128-bit SSL

You asked, we listened. We’ve built-in 128-bit SSL Encryption into the next update for hike. The update was submitted to the App Store today and 128-bit SSL Encryption will be available on iOS and Android early next year. We’ll send out another note when the apps are available.

128-bit SSL encryption will be available only on Wi-Fi.

You will now be able to use hike on all open Wi-Fi access points (WLAN) knowing that your messages are secure.

At hike, we take privacy and security very seriously and this is a big step towards making hike a more secure and stable product loved by our users.

Note: SSL support isn’t built into the Windows Phone 7 SDK. It’s available natively in the new Windows Phone 8 (WP8) SDK. Once we port our app to use the new WP8 SDK, SSL will be available on Windows Phone to.

I build stuff. Creator @hikeapp. Lead Product @bsbupdates
  • http://twitter.com/theiNaD Daniel

    Why not on mobile internet? My WiFi is safe enough compared to the mobile broadband connection. But still nice that you listen to us users and implemented this new feature.

    • Marcel

      Maybe because “hacking” a 3G/4G-connection is much more expensive than sniffing an unencrypted Wi-Fi. And: SSL may cost battery life ;-)

      • paritoshsharma

        Marcel.. as always you’ve been awesome! Thanks for helping us better each day. We sure will keep you posted on what new comes up!

        Greetings from team hike this new year!

      • Eddy2909

        Hacking a 3g or 4g net will cost about 50€ and about 30minutes! There are lots of tuts for that.. so @hike please implement ssl not only on wifi! Dont mess with users trust..

        • Marcel

          Oups, didn’t know that :/ I always thought that 3G is save ^^

        • paritoshsharma

          Eddy, we have been transparent since beginning and sure here we are:

          SSL is more expensive than normal traffic on both the sender and receiver side. We evaluated the costs and benefits and felt that using SSL
          over wifi mitigates traffic risks to a very large extent.

          We fully understand that this doesn’t encrypt traffic over the mobile networks and that some users may be concerned about that.

          We are constantly investigating how we can improve the security of the product and your support sure is crucial, thanks!

          • khrawett

            For whom is SSL expensive? Why you don’t let the user to decide using SSL or not?! Just add that in the options…
            And the bettery life history is a good joke…

            Finally
            and honestly: If you really want to take a part from whatsapp’s users,
            you have to do a lot more! I just can’t convince my family, friends…
            to use an extra messaging app (and this cost really battery!) if there
            is no benefits. It’s not like suggesting a new browser… I just have to
            use the app used by my contacts. And for now, most poeple are using
            whatsapp.

          • paritoshsharma

            Khrawett, thanks for the comment. We would like to hear on this ‘battery’ issue from you? It seems your device battery is being drained. Can you send us the screenshot of the battery state with hike?

          • Devon

            Amen. Currently ZERO reason to use or even recommend Hike to anyone. God,… not even to a bum.

    • paritoshsharma

      Thanks for the feedback Daniel. Sure we have heard you and will keep you posted w.r.t the mobile internet.

      Greetings from team hike this new year!

  • http://twitter.com/hutattedonmyarm Max

    Hike is now oficially better than whatsapp :)
    Only landscape-mode for iOS still missing. (And maybe contact sharing)

    • paritoshsharma

      Thanks for being part of the awesomeness Max. Our users sure are making us better each day :)

      Landscape mode and much more is on its way! Will keep you posted :)

      Greetings from team hike this new year!

      • http://twitter.com/hutattedonmyarm Max

        :)
        Yes, I know, your incredingly fast support already promised that ;)

    • Devon

      Better? 99% functions missing. Sure… better.

      • http://twitter.com/hutattedonmyarm Max

        Which ones?

  • Waiting for action

    Why no download for android on youe homepage?

    • paritoshsharma

      Hi our home page: http://get.hike.in/ shows the active ‘android’ link in green color.

      • Waiting for action

        hahaha, I said download on your homepage.
        On android it can be downloaded and installed even outside the play-store.

        • paritoshsharma

          Sure we got the context of what you communicated wrong. Thanks for the edit!

  • http://twitter.com/Dahie Daniel S.

    To what extend applies the SSL-encryption? Is it only between the client and the connected server or is it end-to-end to the user you write to? If it’s only to the server, how are messages protected from screening within the Hike-server-network?

    • moe

      I guess it’s unfortunately only clientserver (as SSL suggests) and not end-to-end encryption since i’m still able to message with contacts having the recent update not installed yet. End-to-end would imply some kind of PKI, so either every user would require a certificate issued by a TC (e.g. VeriSign) or Hike would have to setup a PKI themselfs. Setting up a PKI themselfs without a PKI cert from a trusted vendor would again leave some space for compromittation of your messages. And trusted PKI certs are not that cheap and additionally require a lot of investement in bureaucracy and securtiy (since these certs are trusted worldwide). The only remaining option would be to use PGP-encryption with Hike acting as directory server. Which i personally would clearly favor. So IMHO there is no protection against message screening by now.

      • http://twitter.com/Dahie Daniel S.

        I agree with you, there is no simple solution. Cryptography done right is a mess and nothing you can simply apply to services that should be easy to use.

        I wouldn’t argue that other services don’t have end-to-end encryption either. After all we want to use hike, because it’s supposed to be different to other services and we are commenting here, because we have expectation on how this difference is supposed to look like. It’s not to say any wish is fulfilled, but at least we discussed it. :)

        What I wonder is, why OTR (off-the-record encryption protocol) never caught widespread usage for these things.

      • paritoshsharma

        Hi Daniel, Moe,

        Thanks for your comments.

        We fully understand that this doesn’t encrypt traffic over the mobile networks and that some users may be concerned about that. We are constantly investigating how we can improve the security of the product.

  • Marc

    First: A happy new year! (:

    Now: I’ve got problems using Hike on my Windows Phone 8, since Version 1.6.
    “System.InvalidOperationException: [...]” and then comes a lot more.

    After clicking “ok” at the very bottom of this message, hike starts as usual.
    A new installation doesn’t solve the problem.

    I’m looking forward to hearing from you soon!

    Greetings!
    Marc

    • paritoshsharma

      Hi Marc,

      Could you please send us your mobile number at hi@hike.in along with a possible screenshot of the issue. We will look into the solution quickly. Thanks!

  • http://hike.in/ Lee Keshav

    We do not store your data on our
    servers. In cases when delivery of content isn’t reliable due to network issues or otherwise, we may store the content for up to a day to guarantee delivery of such content.

    • Waiting for action

      See my link. Everyone from the internet can access it :-(
      Why is that stuff not encrypted or the file-access restricted to sender and receiver?
      Now it is free for all in the internet. Thats not nice, not even for one day.

      • Devon

        Similar when you use other apps. And I agree that is a no-go in 2013!

  • Devon

    SSL via WLAN only? How amusing. Also I love the “we never store your data” so you don’t save MY data if the receipient is offline? Sorry, but plain BS. I sure stick with WhatsApp.

    Hike had so much possibilities but is not trustworthy.

    * Not secure
    * Not open (just another closed network)

    • kavinbm

      Devon here is our response to an earlier comment:

      “We do not store your data on our servers. In cases when delivery of content isn’t reliable due to network issues or otherwise, we may store the content for up to a day to guarantee delivery of such content.”

      Our intention is not to store your data. Like any other messaging app, in cases where delivery is unreliable due we store data to ensure the message/photo etc goes through.

      • Devon

        Thanks. your answer is appreciated!

        Well I sure understand the “we have to save when the receipient is offline. Sure I understand but then you are not allowed to write “we don’t store your data” because it’s simply not true. In some countries you could be sued for this wrong statement.

        • kavinbm

          You can have a look at Information Collection section under our terms and conditions page at http://www.hike.in/terms.

  • http://twitter.com/hutattedonmyarm Max

    To those complaining:
    Hike is still new, and for now they’re doing a good job. Hike needs to improve, but it comstantly is. I’m sure the stuff that’s still missing will be implemented soon. Developing is hard work, especially if you have to do it for three different OSes. Also, Android-development is a mess, you have a lot of different specs (Hardware and Software) to take care of. iOS is easier, but has other traps.
    Right now, the developers are communicating with us, that’s a lot more than most others do!

    • Devon

      But Hike is just a copy of the thousands of instant messengers out there. Don’t forget that. KAKAOTALK, WhatsApp and so many others offer MORE that what Hike offers now. The Hike team had years to learn what the competitors made wrong. And… the result? Hike made more wrong than all the other apps together. So no excuse.

  • http://www.redbrick.de/ redbrick

    SSL encryption is more or less useless for a messanger. It’s nice to have on top. But what really is needed is an end-to-end encryption. Why don’t you implement OTR, PGP/GPG or any other asymmetric end-to-end encryption? Is it the key distribution problem over different devices with the same account?

    I can’t believe that applying SSL over the mobile networks costs too much anything. I guess it’s some kind of a condition since some people want to be able to read every message (provider, government, police, etc.).

  • http://twitter.com/v3rstand Le Male

    thanks for the update. but why you didnt update the following: preview message in the lockscreen, privacy settings. when i have this option on, everybody sees the complete message on the homescreen.that is not really good.

  • asdf

    Hello,

    Hike is a creat app. In think SSL encryption for WiFi connections is a step in the right direction. I hope you will continue improving the security of Hike. It would be very nice if there will be an optional button to enable encryption for 3G traffic.

  • fsdfdf

    fdsfsdfdsf