This is what zero-trust security looks like
We approach security assuming the worst—that your device has been hacked and your connection isn’t secure—then we neutralize those threats. Our zero-trust security model means giving you the best protection on the device, the application, and the connection.
The entire SKY ECC platform is built to do one thing—protect your messages and your privacy. Secure containers, always-on encrypted connections, protected devices—together we employ multiple layers of security to ensure what is private, stays private.
Concentric layers of protection for real security
Concentric layers of protection for real security. You can’t say your app is secure unless you protect what goes on outside of it. When we developed SKY ECC we saw three important parts of creating a secure communications solution:
- The device and operating system
- The connection and communications
- The application itself
Most secure communications apps only look at the third part. It’s extra work to worry about the security of someone’s device. It’s extra work to secure communications between the device and server.
But it’s that extra mile that sets SKY ECC apart from the rest to ensure that your information remains private and confidential.
Hardware and operating system protections
Hardware protections: We only install SKY ECC on devices with built-in tamper resistant chips.
OS protections: Leveraging on-chip protections, we use all security options available from the mobile OS including kernel and rollback protection.
Mobile Device Management: SKY ECC devices are managed devices so features can be locked down and SKY ECC installed into a protected container.
Connections and communications
Secure data network: We use SIM-based protections to connect to our global network of secure servers.
Secure connections: We create a secure tunnel for all network communications. If the connection isn’t secure, SKY ECC prevents you from logging in.
Secure environment checks: If the connection or device isn’t secure, or the device has been compromised, you can’t log into SKY ECC.
Brute force protection: We limit password attempts, introduce CAPTCHAs after failed logins, and trigger the app to erase all data if someone tries to force their way in.
Password protections: There are separate passwords for the messages and saved Vault items.
Encrypted message headers and metadata: We prevent message metadata from compromising your security.
Push notification obfuscation: We scrub your data before it goes to Apple or Google’s push notification servers.
Chat and file encryption: We use 521 bit elliptic-curve Diffie-Hellman cryptography to protect your messages and files stored in the Vault. We can’t, under any circumstances, read your messages or data.
Chat designed for privacy
Protections that go beyond encrypting messages.
You expect a secure chat app to have one on one and group conversations. You expect always-on encryption. You expect we can’t read your messages. You expect we don’t store messages—or any data—on our servers. If you can save files, they should be stored securely. These are the basics.
SKY ECC goes beyond the basics. SKY ECC has self-destructing messages, flash messages that expire in 30 seconds, secure audio messages, stealth mode, emergency password, and message privacy controls built in. Your messages are 100% private, we can’t read your messages under any circumstance. We encrypt your metadata in transit. We don’t store data on our servers. Our number one priority is your security and privacy. Period.
All of these features are in a modern interface that’s easy to use from day one. SKY ECC is powerful secure messaging in a zero-learning curve package.
Trusted, Private Contacts
You manage your own contact list, not a directory server. Add, approve, and reject contacts to build your private network.
Security is based on trust. Your SKY ECC ID is randomly generated and only you know it. Your ECC ID can’t be discovered through the app—you have to give it to someone or share it through a mutually trusted contact. Before someone can chat with you, you have to approve their contact request. If someone breaks that trust, you can delete and block that contact.Your SKY ECC contacts are a trusted group of people because you’re in control of your contact list—not us.
Installed on Tamper-resistant Hardware
We protect the device to protect the app.
We use devices with tamper-resistant hardware and OS-level protections built-in, then we apply device management policies to lock down features that could compromise your security or privacy. The devices we choose not only have to have tamper-resistant chips, but also come from manufacturers with a proven record of not weakening protections with backdoors.
Only when the device is secure is SKY ECC installed within a protected container on the device.
Security at Scale
A network of servers around the world making sure SKY ECC works wherever you are.
SKY ECC runs on a secure, distributed global network so you can chat in privacy wherever you are. Sky uses SIMs from global carriers so you have data access around the world to work where you work.
Our SIMs connect through a private tunnel to our servers to prevent eavesdropping at any level. Wi-Fi connections are secured immediately, no gaps. SKY ECC prevents you from logging into the app if the connection is insecure. From the first packet to the message itself—your connection and data are secure and encrypted