|France has pushed through with its promise to launch a secure messaging application exclusive to the government but the outcome is not as good as expected / Photo by: nun0_lopes via Pixabay|
France has pushed through with its promise to launch a secure messaging application exclusive to the government, although the app almost didn't meet the anticipated outcome.
Jon Fingas of engadget.com reported that the country introduced a beta version of the Tchap, a chat app that aids officials to communicate with one another via Android, iOS, and the web. It’s also been reported that the application has greater security compared to off-the-shelf apps.
The app ensures the privacy of conservations among the officials as messages are encrypted on each end. It is also equipped with antivirus software that filters all attachments, and all data are domestically stored.
One would only need a French government email address to sign up and log in on the app, the Engadget article stated, adding that this is where the security issue came up.
According to the tech news site, security researcher Elliot Alderson (also known as Baptiste Robert) found that Tchap's email address confirmation was not as firm as it should have been.
Anderson was able to sign up on the app by simply attaching the presidential palace address (@elysee.fr) to the end of the email address he was going to use. The system then sent a validation email to Anderson's actual account, Fingas wrote.
He added that once Anderson’s email was validated, the security researcher was able to access public chats and, theoretically, initiate conversations with government workers.
However, this security issue will not be a concern moving forward. Anderson connected with the French government as well as Matrix, the team that developed the open source Riot software at the core of Tchap.
Matrix amended the issue prior to the launch, which prevented the French government from facing a possibly embarrassing situation.
DINSIC, the digital agency of the French government, ensured that the messaging app will undergo "continuous improvement" in terms of both security and functionality. The agency saw the last-minute fix as a demonstration of that strategy, which prompted it to plan for a bug bounty program to reward security experts.
Many government officials may not immediately move their discussions to the new app in the near future. Regardless, the app is an innovation over the general apps that the officials have been using, like Telegram. It will also serve as a tool that will lower the chances of unwanted intruders to conduct espionage on government officials.