As Forbes reported earlier this week, the app has seen download numbers spike due to the political crisis in the city, and it appears to have become the de facto offline messaging app replacing Firechat, which became popular during the 2014 pro-democracy protests. As with Firechat, Bridgefy uses a “mesh” network. That means smartphones use short-range Bluetooth connections to form their own network independent of the carrier cell masts and the internet.
It should be difficult for authorities in Hong Kong, or China, to shut down the app. The very nature of the tool means there are multiple paths for communicating because messages can make their way around any device on the network. There is no single point of failure that police could target to shut Bridgefy down.
Risks of using Bridgefy
But that’s not to say there’s no way for riot cops to target Bridgefy. For instance, police could sign up to Bridgefy and, at the very least, cause confusion by flooding the network with fake broadcasts. Imagine a flurry of messages telling protestors to organize in a particular location, one where authorities are lying in wait. Or a message that caused panic by saying officials were violently shutting down protests in a certain location.
Matthew Green, associate professor at the Johns Hopkins Information Security Institute, downloaded the app to review its security and privacy. He told Forbes the main security issues with Bridgefy are the confidentiality and authenticity of any messages sent through untrusted third-party phones. How can users be sure of the identity of the person with whom they’re communicating? “Hypothetically these could be encrypted, but that requires key management. I’m not sure how Bridgefy does this in a secure way when their servers are offline,” added Green.
A Bridgefy spokesperson told Forbes the app does use encryption. “We use end-to-end RSA encryption on private direct and mesh messaging,” the spokesperson said (RSA is a well-known cryptographic standard). “Broadcast messages are purposefully not encrypted, so everyone can read them.”
The spokesperson admitted, though, that no app can be bulletproof from snooping. “There is not much we can do about surveillance and censorship other than encrypt all that we can. With any app, offline or online, there will always be risks that are not controllable by the app developer.” Indeed, in the company’s terms and conditions, Bridgefy notes: “No security measure is 100% reliable and your content is subject to interception by third parties unaffiliated with Bridgefy.”
Green also highlighted concerns about collection of metadata, especially if some people running the app are also police. That metadata could include a Bridgefy user’s mobile phone device identifier. That could then be used to determine the identity of the owner of the cellphone—via a government request from the carrier, for instance.
They could go to other tech providers to figure out who was running Bridgefy across Hong Kong. Chinese messaging app WeChat, for instance, has the “retrieve running apps” permission on Android. China’s government could simply demand Tencent hand over a list of users running the app and where they’re located.
There’s also the threat of a government spreading malware via the app with broadcasts pushing malicious links. Given recent revelations about a sophisticated hacking operation targeting the iPhones, Androids and Windows devices of people from China’s Uighur ethnic group, it’s clear any group identified as dissident by China’s communist government faces serious threats to their cybersecurity.
But if they're willing to accept the risk, Bridgefy could remain a useful tool for communicating and organizing in extreme situations.
Thomas Brewster, Forbes Staff