Confide, an ephemeral messaging app, has become popular among government operatives, as Axios reported last week. But now the app's encryption—how it ensures messages can't be intercepted by outsiders—is under question.

While the company claims that its app offers "military-grade encryption," some experts aren't so sure that it's as secure as it sounds.

What Confide says: According to co-founder Jon Brod, "Confide's message encryption is based on the PGP standard" and uses "recommended best practices to ensure the security of network connections, such as using TLS 1.2 with certificate pinning to prevent against [man-in-the-middle] attacks."

For each platform on which it's available, the company has selected various encryption tools—the latest version of OpenSSL for iOS and Spongy Castle for Android. Brod added that the company plans to upgrade to the newest version of OpenSSL in its app's next update. OpenSSL, in particular, raised concerns among security experts as it's been found to have a number of security vulnerabilities over the years, including the Heartbleed bug, which wreaked havoc on the Internet in 2014. Brod says that Confide's Android app uses OpenSSL for one single function but it's not one impacted by Heartbleed or any other published vulnerability.

Questions remain: With that said, it's still difficult to be fully certain of Confide's security as the company's software is proprietary and hasn't been reviewed by a third-party.

"This one's a tough call. The application doesn't smell fully kosher, but at least it uses some standard encryption routines, which many other applications fail to do," computer forensics expert Jonathan Zdziarski wrote in a blog post after taking a look at the app. "Ultimately, the application warrants a cryptographic review before I could endorse its use in the White House," he wrote, adding that since OpenSSL isn't FIPS 140-2 compliant (a government encryption standard), it shouldn't be used by government workers.

And as one security expert told Axios, it all depends on how well all of Confide's precautions have been implemented—a sloppy or faulty job could mean the app is far from secure.

What to watch: With reports of staffers using encrypted chat apps, some Congresspeople are already asking for investigations into whether their use violates federal record-keeping laws. On Tuesday, House Republicans Darin LaHood and Lamar Smith sent a letter to the EPA's independent watchdog following news that some employees have been using another app, Signal.

Go deeper

Drive-in movie theaters are making a comeback

Illustration: Annelise Capossela/Axios

Drive-in movie theaters, the symbol of a bygone era before cellphones and constant distraction, are suddenly reemerging as a popular form of entertainment during the coronavirus crisis.

Why it matters: Indoor movie theaters are closed, but people still crave entertainment and a chance to get out of their houses. Watching a movie from the safety of a car is the next best thing.

Updated 29 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 7:30 a.m. ET: 11,093,182 — Total deaths: 525,491 — Total recoveries — 5,890,052Map.
  2. U.S.: Total confirmed cases as of 7:30 a.m. ET: 2,795,163 — Total deaths: 129,437 — Total recoveries: 790,404 — Total tested: 34,213,497Map.
  3. States: ICU beds in Arizona's hot spot reach near capacity.
  4. Public health: The states where face coverings are mandatory Fauci says it has been a "very disturbing week" for the spread of the coronavirus in the U.S.
  5. Economy: The economy may recover just quickly enough to kill political interest in more stimulus.

Kimberly Guilfoyle tests positive for coronavirus

Photo: Mandel Ngan/AFP/Getty Images

Kimberly Guilfoyle, Donald Trump Jr.'s partner and a top fundraising official for the Trump campaign, tested positive for the coronavirus on Friday, The New York Times reports.

Why it matters: Guilfoyle is the third person in President Trump’s circle known to have contracted the coronavirus. Vice President Mike Pence's press secretary tested positive, as did a personal valet who served Trump food.