Popular Android Package Uses Just XOR -- and That's Not the Worst Part

siddesu writes A popular "encryption" package for Android that even charges a yearly subscription fee of $8 actually does nothing more than give a false sense of security to its users. Not only is the app using a worthless encryption method, it also uses weak keys and "encrypts" only a small portion of the files. One wonders how much snake oil flows through the app stores, from "battery savers" to "antivirus." What is the most worthless app purchase you made? Did you ask for a refund?

Web sites

[danbob999]

CTIA - "The Best App of CTIA by the Techlicious 2012 Best of CTIA Awards"
PC Magazine - "PC Magazine Best Apps"
TRUSTe - Received "TRUSTe Privacy Seal"
Global Mobile Internet Conference App Space - "A top 50 app"

Thanks, I will take a note to never trust these web site reviews.

Re:Web sites

[Darinbob]

People will gladly give good reviews to things they haven't even tried out yet. And even if they tried it they probably have no clue how to validate its effectiveness. It's the yelp effect, let someone give a review and they'll jump on board and proclaim "best broccoli beef ever".

Re:The big advantage of XOR

[hcs_$reboot]

If the key is as long as the message, XOR is not that weak.

Re:DMCA

you are modded funny, but the sad thing is your post is actually informative.

Re:XOR is useless

[Jane+Q.+Public]

XOR is much much faster than your run-of-the-mill encryption algorithm.

OP and TFA are very misleading. XOR is not a "worthless" encryption method in itself... it all depends on how it is used.

For example, if used with a good quality key in a one-time pad, it is one of the few encryption methods that is even theoretically unbreakable.

But it does require a well-constructed key, and as with any one-time-pad scheme, key management is everything.