No matter in which country you live, security and privacy issues are rarely out of the news headlines these days.
As a result we know that when choosing a security product, most people question why they should trust the software, and those who created it. Credibility and trust are at the heart of the CryptTalk service.
This is why we operate with total transparency. We want our offer to be crystal clear because this is important to our clients who value their personal privacy.
Our mission is to offer a product that gives the best protection in the world at an affordable price, and which is designed with the future in mind. Our team of more than 20 security specialists and telecommunications and software engineers apply their wealth of expertise to the design and implementation of CryptTalk with this objective in mind.
Let me explain our guiding principles in greater detail.
We know that CryptTalk's success is entirely based on trust and reputation, which take years to build, but only moments to lose. This is why we have to be systematic and exceptionally thorough.
Over the past five years we assembled an experienced team of top-level telecommunication and software engineers, IT security experts and operational managers whose mindset reflects these qualities.
They are a very talented, clever and dynamic group, who also know that especially in our line business, they must constantly adapt to change in order to succeed and excel. So we constantly look for ways to test ourselves, and we challenge assumptions about everything.
We have enormous respect for our customers, large and small. We know you're entrusting us with the task of protecting your confidential mobile voice communications and safeguarding your private and business secrets. Failure to protect these private conversations could well result in reputational and financial loss, and in some circumstances may even put lives at risk. This is why we are continually improving CryptTalk, fine-tuning its security features while enhancing convenience of use.
All our staff adhere to a strict code of contact:
CryptTalk only uses Best Practice algorithms that are recommended by thought-leaders in IT security. These algorithms are also approved and recommended by government security and military services.
Just as in the space industry, our product must work every time and under any condition. Accordingly, CryptTalk exclusively uses proven encryption and key-exchange algorithms.
When we started the development of CryptTalk, we reviewed all the available platforms. We chose the one providing the most comprehensive security features, Apple iOS.
Apple's closed operating system guarantees that no third party applications can surreptitiously access the device's speakers or microphone, memory or any other parts where information security could be compromised. CryptTalk checks for suspicious activity characteristic of jailbroken operating systems. If such activity is detected, CryptTalk stops immediately.
We are constantly examining the security features of alternative platforms, such as Windows and Android. But as long as these platforms are unable to deliver the same top-level security as iOS devices, we will not support them. CryptTalk only has one security level, "Top Security", which we will not compromise.
CryptTalk is regularly updated and improved to take advantage of the regular security and feature enhancements to Apple's operating system.
When we founded CryptTalk, we looked for the country that had the best legal protection of the privacy of its citizens.
Our choice to headquarter CryptTalk in Stockholm, Sweden was deliberate. We operate under Swedish privacy laws, which many acknowledge to be among the strongest in the world. Many countries' legislation has not kept pace with technological progress. Typically national legislation in this area is a patchwork of compromises.
Sweden was the first country to enact a comprehensive statute regulating privacy online. The Data Act of 1973 was a first in the world, ensuring the protection of the privacy of personal data on computers. Certain personal freedoms, including the right to protection of personal data, are also found in the Swedish Constitution.
Accordingly, we believe that being established in Sweden ensures a level of legal protection for CryptTalk and its clients that is unavailable elsewhere in the world.
CryptTalk is constantly reviewed and benchmarked by third-party reviewers. We analyze their feedback as part of our quality assurance program and use their recommendations to make improvements to the system. If our non-disclosure agreement allows it, we make third-party reviewers' findings public. The following list summarizes the disclosable reviews/audits. We regularly update this list as new reports become available. Copies of the full (disclosable) reports are available from Arenim upon request.
|Review done by||Description|
|2012 June||1.4||YS||Re-assessment of the new registration process of the app's iTunes version.
Review of the user management and admin interface.
|2013 April - 2013 October||1.8||Gergely Trifonov - independent auditor||Application and system plan review|
|2013 November||2.0||One of the "Big Four" firms||CryptTalk 2.0 Client and server system plan review|
|2013 December - 2014 May||2.0||Gergely Trifonov - independent auditor||Continuous code and application review|
|2014 May||2.0||Silent Signal||Mobile application security assessment|
|2014 June - 2014 August||2.4||Gergely Trifonov - independent auditor||CryptTalk 2.4, 2.5 development support - continuous review|
|2014 September||2.4||Gergely Trifonov - independent auditor||Mobile application security assessment|
|2015 January||2.5||Gergely Trifonov - independent auditor||CryptTalk 2.5 Client and server system plan review|
|2015 May - 2015 June||2.5.0||NCC Group, UK||Complex mobile application security assessment|
|2015 September||2.5.3||Silent Signal||Re-assessment including new CT standard version's registration process and internal admin interface|