The Prism surveillance scandal has shown that the NSA and other agencies can tap into most communication channels. One of the proposed solutions is encryption and here especially open solutions that anyone with expertise can analyze.
RedPhone is an application for Android devices that can encrypt phone conversations on the device. It is open source, with the source code readily available on GitHub so that you can audit and compile it at anytime.
The app uses voice over IP technology (voip) to encrypt phone calls, which means that the calls made using it are handled by a data plan.
The first thing you are asked to to after you install RedPhone on your mobile phone is to register your phone number with the service. This is a semi-automated process, with the number filled out automatically. All you have to do is make sure it is correct before you hit the register button to continue.
The phone number that you have selected will then be verified with a SMS that is automatically detected by the application.
You are then taken to the address book displaying all your contacts. While you can call contacts from here right away, you need to be aware that the contact too needs to run RedPhone on the device. This is definitely a limitation as the app is limited to Android right now. If the recipient uses an iPhone, Windows Phone or a landline, it is not working at all.
Anyway, when RedPhone notices that a phone number is not using the application as well, it is offering to send a RedPhone install link to that phone number via SMS, or to call it regularly.
RedPhone is using SRTP to encrypt calls and ZRTP to negotiate the keys. If both parties use RedPhone, the app uses the keys from both users to generate a simple passphrase that is displayed on both screens. Users need to exchange the passphrase to make sure it matches and that no one tapped the line or intercepts it with a man-in-the-middle attack.
You can access additional information about the encryption used here on GitHub.
The core benefits of RedPhone are that it uses regular phone numbers to make encrypted calls, so that you can get started right away, that it is open source, and that it is using a wireless or data connection and not your plan's minutes.
The downsides are that it is currently only available for Android, that both parties need to have it installed, and that both parties need to verify the created passphrase to make sure that the connection is save.
The Android limitation is probably the factor that is keeping the application from reaching a larger audience. It offers several benefits that make it attractive though, like the easy installation.
If you have a couple of contacts that use Android, and that you want to talk to using encryption, then you may want to give this application a try.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.