There’s an old programming joke that goes, “ROT13 is my encryption algorithm.” In case that doesn’t leave you doubling over in laughter, I’ll explain. ROT13 is a schoolkid-level encoding cipher that obfuscates text by rotating each character 13 places in the alphabet, looping back around if necessary: A becomes N, B becomes O, hello becomes uryyb, and stupid becomes fghcvq. Using ROT13 as your encryption algorithm is very fghcvq. While it’s good for hiding spoilers and quiz answers from accidental eyes, ROT13 is about the weakest cryptographic algorithm imaginable.
The joke now has a new subject, and it’s NQ Mobile Vault, the popular and highly rated mobile encryption app for iOS and Android. NQ Mobile Vault lets you pick a private passcode and securely encrypt pictures, texts, and any other incriminating material from the eyes of anyone who happens to look through your phone or device. Worried that your hacker girlfriend is checking up on your doings? Fear no more! You can only get at the sensitive material if you know the passcode. Except it turns out there’s another way, if you know how to pull the “encrypted” files off of the device and trivially decrypt them. NQ Vault does not quite use ROT13, but as a hacker going by NinjaDoge24 discovered this weekend, it uses something just as simple: 8-bit XOR. (I “cracked” a few of Vault’s supposedly encrypted files on Android to confirm NinjaDoge24’s account: It’s all true.) Instead of rotating through the alphabet to crack it, you take the numerical ASCII code of each character and encode it by performing a bitwise XOR operation against it with a constant “key,” transforming each character into a new one. ExtremeTech’s Joel Hruska has a good walk-through of the details of exactly how XOR (which stands for exclusive-or, meaning “one or the other but not both”) works.
NQ Mobile Vault is a respected app. It made it onto PC Magazine’s Best Apps list. It claims more than 30 million users and a half-million ratings on the Google Play store, with a sterling average of 4.4 out of 5. “Keep your pictures, videos, SMS, contacts, even Facebook messages private,” Vault promises. “Protect your apps with a password or camouflage them for maximum privacy.” Sounds great, doesn’t it? So great that you might be tempted to spend money on NQ’s in-app purchases to secure more of your data, or upgrade to the premium version with cloud storage backup. NQ’s website boasts about its partnerships with Motorola, Nokia, HTC, Samsung, and others. So it’s understandable that you might not ask a question that, it turns out, has a very surprising answer: What if NQ is lying through its teeth? Now we should be raising another, even scarier question: How can you trust what anyone says about the safety of their software?
But first, NQ Vault. How insufficient is it? One standard encryption algorithm used for SSL and Wi-Fi is AES-256, which uses a 256-bit encryption key, meaning a cracker has to find the correct key out of 2256 possibilities, a huge number. Let’s compare the number of possible keys for AES-256 with NQ Vault’s XOR-8:
NQ Vault: 255
That should give you some idea of why NQ Vault is the ROT13 of encryption apps. It gets worse: NQ Vault only bothers “encrypting” the first 128 bytes of each file, leaving the rest untouched. So when Carlos Danger’s wife gets suspicious and searches his phone files, she doesn’t even need to figure out what’s going on with the beginning of the file because most of the data is there in its raw form anyway. This is insult to injury for Carlos, but it also makes you wonder if NQ Vault is simply having us on. It’s not as if decent encryption is hard to implement: Standard, open-source libraries are available. Right here on Slate, Charles Duan showed how to use Java’s AES library to fix Verizon’s supercookie vulnerability in four lines of code. What on Earth happened?
I can’t really speculate as to why NQ decided to throw in the towel on its encryption story. NQ Mobile has had something of a checkered history. After research firm Muddy Waters discovered that the majority of NQ’s revenue didn’t exist, it described NQ’s management as “sloppy, to the point of being comical, fraudsters.” Now we know NQ has the programmers to match. I suppose it’s possible that there was some nefarious motive to using incompetent encryption, but one would have expected them to do a better job of appearing secure in that case. This just looks brazenly incompetent, bringing back not-too-distant memories of Lenovo partner Superfish’s disastrous security breach—though even that incident evinced more programming skill than NQ did here.
CNet, PC Magazine, and tens of thousands of customers gave high marks to NQ Vault without anyone figuring out that the fundamental purpose of the application was broken. On the one hand, one would hope tech sites would verify the security claims of an app; on the other, it’s a bit much to expect tech writers to perform security audits of the software they review. The larger problem is that there is simply no easy transparency around the functionality of applications beyond them appearing to do what they claim to do. Security engineer and Threat Stack co-founder Jen Andre put it bluntly in her write-up: “For consumer applications, there is no security transparency. Until companies are brave enough (or shamed, or compelled by the market) to reveal the details of their real security posture, trust is simply a matter of reputation, or convenience. It’s just a calculated risk you take based on a brand name.”
NQ has a reasonably professional-looking website (better than many mobile apps’, anyway), uses the right corporate-speak, and appears to be a respectable business. It even went to the trouble of getting TRUSTE privacy certification, which has nothing to do with security but sure sounds like it does. It doesn’t look like a con job, which, I suppose, is what good con jobs do—they sucker you into believing them and buying more of their garbage. It’s just that in this case it really wouldn’t have been very much trouble at all to do it right. It’s kind of like a locksmith changing your locks but using latches instead of deadbolts. Why would you do that?
And then there’s the bigger problem: The vast majority of consumers are in no way equipped to assess the claims of software makers; instead, as Andre puts it, they simply rely on a brand’s reputation. In the desktop era, the overhead of boxed software acted as a filter on the ability for random garbage to get on our computers; downloading random apps on the Internet felt risky. But mobile marketplaces like Google Play and the App Store have significantly lowered the bar to entry, and short of blatant fraud and inappropriate content, Google and Apple do little to audit the apps that appear on their sites for easy purchase. NQ Mobile Vault may be an extreme case, but it’s hardly alone. ExtremeTech reported that free Android anti-virus apps “are simply not worth your time,” providing Swiss cheese–like security, and some free apps like the Despicable Me game casually mine your personal data. Popularity and professionalism only loosely correlate with quality; they don’t ensure it. Unfortunately, the responsibility for ensuring it currently lies only with consumers, who reasonably lack the expertise to make those judgments.
As a result, a bunch more examples like NQ Vault are probably out there, though of what form it’s difficult to say. Will Google (whom I used to work for) and Apple strengthen their regulation of their app stores, even though it will anger well-meaning and competent app developers? Will reviewers become more rigorous? Will consumers become more skeptical? My colleague Lily Newman recently pointed out that we’ve reached no consensus on who should be responsible. Until we decide, there are two lessons to learn from NQ Vault: Don’t trust mobile apps, and don’t date hackers.