Wickr employs multiple layers of encryption to secure your data and messages, both at rest and in transit, including:

  • Wickr username, application ID and device ID are cryptographically hashed with multiple rounds of salted SHA256;
  • Data at rest and in transit is encrypted with AES256;
  • As part of Perfect Forward Secrecy, each message has a new encryption key that is deleted as soon as message is decrypted;
  • Message encryption keys are encrypted with a key produced using ECDHE;
  • Messages are bound to both the receiver’s application and device;
  • No password or password hashes ever leave user device;
  • All user content is forensically wiped from the device after it expires;
  • Your UDID (Unique Device Identifier) is never uploaded to our servers so you are always anonymous to us.

Customer Security Promises

At Wickr, our mission is to transform how companies and organizations protect valuable, high-target communications. In doing so, we strive to build the most trusted communication platform in the world by investing in comprehensive and transparent security testing.

Wickr has built a sophisticated end-to-end encryption protocol that provides their users with strong cryptographic guarantees. – Dr. Matthew Green, Cryptographer & Professor at Johns Hopkins University

See Wickr & Bishop Fox Report on Customer Security Promises, July 2018See Wickr & NCC Group Report on Customer Security Promises, March 2018

Our Promise

We are motivated by the belief that private and trusted communications are critical for organizations of all sizes. We understand that in order to earn this level of trust, our platform must be verifiably secure, ephemeral & available.

Fulfilling this mission requires significant engineering effort and transparency about how our technology works and why. From the start, Wickr has committed to delivering unique and advanced secure and ephemeral communication solutions, while adhering to a unique and advanced Security Program

Our Commitment

Wickr was founded on a strong belief that privacy is a universal human right that fuels global innovation and economic growth, and empowers democracy. Our commitment to user privacy and security drives every product and policy decision we make as a company. With technology becoming largely ubiquitous, Wickr stands firmly for strong encryption standards accessible to all – businesses and individuals – to protect intellectual property and personal information.

We continuously improve the security architecture of Wickr Messenger and Wickr for Business. Our robust peer-to-peer and multilayered encryption; hardware-bound authentication protocol; key verification; and custom expiration settings all work together to protect your data and your conversations. Wickr never has access to the keys to decrypt your messages, which means our servers that process user communications are of no value to criminals looking for personal data. Your contact list never touches our servers unencrypted, so your network remains private.

At Wickr, we believe that transparency is key in earning and retaining your trust. We will always tell you exactly how our technology works and how we handle your information. We regularly publish Transparency Reports detaining how we have responded to law enforcement requests for user information. We also undergo regular public security audits to verify the quality of our code and security policies.

It is our deepest commitment to support the expansion of strong and easy-to-use encryption and transparency across industries and countries to ensure our common security against criminal cyber-attacks. Wickr has never had and never will have a backdoor in its technology for any government

As a security-first company, we fully understand how critical the integrity of encryption protocols powering digital infrastructure is to protecting personal data. User trust is something we take very seriously. It is why we work tirelessly to ensure our encryption technology continues to advance and offer strong privacy protections to the Wickr community.

Core Processes

Transparency

To further advance our security program, we have built a set of Customer Security Promises to guide our internal engineering and testing processes, enable Wickr users to gain a clear understanding of the level of security Wickr aims to provide, and provide public transparency into the methodology and results of independent security testing related to these promises.

By committing to a continuous process of refining and delivering on our Customer Security Promises, we aim to set a new standard in how companies build trust with their users. We are making a public commitment to our customers that Wickr products will perform to these promises and a commitment to the Wickr team internally that we will provide the resources and support required to live up to these high standards for protecting user privacy and security.

Securely Connecting the World


1494997896135

End-to-end Encryption

Content is encrypted locally on user devices and is only accessible to intended recipients. Wickr never has the decryption keys.

1494998698730

Ephemerality

No conversation lives beyond its useful life – you decide when your content gets automatically deleted for good.

1494998421532

Perfect forward & backward secrecy

Every message, file and call is encrypted with a new random key. As of now, breaking just one key would take trillions of years to decipher.

1494998207413

Zero knowledge

Even in the case of a breach, Wickr servers have no user communications - they are undecipherable in transit and deleted upon delivery.

1494998785766

User Key Verification

After exchanging keys with your contact, Wickr provides tools to help verify the identity of the person using the keys on the other side of your conversation.

1494999289883

Network Controls

Wickr enables your business to run your own private network. Control and centrally manage security policies for your users.

noun 1007327 bfbfbf

Federation

Users within one Wickr network can communicate with partners in other Wickr networks while still maintaining security and ephemerality controls.

1494999570562

Secure calling

Not only is your calling on Wickr end-to-end encrypted, it is also protected with forward security - whether 1:1, or in conference calls.

The Wickr Secure Messaging Protocol provides a platform for secure communications.

WHITE PAPER


Our goal is to offer enough technical detail to allow security experts and cryptographers to observe the protocol’s security design, use of cryptographic primitives, etc. while also providing value to a wider audience of users and interested parties.

Learn more and follow this link to get the white paper.

Security, Verified.


Premium data deserves premium security. That’s why we are committed to working with world-leading experts to thoroughly inspect our code.
Wickr’s messaging protocol is also available for public review.

aspect logo

“Aspect found no weaknesses in the latest version of Wickr software that would allow Wickr or a third party to gain access to unencrypted user messages.” – View PDF

veracode logo

“Wickr met or exceeded the security score outlined in the Veracode Risk Adjusted Verification Methodology for an application at the high assurance level.”

nccgroup logo

“Rather than relying upon point-in-time security assessment, Wickr & NCC Group developed an iterative & transparent process that attests to Wickr’s commitment to protecting critical data & communications.”

soc serviceorg logo

SOC 2®. Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy.