• General

  • Why isn't Biocoded open source?

    Biocoded source code, security protocols and implementations are audited by independent security agencies. Open source is not a guarantee or even an indicator of security. For sensitive governmental and corporate use, open source solutions are often dismissed outright.

  • Security

  • What if my phone gets stolen?

    You or your administrator can remotely deny access and wipe data of Biocoded app. Biocoded employs a distributed encryption key for all device data. Half of the key is stored within the device, the other half is on Biocoded server. Both the Biocoded server and the device itself are required to access data. Neither can do it in isolation.

  • If my device gets cloned, is my data accessible on the cloned device?

    In case of device cloning all Biocoded data will undecryptable.

  • How does Biocoded end-to-end encryption work?

    Biocoded encryption is based on a double ratchet protocol. When a new device is connected to Biocoded server, it will send a batch of public keys to it. When the device connects to another device for the first time, one of these keys will be used to establish the initial communication channel. Double ratchet protocol ensures that new encryption keys are continuously derived anew and never reused. A communication channel is a unique point-to-point connection between two devices.

  • How are voice calls encrypted?

    Two devices perform Elliptic curve Diffie–Hellman (curve25519) key exchange over an established end-to-end encryption channel. They then calculate the symmetric encryption and rehash keys for voice data. The symmetric encryption key is constantly derived anew and it is never stored.

  • Does Biocoded use SIP?

    No. SIP is overly complex, completely insecure, unscalable and unsuitable for mobile data networks.

  • Privacy

  • Can anyone contact me on Biocoded?

    Biocoded public cloud has private mode turned on by default. This means every user must confirm they actually wish to connect to another user. When users are connected, there is a secure channel established between them. For enterprise on-premises or cloud installations this is configurable for all their users.

  • What information does the Biocoded server store?

    Biocoded servers job is to connect and send messages between devices. It enforces privacy rules and it helps with establishing secure channels between devices. It acts as a conduit for communication, but it is unable to decrypt any of it. For every user Biocoded server stores:

    • Address book of connected contacts (Biocoded ID's).
    • Hashed and salted password with a unique salt for every user.
    • Biocoded id.
    • Privacy mode setting.
    • All connected phone numbers and e-mail addresses.
    • Queue of messages that have to be delivered.
    • Per device session identifier.
    • Per device signature public key.
    • Per device server side public and private keys for signatures.
    • Per device signaling data (stun/turn).
    • Per device name.
    • Per device last seen time.
    • Per device type.
    • Per device token for push messaging.

  • What information gets sent to external push notification services?

    Google cloud messaging or Apple push notifications are used for device wakeup. It is a message that tells the device to check with Biocoded server. Self hosted Biocoded servers can send notifications to devices directly without using external services.

  • Can I send or receive private videos, audio or pictures?

    Biocoded messaging has an integrated device camera and audio recorder. You can take a picture, video or audio recording within Biocoded and send it to another user. This file will never leave the Biocoded secure environment and will not be visible to other apps.

  • Can I send files to other users?

    Yes you can securely send files from your device to any contact.

  • How do I send very sensitive data?

    We recommend using time limited self-destructing messages.