Many companies work with sensitive and confidential data all the time. Important documents, discussions of ongoing projects or employee personal data - all of this can be leaked if a company is using a run-of-the-mill chat app. Leaked data can tarnish a company's reputation and result in multi-million fines due to NDAs. While some companies hope that their data stays secure within the chat app they are currently using, others take a different approach to their data security.
Our client works on the development of an encrypted messenger for internal use. The messenger allows employees to exchange information without the fear of it being shared with a third party. The client has already implemented an Android app for secure messaging, but turned to us to help with other platforms. Our task was to create an iOS-based version of the app which would mirror the functionality of an already existing Android app.
The development of an iOS encrypted app posed its challenges right away.
Designing a separate iOS-bases app would have required more time and resources, so we had to develop an app that would mirror the functionality and design of an Android version. We had to adapt Android UI elements that are not native to iOS.
The Android app was continually updating and developing during the development of an iOS version which interfered with the development process and sometimes would cause compatibility issues. Moreover, our team had to continuously evaluate how much resources would the implementation of additional functions take.
Web and Android app utilised Bouncycastle - a ready-made solution - for data encryption. Bouncycastle encrypt data using multiple algorithms and outputs an encrypted message. There’s no such solution for iOS, and existing tools allow to encrypt data with only one of the algorithms at a time.
The final app fully mirrored the functionality of the Android version while implementing data encryption completely differently.
To implement the generation of RSA keys, which is done out-of-the-box on Android, we have combined multiple libraries along with developing a custom formatting module which transforms the key signatures into those required by Android.
We have also implemented secure push notifications. The notification itself does not contain the received message, but directions on how to find the message in a chat locally. The module replaces the notification received from the server with a secure push notification.
Using SwiftUI was one of the requirements of this project. However, the framework is still very young and does not include several UIKit components which we have a lot of experience with. For example, SwiftUI did not include ImagePicker which allows the user to open an image gallery and attach images to a message. As it is an important function of any messenger app, we had to create workarounds and custom solutions.
The full app functionality is as follows: