Leave a comment

Don't trust this one security app

Don't trust this one security app
photo courtesy of shutterstock

The NQ Mobile Vault security app received rave reviews in the past, but now it has been exposed as a fraud. It turns out the app is using weak encryption and leaving your data exposed, and it might not be alone. Is this app an outlier or are there more security pretenders out there leaving your information at risk?

NQ Mobile Vault claims to use encryption to provide "maximum privacy" for pictures, videos, texts, Facebook messages and other data on your phone. It has rating of 4.4 on the Google Play store and over 30 million users. There's only one problem. It's not actually that secure.

The app uses a form of encryption called 8-bit XOR that, on its own, is easy to crack. Just take a look at it compared to the much stronger AES-256 encryption that is used for SSL, online banking transactions, Wi-Fi and many other purposes.

Let’s compare the number of possible keys for AES-256 with NQ Vault’s XOR-8:

AES-256: 11,580,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,
000,000,000,000,000,000

NQ Vault: 255

If NQ Mobile Vault was misrepresenting its security features, how many other apps out there are doing the same thing? This is an important question to ask, especially since many people rely on these apps to keep our gadgets safe.

The sad thing is, right now there's little regular customers can do to verify an app's security claims. They're left to rely on a brand's reputation and reviews from tech professionals. But, these reviews don't always go far enough, which lets apps like NQ Mobile Vault slip through the cracks.

App stores like Google Play and iTunes already vet apps to protect customers from malware and inappropriate content. Now, they need to do a better job making sure apps actually deliver the services they promise.

Next Story
Source: Slate
View Comments ()
See what's new in the latest big Mac update
Previous Happening Now

See what's new in the latest big Mac update

FBI: Beware ISIS takeovers of your website
Next Happening Now

FBI: Beware ISIS takeovers of your website