy App
Whether it’s used for building a payments app for small business-owners to sell goods, an app for communicating during Internet shutdowns, or an app for people to find loved ones after a natural disaster, the Bridgefy SDK now has pro-level security enhancements for a wide range of needs. We adopted Signal, a renowned security protocol used by companies like Microsoft and Facebook to make sure users stay safe, and information kept private. The improvements made to the Bridgefy SDK are:
- All messages will be end-to-end encrypted
- A third person will no longer be able to impersonate any other user
- Man-in-the-middle attacks done by modifying stored keys will no longer be possible
- One-to-one messages sent over the mesh network will no longer contain the sender and receiver IDs in plain text
- A third person will no longer be able to use the server’s API to learn others’ usernames
- All payloads will be encrypted
- Historical proximity tracking will not be possible
This basically means that all messages and users are now safe from unwanted prying eyes. For a detailed technical description of this update, please read our blog post: Technical Article on our Security Updates.
Bridgefy is the leader when it comes to offline messaging apps. Downloaded by more than 2 million people as of October 2020, the Bridgefy App is quickly becoming a reference for users going through natural disasters, participating in protests, at large events, and many other situations. The Bridgefy SDK is currently being used by more than 40 companies, to include into their mobile apps and thus make them work offline. This will open up new markets and increase revenue for their mobile products.
We started Bridgefy in 2014, with the intention of building an app that people could use at large events and after natural disasters. The scenarios we’d originally envisioned didn’t call for high-end security; although we had big dreams, we never thought Bridgefy would turn into “the protest app of choice” of hundreds of thousands of people. As the Bridgefy App grew in popularity and in use cases, the obvious next step for us was to adapt. Working on improving the app’s security and privacy was something that our users called for, and we’re happy with the results.
We are aware of the tremendous responsibility we have towards our users, and we’re committed to improving our security continuously to make sure the chances of attacks are reduced even further.