Re: Matters arising
>I may be wrong but my understanding is of encryption when using this device depending upon a dedicated chip.
I wonder whether any of these devices get into the hands of white hat researchers...
I suspect from what little has been published, both about what the police are letting on about EncroChat and what was published on the EncroChat website (see link elsewhere in comments to the WayBack Machine), the encryption actually used was a bulk standard off-the-shelf package and possibly one natively supported by Android. What does make sense, is the attention paid to key management so that the service could guarantee anonymity. I suspect many will now be looking at how you might implement a secure end-to-end secure messaging service that avoids the flaws in PGP, AES et al, namely:
For example, with PGP a user has only one key. If the private key of a user is exposed, a perpetrator is able to decrypt all previous messages sent. Another serious drawback is non-reputability. Every message is signed with your private key which verifies and exposes the sender's digital identity, proving authorship of the message.
>The criminal element might have done better by using throwaway phones for each transaction. By not using potentially dodgy encryption they wouldn't draw attention to themselves.
The use of throwaway phones would of mitigated the worst effects of the "malware" install. I think the 'dodgy' encryption had zero to do with it - with the amount of encrypted traffic flowing these days I doubt the traffic itself drew any attention.