Wickr is protected by 256-bit authenticated end-to-end encryption. Communications are encrypted locally on user devices and are protected the entire time they travel to their intended recipients. Even Wickr never has the decryption keys.
Every call, message, and file is encrypted with a new random key. Breaking just one key would take trillions of years — and with a new key for each piece of communication, your data is fully protected.
Even in the case of a breach, Wickr servers cannot leak user communications — they are undecipherable in transit and deleted upon delivery.
Messages and files can autodelete based on the time they were sent and/or the time they were read. After your designated amount of time, the data is put through our digital shredder and replaced with random bits of code, so that it can never be uncovered.
Multi-factor authentication, account takeover protection, device encryption at rest, client network traffic obfuscation, secure link previews, message revoke, user blocking, screenshot detection, overlay protection, and more. FIPS 140-2 certified clients available.
After exchanging keys with your contact, Wickr provides tools to help verify the identity of the person using the keys on the other side of your conversation.
Constant bit rate VoIP, Scrypt-based password hashing, constant time-hardened crypto implementation, hardened binaries, and security memory management and deletion.
Transparency is key to good cybersecurity. This is why Wickr implements open source crypto, conducts continuous third party audits, and runs a high reward bug bounty program.
We are constantly trying to improve and innovate by conducting ongoing research and development, engaging in thought leadership, and collaborating extensively with the industry and academia.
Premium data deserves premium security. That’s why we are committed to working with world-leading experts to thoroughly inspect our code.
SOC 2®. Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy.
“Aspect found no weaknesses in the latest version of Wickr software that would allow Wickr or a third party to gain access to unencrypted user messages.”
"Bishop Fox monitors feature and implementation changes between engagements and performs a targeted in-depth manual review of Wickr’s protocols and implementation. These engagements aim to further reinforce the promises previously verified by the assessment team and ensure that, as the product evolves, the promises made to Wickr’s customers are not compromised."
"Data Theorem helps Wickr analyze every release of its apps to verify defensive code, baked-in security features, and to address security issues before they reach production."
"HackerOne helps Wickr mitigate real-world application security risk with help from a global hacker community."
"Wickr works with Kroll to help verify that AWS Wickr user data is not available to adversaries using open source and commercial forensic tools and techniques."
“Rather than relying upon point-in-time security assessment, Wickr & NCC Group developed an iterative & transparent process that attests to Wickr’s commitment to protecting critical data & communications.”
“Wickr met or exceeded the security score outlined in the Veracode Risk Adjusted Verification Methodology for an application at the high assurance level.”