Obvious vulnerabilities in self-proclaimed "most secure messenger" Ginlo

Ginlo claims to be the “most secure messenger” for healthcare and personal use, but lacks basic protections in its apps, with many issues remaining unpatched after a 90-day disclosure window.

There’s a German messenger app called ginlo that a few people seem to think (German) is a viable alternative to Signal. On its website, ginlo is advertised as follows:

Protect your messages
With the most secure messenger on the market. Made in Germany.

ginlo uses the strongest algorithms to protect your privacy and all your data. Not just while data is being transferred (end-to-end), but also when it’s on your device. That’s what full encryption means. Even ginlo as a provider doesn’t have any way of accessing your content.

Fully encrypted
Forget end-to-end encryption. The only way to ensure that your data is truly secure is with full encryption by ginlo1.

:triangular_flag_on_post::triangular_flag_on_post::triangular_flag_on_post::triangular_flag_on_post::triangular_flag_on_post:

1 Like

The ginlo.net GmbH was founded in 2020 with an experienced team in the areas of communication, encryption, data security, GDPR – and of course in the development and marketing of powerful internet services.

according to https://www.cube.net/

also they tried before: Brabbler AG | LinkedIn

Brabbler AG has terminated it’s business. Our messenger ginlo keeps going. Please visit https://www.ginlo.net

Sounds like a honey pot :rofl: