How Secure is Zangi? A Full Guide
What encryption does Zangi use? Is my data protected? Does it protect against eavesdropping? Why should I trust Zangi?
Here is a full guide on Zangi Secure Messaging app ‘s security measures and their thoughts on privacy.
Zangi’s Thoughts on Privacy
At Zangi, privacy is one of our core values. We think that the three most important components of privacy should be :
1) protecting your private conversations from snooping third parties, such as officials, employers, etc.
2) protecting your personal data from third parties, such as marketers, advertisers, etc.
3) protecting data not only in the present but also always considering future tech advancements.
We’ve taken all these security measures to protect your privacy and give you control over your information. It’s not always easy, but that’s what we believe in.
Zangi Secure Messaging App: How To Score Us
To be completely unbiased while scoring the security of Zangi, we’ve listed all the security measures a messenger can have, and described how Zangi relates to each. Does it comply, does it not, or does it have a better solution?
#1: Encryption
Definition: In technical terms, it’s the process of converting plaintext to ciphertext. In simpler terms, encryption takes readable data and alters it so that it appears random. Types: The three major encryption types are DES, AES, and RSA.
DES encryption was accepted as a standard of encryption in the 1970s, DES encryption is no longer considered to be safe on its own. A more modern 3DES is a version of block cipher used today. Instead of using a single 56-bit key, sDES uses three separate 56-bit keys for triple protection. The drawback to 3DES is that it takes longer to encrypt data. Also, the shorter block lengths are encrypted three times, but they can still be hacked. Banks and businesses still rely on it at this point in time, but newer forms may soon phase out this version. You probably won’t use DES or even 3DES on your own today.
AES encryption is one of the most secure encryption types, Advanced Encryption Standard (AES) is used by governments and security organizations as well as everyday businesses for classified communications. AES uses “symmetric” key encryption. Someone on the receiving end of the data will need a key to decode it.AES differs from other encryption types in that it encrypts data in a single block, instead of as individual bits of data. It works in so many applications, and it’s still the most widely accepted and secure encryption method for the price.
RSA Encryption is another popular encryption standard, it is widely used for data sent online and relies on a public key to encrypt the data. Those on the receiving end of the data will have their own private key to decode the messages. It’s proven to be a secure way to send information between people who may not know each other and want to communicate without compromising their personal or sensitive data.
Problems: Some encryption is more easily hacked than others. While some companies or individuals choose encryption type according to standards dictated by legal or industrial regulations, others may simply choose their type based on personal preference, which isn’t always the strongest. Also, only one type of encryption isn’t enough. Since a message travels a long way — rest, transit– it needs to be encrypted through the whole process — any point-of-weakness can become fatal.
Zangi Score: 
Zangi Secure Messaging app uses not one, but multi-level encryption, securing the entire journey of your content and metadata, from start to finish, at rest and during transit. — RSA-2048 and AES-GCM for client-server data transport encryption — Advanced Encryption Standard (AES-256) for symmetric encryption — Elliptic Curve (Curve25519) cryptography for authentication — Elliptic Curve Diffie-Hellman (ECDH) for key agreement — Secure Hash Algorithm (HMAC-SHA256) for message digest — Customized TLS/Noise for encrypting the transport layer
#2: Encryption by Default
Definition: Encryption by default is when you don’t have to enable a special mode to have encryption. On the flip side, “Secret Chats” means that messages aren’t encrypted by default–you have to manually start a secret conversation in order to use encryption.
Problem: Instagram, Skype, Slack, and Snapchat don’t offer end-to-end encryption at all. Other messengers claim that they are encrypted, but they often don’t mention the fact that you have to manually enable a special “secret chat” or “secret conversation” for each user to have your chat encrypted. [Facebook Messenger, Telegram, Viber] Other problems include that if the chat partner is using an older update, you may not be able to use encryption with them. Also “Secret Chats” often do not work with group chats because it’s a device-to-device system. In addition “Secret Chat” usually doesn’t work with video, voice calling.
Why do some messengers not encrypt by default and have “Secret Chat” modes? Because they’re counting on people to be uninformed, lazy or not paying attention enough to turn on this extra mode. And when users don’t turn on this extra preference, these companies can easily continue to collect data from their users. These companies don’t want you to notice!
Zangi Score:
Given the enormous number of leaks over the last few years that indicate practically everyone is eavesdropping on our digital communications, encryption by default is very important on an everyday basis. With Zangi Secure Messaging App, encryption algorithms works transparently in the background and don’t need to be activated — they are always on.
#3: End-to-end Encryption
Definition: End-to-end encryption (E2EE), which is a very popular term among messengers, is a method of secure communication that prevents third-parties from accessing data while it’s transferred from one end system or device to another. In E2EE, the data is encrypted on the sender’s system or device and only the recipient is able to decrypt it. Nobody in between, can read it or tamper with it. If a messenger uses the term “End-to-end encryption” instead of only “encryption” take that as a big plus.
Problems: All of the above carry the HUGE caveat of implementation. For example, a communication might be encrypted by keys held only by the two endpoints, but (without the user’s knowledge) also encrypted with a key held by the provider. A third party observing the line will not be able to read the messages as they don’t have any of the keys. However, the user loses their privacy to the messaging provider. [Apple, iMessage]
Zangi Score:
With Zangi Secure Messaging app, encryption keys exist only on user devices and nowhere else (encryption algorithms: AES-256, Curve25519, ECDH, HMAC-SHA256). Content is encrypted locally on user devices and is only accessible to intended recipients. Zangi never has the decryption keys.
#4: Zero-knowledge/ No backdoors
Problems: In times of urgency, the government has always required access from messengers and SMS services for needed information, even when messengers claimed they do not have an entry. And as experience has shown, almost all messengers were able to open a backdoor in times of emergency or there was some way into the system. They intentionally leave flaws, just in case.
Zangi Score:
Unlike other providers, Zangi does not create intentional flaws in its cryptosystem to bypass encryption. Even in the case of a breach or if government officials ask them for info, Zangi servers have no user communications – they are undecipherable in transit and deleted upon delivery.
DECENTRALIZATION: Zangi Secure Messaging App is the first to work based on a decentralized model, which means there are no central servers that can be attacked, shut down, or forced to turn over data — Zangi’s network is only made up of its users. The philosophy of a decentralized messenger is to make it impossible for any third party to access any users’ personal data, thus nothing is stored on the cloud. And furthermore, the system reduces the risk of catastrophic failure and any kind of dependency on centralization.
#5: No profiling, Data Protection
Definition: Data profiling is the process of reviewing source data, understanding structure, content and interrelationships, and identifying the potential for data projects. Many apps like Amazon, Uber, and Starbucks openly collect data from users to better analyze their markets. But in the world of messaging, we put out so much more personal info and intimate conversations, that no user agrees for their data to be collected.
Problems: Facebook, WhatsApp time and time again, with the yearly data breaches have shown that it’s dangerous to trust Facebook with our data. And while Facebook says it can’t access messages sent over WhatsApp and doesn’t have access to messages sent via Facebook Messenger, the company does mine your usage of those apps for other data, like how often you talk to someone and whose phone numbers you have stored in your smartphone’s address book. The biggest problem here is the denial of data collection, and then the “surprise” data breaches that follow.
Zangi Score:
Zangi, taking into account the importance of protecting personal space, has created a cloud-free and serverless space for users. Zangi secure messaging app does not sell analytics or usage data to anyone because they do not have anything! Zangi does not do big data, does not leave traces on the internet because it works without storing anything on any servers.
#6: Data and Servers
Definition: When you send a message to your friend it travels from your IM client to the IM server to which you’re connected. The message then travels directly to the receiver and a window pops up on his/her machine. As you continue your conversation the messages go back and forth between the clients and servers with very little delay.
Problems: When the message passes through a third-party server, it is copied there, and the copy of the message gets sent to the receiver, while a copy stays in the server. Some messengers claim that everything on the servers is in encrypted form, so it is still secure, but in such a fast-changing digital environment, they defiantly also have to consider the future and all the advancements that are coming with it. Decrypting such contact may not be possible today, but it might as well be possible tomorrow.
Zangi Score:
Zangi Secure Messaging App that has created security strong enough to protect users in the PRESENT and the FUTURE.
Because Zangi secure messaging app doesn’t store anything on any servers even in encrypted form (the entire information is only kept on the user’s device. ), that ensures that even when technology advancements become smart enough to decrypt data or break into servers, Zangi users will have nothing to worry about. Zangi has implemented a peer-to-peer technology, which makes sending private information truly private. Nothing is stored on any servers, ever.
#7: No advertising
Definition: In-app advertising is an effective monetization strategy for mobile publishers, in which app developers get paid to serve advertisements within their mobile app. With sophisticated data tracking and user targeting, the in-app environment also allows advertisers to reach consumers with pinpoint accuracy.
Problems: Ads mean data collection and ruining the user experience. Advertising is only getting more pervasive, obnoxious, and intrusive, that’s the internet speaking.
Zangi Score:
No ads, no banners, no popups, no takeovers, there’s none of that. Zangi is ad-free, and will always stay that way. Zangi secure messaging app does not sell analytics or usage data to anyone because they do not have anything! Zangi does not do big data, does not leave traces on the internet because it works without storing anything on any servers. The company is fully funded by corporate customers, and not dependent on any other means of funding.
#8: No phone number required
Definition: To register for an account, messaging apps ask for a phone number, email address, or username. This information is asked to differentiate each user, to verify each user’s account uniquely and for contact synchronization to work. But as messaging apps are moving towards more secrecy, users are asking for more anonymous registration options and they don’t want to provide their true identity or phone numbers anymore.
Problems: Not asking for a phone number means the app won’t have this information about you, but it also will make finding existing contacts that use that messaging app more difficult. You’ll have to add each contact manually one by one. In reality, switching away from phone numbers doesn’t give the app more security, it’s simply a way of more anonymity.
Zangi Score:
Zangi registration both has the phone number or email option to register and verify your account, but is slowly shifting more towards email than phone number. For user convenience, both options are still open, since many users still prefer phone number registration for easy access to their contacts. But the best middle ground we found is email registration, which is basically a unique username that you can share with others to connect with them. When you register with email, providing your phone number is not required.
#9: No address book access
Definition: No address book access is when the app never asks the user to integrate their contact lists form their phones.
Problems: No address book access means a harder user experience, where it’s way harder to find contacts, and you have to add everyone manually.
Zangi Score:
When using Zangi we ask for permission to your contact list because Zangi syncs with your phone contacts to provide you with a contact list on Zangi, making it easier for you to message friends and family quickly. This does not mean we are collecting this data. We have no access to any of your data. And Zangi users don’t have access to your address book information unless you share a contact using the Contact feature in a chat.
#10: Open Source
Definition: Software with open source is when the source code is made freely available and may be redistributed and modified. Those who choose to go open source do so so that security researchers can have to peek at the code and can publicly review it.
Problems: Some “open source” messaging apps [ex Telegram] claim that they’re open source but in reality, many important source codes are not shown or skipped. They close these codes to resist code stealing and/or to hide insecurities.
Zangi Score: 
Zangi Secure Messaging app is not open source, the reason being that our main and single income source is selling our platforms to businesses. We’ve spent years building a unique technology: Streaming Control Protocol (SCP) which has made us the lowest bandwidth usage messenger. Other advantages include smart Internet channel for 3X faster data transmission, fast and smart recovery for lost packages, Internet Channel Quality-Adaptive system, and a fully codec-independent platform. That’s why we choose to not show our technologies and code publicly. If you’re really interested in our technologies, you can buy the source code at a business price, after you sign non-disclosure agreements.
#11: Self-Destructing Messages
Definition:Self-destructing messaging, also known as ephemeral messaging, is when all messages are purposely short-lived. The messaging system automatically erases the content minutes or seconds after the message is consumed. Or with some secure messaging app s[Wickr] you can control how long a message remains accessible to the recipient or completely delete all your messages from the entire system at any time.
Problems: Self-destructing messages don’t always mean that these apps are secure [Snapchat] or are even encrypted. As stated above, a lot of messengers still save conversations on their servers. This is more of a great feature, not fully a marker of strong security.
Zangi Score:
With the Zangi Secure Messaging app you can delete messages from your side or both sides, but self-destructing messages is not a feature we have at the moment. We are working on it though and are planning to add this in the near future. Also note: that not having this feature does not lessen our strong encryption and serverless system.
#12: Secure Calling
Definition: End-to-End Encryption is the industry term for encrypted cell phone communication being encrypted directly between two mobile devices. This should be first and foremost in any secure calling app comparison. Don’t be fooled by any app or service that doesn’t say end-to-end encryption.
Problems: A lot of people see “encrypted calling” and think these apps are protected end-to-end, but they are only encrypted from their device to the provider’s server. Always read the fine print when choosing a secure calling app. In a normal VoIP call that is “encrypted,” your call is encrypted to the providers VoIP server via TLS. Then the call is decrypted and runs through the VoIP server unprotected. Your call may or may not be re-encrypted on its way back to the other person on the call. Why is this important? Anyone who has access to that phone server can hear or record your call, including the VoIP provider, mobile phone carrier, governments or hackers.
In fact, our research shows there are a good number of apps that say “end-to-end encryption” but they don’t mean device to device. They mean your device to their server, then your call is unencrypted on their server where they can listen or record your call.
True End-to-End Encryption: True encrypted calls will exchange the encryption keys directly between user devices. The server is only there to route the calls across the Internet and through NAT’ed firewalls. Since the keys are generated on the users’ devices and only the public keys are shared with the other user, the provider or anyone listening in the middle can’t hear what you are saying, let alone record it.
Zangi Score:
Zangi Secure Messaging App is a peer-to-peer (from one device two another), end-to-end encrypted app, encrypting whether 1:1 calls, or group calls. Middleman listening is impossible.
Please visit Zangi Secure Messaging App ‘s Terms of Service and Privacy Policy for more information.
