Re: Unclear
"Not sure where the AES128 comes in."
I believe the app makers are saying AES128 is used for messages, contacts, call logs and other things are encrypted using AES with a 128-bit key. But in the hacker's test, a simple PNG file was 'encrypted' using a single byte 'key' and plain XOR. And only the first 128 bytes of the PNG. Bizarre. So maybe images aren't encrypted in any meaningful way?
I've tweaked the story here and there to make it a bit more clearer.
C.