p≡p for Android

_images/android.png

Feature list

  • Encrypt/decrypt emails and their subjects
  • Untrusted server (save emails encrypted on the server)
  • Trusted server (save emails decrypted on the server)
  • Encrypted BCC support
  • Compatibility with OpenPGP (key server lookup)
  • Manual private key import
  • Automated public key import
  • Subject encryption
  • Blacklisting of public/private keys
  • Warning flag when forwarding a formerly encrypted message unencrypted
  • Deactivate p≡p for selected email accounts
  • New material design UI
  • Multilanguage support including Trustwords (Catalan, English, French, German, Spanish, Turkish)

Upcoming confirmed features

  • Keysync between any p≡p clients (internal testing)
  • Store single items encrypted on the trusted server
  • Pinentry
  • Enterprise: MDM/EMM Integration

Requirements

  • Mobile phone or tablet with Android version 4.3 and higher
  • Google Play store installed
  • Compatible MDM solution for enterprise use
  • Email account details

Installation of p≡p from Google Play Store

Warning

Before you install p≡p on your device, we strongly recommend you to encrypt your device.

The installation is straight forward, asks no questions and requests no information.

Step 1. Go to Google Play or open the Google Play Store app Play Store.

Step 2. Find pEp / p≡p app

Step 3. Touch the pEp / p≡p app’s price button to install.

_images/pEp4Android-v1.0.100rc1-FirstInstallationScreen.jpeg

Step 4. Follow the on-screen instructions. App will be installed immediately afterwards.

_images/pEp4Android-v1.0.100rc1-InstallationInstalling.png

_images/pEp4Android-v1.0.100rc1-InstallationInstalled.png

When it’s done, simply touch Open button

_images/pEp4Android-v1.0.100rc1-InstallationInstalled.png

When you touch the Done button after installation, you will be able to see the p≡p icon on your screen. After starting the app, you’ll see the welcome screen.

_images/pEpv4Android-v0.9.8.28-ScreenAfterInstallation.png

Installation of p≡p from F-droid

Warning

Please note that latest version with Material Design is not yet on F-droid. We are working on inclusion of the application at the moment. We expect it will take a few weeks.

Before you install p≡p on your device, we strongly suggest to encrypt your device.

The installation is straight forward, asks no questions and requests no information.

p≡p can be found in standard F-Droid repository under the name “p≡p pretty Easy privacy”. However this repository is often outdated, therefore when you want to be sure you are using the latest release, use our own F-Droid repository:

Step 1. Open the F-droid app, in menu select Repositories, and add new repository by clicking on + button. Add repository <https://fdroid.pep-security.net>. Enable the repository by changing the toggle switch to green.

Step 2. Go back to Application overview, find pEp / p≡p app

Step 3. Touch the pEp / p≡p app’s install button to install.

Step 4. Follow the on-screen instructions. After the installation, you will be able to see the p≡p icon on your screen.

User Guide

First setup

In order to use p≡p, you need to setup your email account. As soon as the email account is set-up, you can use p≡p without any additional configuration. It is not necessary to change any Android settings for p≡p to work.

At the first startup of the app, it will ask you to give some permissions:

_images/pEp4Android-v1.0.100rc1-PermissionScreenAfterInstallation.png

Reading contacts permission is to autofilling contacts when writing emails. It’s optional and you can change it anytime. We are not collecting any contacts, everything stays on your device.

_images/pEp4Android-v1.0.100rc1-PermissionContactsAccess.png

Download files permission is there to simply allows you to save attachments from emails to local storage. It’s optional and you can change it anytime.

_images/pEp4Android-v1.0.100rc1-PermissionFilesAccess.png

Disable battery optimizations pemission is making sure that Android system will not close the app and app can receive emails in the background. It’s optional and you can change it anytime.

_images/pEp4Android-v1.0.100rc1-PermissionIgnoreBattery.png

Now, you will need to add your email account(s). In case you have a Google Account, select “Use OAuth 2.0 token”.

_images/pEp4Android-v1.0.100rc1-SetupNewAccount.png

You will now select your Account Type to set up your client with IMAP/SMTP protocols as shown below. You should have this information from your email provider or administrator.

IMAP settings

_images/pEp4Android-v1.0.100rc1-screen_imap_settings.png

SMTP settings

_images/pEp4Android-v1.0.100rc1-screen_smtp_settings.png

Once you add all your account settings, p≡p app will generate private keys for first use in the background and you can name your account.

_images/pEp4Android-v1.0.100rc1-SetupGiveAccountName.jpg

After this step you can immediately send and receive encrypted emails.

p≡p for Android users will now see ‘Privacy Status’ bar displayed on top of each selected/opened message. Clicking on the Privacy Status will provide additional information on the available trust level.

p≡p uses a traffic light metaphor, extended by the fallback to Gray, to indicate the Privacy Status, along with statements which are directly linked to how secure the available communication channel is or was. The full set of Privacy Status’ are:

  • Gray/Unknown/Unsecure/Unreliable Security:

    Unknown is commonly for outgoing messages where no contact or address has yet been added to the To, Cc or Bcc fields of an email or message. Unsecure or Unsecure for Some means that p≡p cannot find a way of sending or receiving the communication with any form of encryption (to all recipients if Unsecure for Some). This represents the default situation today which, in the case of email, usually must be considered as “secure” as sending a physical post card. Unreliable means that p≡p cannot find a way of sending or receiving the communication reliably. So, for example, the communication could have been sent using S/MIME. With S/MIME it’s known that if one public Certificate Authority (CA) is subverted then the security of the entire system is lost — potentially subverting all the entities that trust the compromised CA.

  • Yellow/Secure:

    The communication is encrypted using state-of-the-art technology. However, your communication partner still needs to be trusted by completing a handshake.

  • Green/Secure & Trusted:

    The communication is encrypted using state-of-the-art technology and your communication partner is trusted. Trust is confirmed with a handshake where, using a side-channel (e. g. by phone call or in-person), communication partners verify they are each who they say they are and the communication can be fully trusted by all reasonable means expected from a regular user.

  • Red/Mistrusted, Under Attack:

    Mistrusted means that you have previously failed a handshake. You cannot trust that your communication partner is, who he says he is. Under Attack means that either a man-in-the-middle (MITM) attack has to be assumed or another (serious) cryptographic error occurred. The communication channel must be considered unsecure and any exchanged information not private.

Sending Secure Emails

p≡p analyzes locally (no data is sent anywhere) the incoming and outgoing e-mails on your device. Once p≡p recognizes that it can encrypt in a technically perfect way with the communication partner, it will do so automatically. The workflow below shows how p≡p works conceptually outlining p≡p’s fully automatically and easy to use design & function between p≡p users as well as p≡p and PGP users. The users will never have to handle the keys.

_images/conceptualpEp.png

After a message from another p≡p user is received, the Privacy Status at the top of the incoming message is automatically upgraded from Gray/Unknown/Unsecure/Unreliable to Yellow/Secure without any user interference or manipulation. The same applies if you enter an e-mail address for which p≡p automatically finds a public key on the public PGP key server (this is an optional setting). This runs in the background and it is invisible to the users.

_images/pEp4Android-v1.0.100rc1-ComposeViewGrey.jpg

After receiving message from another p≡p user (or a PGP user who attached a public key) the response is secured.

_images/pEp4Android-v1.0.100rc1-MessageViewYellow.jpg

The Handshake

Now the user has the option to send the message with Privacy Status Yellow/Secure (technically perfect encryption with one remaining risk: Man in the Middle Attack). This is already a big improvement over trust level gray. All the user needs to do for sending the message with this level of protection, is to press the SEND button. Eliminating this final risk (a Man in the Middle Attack) necessitates a manual step, either in-person or by phone.

The user initiates the ‘Handshake’ by clicking on the Privacy Status bar at the top of the e-mail which displays Yellow/Secure color indicator revealing the following pop-up window:

_images/pEp4Android-v1.0.100rc1-PrivacyStatusSecureYellow.jpg

The users need to compare their Trustwords in order to upgrade the Privacy Status from reliable (Secure) to trusted (Secure & Trusted). This is done by simply touching ‘Handshake’ button on the screen. Next step is for the user to contact the communication partner (either in person or by phone) and ask to confirm the Trustwords. Trustwords are displayed in the same order for both communication partners in the language of their choice.

_images/pEp4Android-v1.0.100rc1-PrivacyStatusSecureYellow.jpg

You can change the language of the Trustwords after touching 3 dots in the top right corner. There is choice of 6 languages: Catalan, German, Spanish, French, Turkish and English. After selecting chosen language, your Trustwords will be displayed in that language.

_images/pEp4Android-v1.0.100rc1-PrivacyStatusHandshakeTrustwordsLanguage.jpg

Choice of Trustwords languages:

_images/pEp4Android-v1.0.100rc1-PrivacyStatusHandshakeTrustwordsLanguageSelector.jpg

After selecting Trustwords in Spanish:

_images/pEp4Android-v1.0.100rc1-PrivacyStatusHandshakeTrustwordsLanguageSelectedSpanish.jpg

To enhanced your trust there is also option to show long Trustwords.

_images/pEp4Android-v1.0.100rc1-PrivacyStatusHandshakeTrustwordsLanguage.jpg _images/pEp4Android-v1.0.100rc1-PrivacyStatusHandshakeLongTrustwords.jpg

The PGP fingerprint is also listed for those who would like to confirm by the fingerprint itself.

_images/pEp4Android-v1.0.100rc1-PrivacyStatusHandshakeTrustwordsLanguage.jpg _images/pEp4Android-v1.0.100rc1-PrivacyStatusHandshakeTrustwordsPGPFingerprint.jpg

Then the user clicks on one of the buttons displayed:

  • ‘Confirm Trustwords’ button: If the communication partner has the same Trustwords, then the user presses the ‘Confirm Trustwords’ button to confirm them and from then on all the email exchanges with this communication partner will be Green/Secure & Trusted and there will be no known attack on that communication anymore. The color of Privacy Status on the top bar will now be Green.

This step is done once with each communication partner and any future communication remains Green/Secure & Trusted.

_images/pEp4Android-v1.0.100rc1-PrivacyStatusSecureGreen.jpg
  • ‘Wrong Trustwords’ button: The user would press this option, if the Trustwords given by the communication partner do not match those shown on the screen. As a result, the rating for the communication partner is downgraded from reliable (secure) to mistrusted. This step cannot be undone.

Disabling Protection when the communication partner’s Privacy Status is Yellow/Secure or Green/Secure & Trusted

When the communication partner’s Privacy Status is Secure/Yellow or Secure & Trusted/Green, the e-mail will automatically be sent encrypted, when the user clicks ‘Send’. If the user would like to disable protection on a case by case basis, then he/she can do so by selecting the ‘Disable Protection’ button in the ribbon of the message.

_images/pEp4Android-v1.0.100rc1-DisableProtection.jpg

The Privacy Status as well as the rating for a communication partner will change from Secure/Yellow (or Secure & Trusted/Green) to Gray and the message will be sent unencrypted when the user presses ‘Send’.

Sent

_images/pEp4Android-v1.0.100rc1-DisableProtection-Gray.jpg _images/pEp4Android-v1.0.100rc1-DisableProtection-GrayStatus.jpg

Received

_images/pEp4Android-v1.0.100rc1-DisableProtection-Received.jpg _images/pEp4Android-v1.0.100rc1-DisableProtection-ReceivedStatus.jpg

Settings - Global Settings - p≡p

Following settings are used for all accounts in the app:

_images/pEp4Android-v1.0.100rc1-GlobalSettingspEpMenu.jpg

GLOBAL

Passive mode By default, p≡p will attach the public key of the own identity when sending a message. When passive mode is enabled the public key is not attached to an outgoing message unless your communication partner uses p≡p as well.

Unprotected message subjects By default, p≡p will hide the message subject and send it within the secured body of the email. The actual subject will be “pEp”. All versions of p≡p will automatically replace hidden subject so you won’t notice it. However other clients which aren’t compatible with p≡p will display every subject of email sent by p≡p as “pEp”. The actual subject will be in the first line in the body of the message. You can turn this option off and subjects of your outgoing emails won’t be secured.

Unsecure reply warning By default p≡p will show a warning when a previously secured message loses security through reply or forward. E.g. You will decide to forward received encrypted email to another recipient unencrypted.

OPENPGP COMPATIBILITY

Look up keys on key server This option enables p≡p to look up the public key of the recipient on the public key server hkp://keys.gnupg.net/ before sending an email to the communication partner. If the email address of the recipient exists on the keyserver, then p≡p will use the public key to encrypt the email for the recipient. (The Web interface to upload a new OpenPGP key to the keyserver is available here: <http://keys.gnupg.net:11371>). This option is not enabled by default, because it comes with certain risks, e.g. using a key to encrypt a message, while the recipient might no longer have the private key available.

Blacklist p≡p for Android includes a black list feature. It allows you to disable selected private and public keys. You can find the blacklist in Global Settings -> p≡p -> Blacklist. It’s listing all current available public and private keys. After marking the selected key, it will be blacklisted. Unmarking the key, will remove it from the blacklist. When a key is marked as blacklisted, any email signed/encrypted with this key won’t be considered as safe/trusted and you won’t be able to send secure message to an address with a blacklisted key, unless there is another key for the same communication partner available.

_images/pEp4Android-v1.0.100rc1-GlobalSettingsBlacklist.png

Privacy settings

_images/pEp4Android-v1.0.100rc1-GlobalSettingsPrivacyMenu.jpg

Hide subject in notifications This option will hide the subject of emails in Android notifications on the screen.

Remove K-9 User-Agent from mail headers This option will remove all user agent mentions from outgoing emails.

Use UTC as time zone in mail headers This option will use UTC as time zone for outgoing emails.

Account Settings

_images/pEp4Android-v1.0.100rc1-AccountSettingsMenu.jpg _images/pEp4Android-v1.0.100rc1-AccountSettingspEpMenu.jpg

Store messages securely Store serverside e-mails protected (encrypted with own private key). When you disable this feature, p≡p will trust the server and keep all your emails stored on the server unencrypted.

p≡p privacy protection Enable p≡p privacy protection for this account. When you disable this feature, no features of p≡p will be working for selected account.

p≡p sync

Warning

Please note that latest version with Material Design is not using p≡p sync yet.

In order to have your private key synchronized between your multiple devices each needs to have p≡p client: p≡p for Outlook or p≡p for Android.

p≡p sync between Android/Android

Warning

Please note that latest version with Material Design is not using p≡p sync yet.

Once you add your account to second p≡p for Android client, following screen will be shown on all your devices within few minutes:

_images/pEp0.9Android-v0.9.11.2-pEpSyncTrustwords.png

You can change language of the Trustwords by touching the globe icon:

_images/pEp0.9Android-v0.9.11.2-pEpSyncTrustwordsLanguage.png

Simply check and confirm on both devices if the trustwords are the same on both screens. Once done, private keys of both devices will be shared between them and you will be able to read all encrypted messages on both devices.

Warning

In case you didn’t add your account on another device with p≡p for Android client and you see device group dialog OR in case the trustwords are not the same on both devices, select Wrong Trustwords. That would mean that someone is trying to steal your private key, impersonating you or there are other technical issues. You should take your time and immediately investigate and secure your email account.

In case you can’t see Device Group dialog after several minutes, you can try to force it by sending any email to yourself from any of the pEp clients. That will force device group dialog to show up.

Importing your private key(s)

Warning

Please note that latest version with Material Design is not able to import keys yet. This function will be available from May 2018.

How to Uninstall p≡p app

Go to the Settings app on your device. Select Apps or Application manager. Gently press on the p≡p app to uninstall. You may need to swipe right or left to find it. Touch Uninstall.

List of repositories and markets

Following are official distribution channels, where you can find the latest p≡p for Android.

Google Play Store

https://play.google.com/store/apps/details?id=security.pEp

Google Play Store Beta program

https://play.google.com/apps/testing/security.pEp

F-Droid

Our F-Droid repository: https://fdroid.pep-security.net/

Citrix Marketplace

https://citrixready.citrix.com/pep-security-sa/pretty-easy-privacy.html

Source code of K-9/p≡p

You can find source code of p≡p for Android on following URL: https://letsencrypt.pep-security.lu/gitlab/android/pep

Contact

If you have any additional questions and/or concerns, please contact us at support@pep.security or refer to the FAQs on https://pep.security/faq/.