Wickr employs multiple layers of encryption to secure your data and messages, both at rest and in transit, including:
- Wickr username, application ID and device ID are cryptographically hashed with multiple rounds of salted SHA256.
- Data at rest and in transit is encrypted with AES256.
- As part of Perfect Forward Secrecy, each message has a new encryption key that is deleted as soon as message is decrypted.
- Message encryption keys are encrypted with a key produced using ECDHE.
- Messages are bound to both the receiver’s application and device.
- No password or password hashes ever leave user device.
- All user content is forensically wiped from the device after it expires.
- Your UDID (Unique Device Identifier) is never uploaded to our servers so you are always anonymous to us.
Customer Security Promises
At Wickr, our mission is to transform how companies and organizations protect valuable, high-target communications. In doing so, we strive to build the most trusted communication platform in the world by investing in comprehensive and transparent security testing.
We are motivated by the belief that private and trusted communications are critical for organizations of all sizes. We understand that in order to earn this level of trust, our platform must be verifiably secure, ephemeral & available.
Fulfilling this mission requires significant engineering effort and transparency about how our technology works and why. From the start, Wickr has committed to delivering unique and advanced secure and ephemeral communication solutions, while adhering to a unique and advanced Security Program.
Wickr was founded on a strong belief that privacy is a universal human right that fuels global innovation and economic growth, and empowers democracy. Our commitment to user privacy and security drives every product and policy decision we make as a company. With technology becoming largely ubiquitous, Wickr stands firmly for strong encryption standards accessible to all – businesses and individuals – to protect intellectual property and personal information.
We continuously improve the security architecture of Wickr Messenger and Wickr for Business. Our robust peer-to-peer and multilayered encryption; hardware-bound authentication protocol; key verification; and custom expiration settings all work together to protect your data and your conversations. Wickr never has access to the keys to decrypt your messages, which means our servers that process user communications are of no value to criminals looking for personal data. Your contact list never touches our servers unencrypted, so your network remains private.
At Wickr, we believe that transparency is key in earning and retaining your trust. We will always tell you exactly how our technology works and how we handle your information. We regularly publish Transparency Reports detaining how we have responded to law enforcement requests for user information. We also undergo regular public security audits to verify the quality of our code and security policies.
It is our deepest commitment to support the expansion of strong and easy-to-use encryption and transparency across industries and countries to ensure our common security against criminal cyber-attacks. Wickr has never had and never will have a backdoor in its technology for any government
As a security-first company, we fully understand how critical the integrity of encryption protocols powering digital infrastructure is to protecting personal data. User trust is something we take very seriously. It is why we work tirelessly to ensure our encryption technology continues to advance and offer strong privacy protections to the Wickr community.
- Opening Wickr’s cryptographic protocols for independent public review.
- Running an open Bug bounty program focused on ensuring confidentiality and integrity of user data.
- A public Vulnerability Disclosure Policy.
- Publication of Legal Process Guidelines to share how Wickr responds to government request for user information.
- Regular publication of Transparency Reports.
- Independent testing by world class security consultants.
- Unit testing for applicable security issues identified through testing and bounties.
To further advance our security program, we have built a set of Customer Security Promises to guide our internal engineering and testing processes, enable Wickr users to gain a clear understanding of the level of security Wickr aims to provide, and provide public transparency into the methodology and results of independent security testing related to these promises.
By committing to a continuous process of refining and delivering on our Customer Security Promises, we aim to set a new standard in how companies build trust with their users. We are making a public commitment to our customers that Wickr products will perform to these promises and a commitment to the Wickr team internally that we will provide the resources and support required to live up to these high standards for protecting user privacy and security.
Securely Connecting the World
Content is encrypted locally on user devices and is only accessible to intended recipients. Wickr never has the decryption keys.
No conversation lives beyond its useful life – you decide when your content gets automatically deleted for good.
Perfect Forward & Backward Secrecy
Every message, file and call is encrypted with a new random key. As of now, breaking just one key would take trillions of years to decipher.
Even in the case of a breach, Wickr servers have no user communications - they are undecipherable in transit and deleted upon delivery.
User Key Verification
After exchanging keys with your contact, Wickr provides tools to help verify the identity of the person using the keys on the other side of your conversation.
Wickr enables your business to run your own private network. Control and centrally manage security policies for your users.
Users within one Wickr network can communicate with partners in other Wickr networks while still maintaining security and ephemerality controls.
Not only is your calling on Wickr end-to-end encrypted, it is also protected with forward security — whether 1:1, or in conference calls.
Premium data deserves premium security. That’s why we are committed to working with world-leading experts to thoroughly inspect our code.
Wickr’s messaging protocol is also available for public review.
“Aspect found no weaknesses in the latest version of Wickr software that would allow Wickr or a third party to gain access to unencrypted user messages.”
“Wickr met or exceeded the security score outlined in the Veracode Risk Adjusted Verification Methodology for an application at the high assurance level.”
“Rather than relying upon point-in-time security assessment, Wickr & NCC Group developed an iterative & transparent process that attests to Wickr’s commitment to protecting critical data & communications.”
SOC 2®. Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy.