Frequently Asked Questions

1. How does RedPhone provide call encryption?

RedPhone uses ZRTP, an open standard developed by Phillip Zimmermann, to setup a SRTP stream between two devices. This provides end-to-end security; because the call is fully encrypted from one end to the other, there's no possibility that someone is listening in.

2. Wait, but isn't mobile VOIP unreliable?

Standard VOIP clients which are ported directly to the mobile environment tend to have problems. Most VOIP applications communicate with a PBX like Asterisk or FreeSwitch using SIP. While this might work acceptably well in a non-mobile environment, it tends to cause problems on your phone. SIP requires that you maintain a constant connection to your SIP server, otherwise you won't be able to receive incoming calls. Maintaining that connection in the mobile environment means that your phone can't ever really go to sleep, and the short breaks in connectivity common with mobile phones can cause a lot of problems with the signaling.

RedPhone was developed specifically with the mobile environment in mind, however, and eliminates the use of SIP entirely by leveraging the signaling infrastructre already built in to the telecommunications network. Not only does this mean that your phone can go to sleep and that a lot of the flakiness surrounding VOIP is eliminated, but that you are able to make secure calls to other phones using their normal mobile numbers rather than having to remember another identifier.

3. Does a RedPhone call use minutes on my cell plan?

No, RedPhone communicates between two mobile handsets using either Wifi or 3G. So you can talk as long as you want at whatever time of day you'd like without burning minutes on your plan. And it's secure, too!

4. Does it cost anything at all to make a RedPhone call?

RedPhone tells another phone that it would like to start a call by using SMS. When you initiate a call, your phone contacts our high-speed switch, which sends an SMS on your behalf to the recipient of the call. Initiating a call costs nothing, and your mobile carrier may charge you for receiving a single text message when you receive an incoming call.

5. Is RedPhone susceptible to pen registers?

A pen register (or a "trap and trace" device) is used to monitor who is calling who. When you initiate a call using RedPhone, your phone makes an SSL connection to our high speed switch and asks it to initiate a call. The switch then sends an encrypted SMS message to the recipient of the call on your behalf. Since both links of this call setup procedure are encrypted, and since the initiating SMS comes from our switch rather than your phone, there is no easy record of who is calling who.

It could certainly be possible, however, for a powerful adversary with the ability to monitor all network traffic to do traffic correlation in order to determine who is calling who.

6. How do I dial a number using RedPhone?

There are a few ways to initiate a RedPhone call. Once you have RedPhone installed and registered, you can click on the RedPhone icon and select someone to call from a contact list. If you want to call a number that you don't have listed as a contact, simply use the normal phone dialer and append a '*' character at the end of the number.

7. How does TextSecure provide encrypted texting?

The TextSecure encrypted SMS protocol is based on the popular "Off The Record Messaging" protocol developed by Nikita Borisov and Ian Goldberg. TextSecure aims to adapt the principles of OTR (forward-security and deniability) to the SMS environment by compressing the message format to fit in the limited space provided by an SMS message. To this end, TextSecure uses ECC keys rather than Diffie-Hellman keys, and a protocol format that was designed with space efficiency in mind. All the ECC parameters were chosen based on the NSA Suite B specification for Top Secret material.

8. What platforms do you support?

RedPhone and TextSecure are currently available for Android 1.6 and up. We hope to port these applications to other mobile platforms shortly.

9. Do you make source code available?

All of our source is available for review. Some of our products, such as WhisperYAFFS, are released under an open source license. Other products are commercially licensed and can be reviewed by commercial customers.

10. Does RedPhone support international numbers?

For the initial Beta, RedPhone is unfortunately US-only. We will be adding international calling support in the near future.

11. How do I contact you?

Send us an email at info @whispersys. com, check for us in #whispersystems on irc.freenode.net, or find us on Twitter as @whispersystems.

12. Is there a way for me to eliminate that TextSecure notification icon?

Unfortunately, there is not. We aren't being vain by displaying the "TextSecure Passphrase Cached" notification at all times, it's actually something the Android OS is doing. In order to keep the passphrase cached, it is necessary to mark the service holding it in memory as "unkillable." Whenever you do this, the Android OS displays a notification icon so that the user is aware something is still running in the background.

The best we could do would be to display a transparent icon, but this would still take up the same amount of space in the notification bar.

13. How can I uninstall WhisperCore?

WhisperSystems does not provide an uninstall feature at this time. However, you can manually uninstall WhisperCore by flashing your original system images onto the device. While Whisper Systems cannot provide support for this process, instructions for performing the procedure are available elsewhere on the internet.

14. Is it possible to install WhisperCore on an unsupported device? I tried installing WhisperCore on an unsupported device and it didn't work, now what do I do?

WhisperCore replaces the stock Android OS on your device, and will only function on the specific devices we currently support. Attempting to install WhisperCore on an unsupported device will require you to reflash your original system image manually. Commercial clients interested in deploying WhisperCore on a specific unsupported device should contact WhisperSystems for more information.