London Startup Watch: Qredo

On its website, London-based startup Qredo states that it is a “quiet cloud development platform that combines end-to-end encryption with cloud services to make building secure software much easier.”

Qredo makes the claim that it is the first company who has been able to offer end-to-end encryption alongside a cloud-based app and that its app, Qredo SDK will provide people with the next step in terms of app security.

On the back of their recent success, the company has now announced a beta launch of their cloud-based app encryption development platform. The company hopes this will make it a lot easier for companies across all sectors to add high-level security to their own apps.

Lead developer at the company Justin Megawarne comments on how difficult it currently is to “embed end-to-end features” in an app because there’s not currently a “toolkit in particular to do it.” He added that this problem is further “compounded when you want to use cloud services”.

Qreda’s toolkit, in its beta form (for iOS and Android only at the moment) enables developers to have a lot more freedom when creating professional applications; whether these applications have a social media, secure messaging, gaming, or even monetary wallet function. The company aims to expand the toolkit for Windows and Web SDK in the near future.

What makes Qreda’s approach different?

Qreda focuses on encryption, which means in the worst case scenario of a breach, the hacker receives nothing valuable; only data that is encrypted. Megawarne emphasises that the company’s “servers have no idea what your app is storing or how it is communicating”, and that Qreda have realised that out “of all the security measures out there, cryptography is the champion.”

The developer highlighted the fact that even though many apps out there on the market, of which Dropbox and Snapchat are just a few, boast strong encryption – they are still vulnerable to attack because of the way they manage encryption keys.

This means the company managing the app (i.e. Dropbox for example) can decrypt the data they have at any point they choose to but this then leaves them open to security breaches because anyone hacking into their system will be able to see the decrypted data. Megawarne states that on the other hand: “If they had built it on top of Qredo the only person that would have access to the data would be the end user.”

Qredo have made the architecture of their app open source and allow others to openly examine and explore their product, including the code and security standards. The company enables this in the belief that it will ultimately benefit them and ensure the app is as secure as possible because: “leaving the source code open for everyone to analyse means that problems are found much earlier and you benefit from the entire security community, not just your close-knit [development] group”.

The recent beta launch is very timely, for it comes on the back of a global debate on end-to-end-encryption. This debate is especially prominent in the UK because of the Government’s recent publication of the Draft Investigatory Powers Bill. Also known as the ‘Snoopers’ Charter’, the bill has come under fire from many major tech firms across the world, including Google, Facebook and Twitter. It has received criticism because of its aim to increase the government, police and intelligence agencies’ surveillance powers, and even goes so far as to essentially legalise ‘hacking’. Megawarne strongly believes, however, that the security specialists within the government sphere are only too aware of just how important encryption is in protecting citizens when they are online and that these people “know that strong encryption is absolutely vital for the country’s national security”.

The company ultimately aims to protect people and organisations from data hacking, since their main concern is that “weak encryption will weaken everybody”. Their application development platform aims not only to be accessible and extremely straightforward to use, but to also provide a solid degree of security, and it certainly appears that they’ve managed to achieve this.