How "Secure" is WaveSecure/Others?

[billyk]

Ok, I am trying to noodle through how a connection to my Droid could potentially be abused by *any* organization that can remotely connect to my phone. Not to slight the WaveSecure folks - my question applies to Mobile Defense, Lookout, etc.

If a WaveSecure/other user does not choose to backup their data on their datastore, what information can be accessed remotely? If you've got a password safe with bank account infomation on your Droid, for instance, is a user now in the position of potentially having their most private/sensitive information in the hands of countless strangers, possibly only protected by the encryption offered by the password safe? If so, it's a risky world we are heading into!

Does the removal of the application rid your Droid of this risk 100% (if you didn't choose to leave your data behind via a previous backup)?

 

[928Droid]

I prefer to not use their backup option. I use the Moto Phone Tools from Motorola that gives you a WiFi link to computers on your local network and will backup/sync everything including SMS, web browsing history etc.

 

[cheewee]

Hi Billyk,

Thanks for your query! Our folks here in tenCube WaveSecure appreciate the question and would like to share with you how we protect our user’s data. After all, our application is meant to allow you to protect your data and privacy. Wouldn’t make much sense for our existence if by using our application it instead makes you feel less secure…

Let me first answer your question and later share with you how we put steps in place to protect your privacy.

If a WaveSecure/other user does not choose to backup their data on their datastore, what information can be accessed remotely?

If a user, chooses not to backup their data onto their own account, WaveSecure doesn’t backup their personal information (e.g. SMS, contacts, Notes) at all. The information that is required to set up a WaveSecure account are
a) Your phone number – Which is your default user account name
b) Your email address- To allow us to contact and verify your account and allow you to request for another PIN
c) IMEI number – The unique identifier for your mobile phone

Does the removal of the application rid your Droid of this risk 100% (if you didn't choose to leave your data behind via a previous backup)?

WaveSecure will not be able to function if you uninstall it from your Droid.

However, there are 2 parts that need to be addressed:
1. Whether tenCube WaveSecure allows our employees/shareholders to access user’s data (please read the post below, apologize for the length, it’s even summarized!)

2. Whether without WaveSecure, you are compromising your own privacy! We like to think so, we’re here to protect your privacy after all. Something as simple as losing a phone can be a very painful experience, in both loss of privacy and security. Hence our value proposition!

That being said, we really appreciate our user’s continued usage of our product (makes us feel loved!), but understand if they do not wish to continue with our service due to these concerns.

Steps tenCube WaveSecure has to protect you:
1. tenCube’s Privacy Policy: tenCube has a privacy policy that addresses the concerns that you have raised. In summary it states that
a) We will never give, sell, rent or share ANY of your personal information with any other third party, without your express permission, unless required by governing law (note that our servers are in the United States)
b) No one can view your data except you and anyone you’ve shared your PIN with. The only way you can view the data you’ve backed up is via your own web portal. Our administrators and support representatives are given access to only surface level functions that allow them to execute the necessary steps to assist our users when they encounter problems.
You may read more about our policy from www.wavesecure.com/privacypolicy.aspx

2. WaveSecure’s Backup Feature is optional: By default, no back-up will occur unless the user so specifies. We understand and respect that users might choose to place a high value on their privacy. The security aspects of WaveSecure (Locking/Wiping/Tracking/Location) are the only features they will ever use.

3. Hacking: tenCube WaveSecure was initially developed for police and large organizational usage. All data transported from device to servers are encrypted end-to-end with either AES 128-bit or RSA 256-bit encryption. This gives an additional protection layer for our users. Physical access to the servers require the presence of 2 directors of the company, with 3 layers of biometric access control. The facility guarantees a 99.94% uptime.

4. Reputation: In our game, reputation is everything. In 2005, when we were founded, our first customers were the police force and several large organizations. Needless to say, that has shaped the way our company has grown. Even though these organization required their own servers to store the data, they insisted that we abide by certain rules (hence the policy you see above). We know that if we do stray from our policy, it is going to affect us terribly!

Hope you have a great year, and may the phone be with you!

Thanks,
Team WaveSecure
www.wavesecure.com

 

[billyk]

Cheewee,
Thanks for your comprehensive response!
-bk

 

[billyk]

I could be the Lone Ranger on this front, but I uninstalled Wavesecure. I totally appreciate the company's intelligent response above, but I think it's all a matter of how much exposure we, individually, are comfortable with.

I've been in the software business for a long time, and I understand the underlying technologies that make the Droid (and similar) platforms tick, so despite the privacy policies and good intentions of companies in this product space, I can't help but see the "opportunities" that present risk for customers. I am fully aware of the fundamental privacy risks that we all accept when we store our personal contacts with Google for instance, and we accept that our private data (contacts, phone calls, msgs, etc) will be accessible to the apps we happily download from the Market. But the remote client approach used in apps like Wavesecure, in m opinion, presents more access possibilities to my info, and since I use the Droid to store plenty of private info, I will hold off on jumping on this bandwagon for now.

This is a "to each their own" kind of decision, for sure. Just thought I'd toss my thoughts out there.

 

[billyk]

Cheewee,
How does one remove their account from your website? I don't see that capability.
Thanks!

 

[cheewee]

Cheewee,
How does one remove their account from your website? I don't see that capability.
Thanks!

Hi billyk,
Please email support [a] wavesecure [.] com your request. After verification, they will proceed with the deletion.

Thanks,
cheewee
Team WaveSecure
www.wavesecure.com

 

[billyk]

Just did.
Thanks!

 

[billyk]

Cheewee,
I've gotten no response from your company regarding removing my account from your website. Is there another avenue for getting my WaveSecure account removed/canceled?

 

[cheewee]

Cheewee,
I've gotten no response from your company regarding removing my account from your website. Is there another avenue for getting my WaveSecure account removed/canceled?

Hi billyk,
It's best to take this offline since it's regarding your private information. Can you please message me your mobile number/user id privately for me to investigate?

Thanks,
cheewee
Team WaveSecure
www.wavesecure.com

 

[billyk]

Thanks.
Done!
-bk

 

[smcpherson]

Another question

I keep getting a message on my droid 1 that I must "activate device administration" to get my work e-mail since I downloaded the 2.2 upgrade. If I download wavesecure will this stop the message and allow me to see my work e-mails again?