Key Considerations for a secure text messaging app for Smartphones
I have been involved in security and communication for long enough to recognize some inherent challenges associated with a secure text messaging app for smartphones. Let me start off with the three primary considerations – reliable, timely delivery, security, and usability. Reliability and timely delivery of message delivery are the most important of all. I apologize for the technical nature of the blog in advance.
Cloud Based Encrypted & Secure Messaging
Secure text messaging could be based on client/server, peer-to-peer or a hybrid model. In a typical client-server model, all the messages are stored on a central server and delivered to the customer directly through a PUSH notification if the app on the device is in the background. A peer-to-peer model completely bypasses any server, and the messages are delivered directly from sender to receiver. Client/Server model is best suited for desktop application where the bandwidth and power are ample however has many issues when it comes to smartphones. Peer-to-peer scales better and is more real-time, however; it is the less reliable way of delivering messages due to firewall and loss of connectivity between sender and receiver.
On a smartphone, the app lays dormant in the background for most of the time. Both Apple iOS and Google Android platforms suspend the app, and the connections between client and server are lost. When someone sends a message to the app in the background, typically there is no way to deliver the app other than using the PUSH notification from Apple or Cloud information from Android. Both Apple and Google have a disclaimer that PUSH notifications should not be used for real-time communications and not guaranteed to be delivered. The model I think better suited is peer to peer delivery of messages between sender and receiver combined with cloud-based routing and buffering of the messages.
Beautifully Designed Messaging App that Encrypts
There are pros and cons to storing messages locally on the device. The main drawback is the risk of messages getting in the hands of other people. However, I think, the pros outweigh the cons for a well-designed application. Smartphones are notorious for losing the connectivity momentarily particularly in a healthcare setting. If the app is contacting the server to fetch the messages every time the user opens the app, not only one may not see the messages or may have to wait too long to see the messages, just like browsing the web on the mobile, but also the battery will drain faster. Storage access is lot cheaper any day than network and server access, particularly true for mobile apps.
To protect the messages stored on the device, a well-designed app encrypts all messages on the device so that if someone yanks the stored messages from the device through USB or some other means, those would not be readable. The app would also provide tools to lock the application remotely if the user misplaces the device so that unauthorized users cannot access the application and see the messages.
Usability, in the end, trumps everything. If the secure messaging is hard to use, physicians will switch back to SMS.