Where are your servers located?
We use AWS and the servers are currently located in the US-east.
Why do you use your own servers instead of for example CloudKit?
The stuff you save on the app is encrypted and only stored on your phone and not on our servers. Your encrypted saved data is then backed up to your iCloud account automatically if your have iCloud backups turned on. When you share, we use end-to-end encryption to protect your data so our servers are only used as a transmission medium of your encrypted data to the recipient which is where the data gets decrypted.
How do you make money?
If people love SecureAppy enough, we are hoping to push out some pro features later on. Our hope is that the pro version can be used by more heavy users while the free version can be used by common users. So we can only determine a pro version later on based on usage of the app and what features we add later on can be considered pro.
Is unlimited storage really unlimited? If I upload 2 TB of pictures that’s fine?
Since we store your data only on your phone, it never comes to our servers. Like I mentioned above, we only use our servers for transmission of encrypted content when sharing.. similar to WhatsApp. By "unlimited", we just mean that we don't set any limits on the amount of things you store or share via the app.
Are you iOS only or also available on other platforms?
It is currently iOS only. But we are actively building the android version as we speak!
If iOS only, why do you use an android design pattern (floating + button) and not conform to platform standards?
We have tried to use iOS standards wherever possible. There may be some elements like floating buttons that are mainly android. But they seem to be more common now in iOS as well so we felt okay using those in iOS.
I guess your privacy policy is not finished yet. It’s lacks details to conform to gdpr and ccpa.
Thanks for pointing this out! We will definitely take an other look at this!
- Apple and Google are now referring to "contact tracing" as "exposure notification," which the companies believe better describes the functionality of their upcoming API. The system is intended to notify a person of potential exposure, augmenting broader contact tracing efforts that public health authorities are undertaking.
- Keys will now be randomly generated rather than derived from a temporary tracing key, making it more difficult for someone to guess how the keys are derived and use that information to try and track people.
- Bluetooth metadata will be encrypted, making it more difficult for someone to try and use that information to identify a person.
- Exposure time will be recorded in five minute intervals, with the maximum reported exposure time capped at 30 minutes.
- The API will include information about the power level of the Bluetooth signal in the data that is exchanged between phones. This can be used in conjunction with the RSSI ("Received Signal Strength Indication") to more accurately estimate the distance between two phones when contact was made.
- Apple and Google will allow developers to specify signal strength and duration thresholds for exposure events.
- The API will now allow for determining the number of days since the last exposure event to better determine what actions the user should take next.
- The API's encryption algorithm is switching from HMAC to AES. Many devices have built-in hardware for accelerating AES encryption, so this change should help performance and efficiency on phones.
Sorry, I missed this earlier. PDF spec turned into an ISO standard with 1.7, and became unavailable without paying since 2.0, but 1.7 at Adobe's site is pretty clear about the signatures (nice, simple section on headers :).
(My phone decided not to let me paste the URL, but it's a quick search away — do not be afraid of the spec, it's quite simple, esp the parts you care about)
Why do you use your own servers instead of for example CloudKit?
How do you make money?
Is unlimited storage really unlimited? If I upload 2 TB of pictures that’s fine?
Are you iOS only or also available on other platforms?
If iOS only, why do you use an android design pattern (floating + button) and not conform to platform standards?
I guess your privacy policy is not finished yet. It’s lacks details to conform to gdpr and ccpa.