Thanks for sharing. Such an interesting read. I've read many times about databases being exposed publicly, but when a company explicitly states they are using state of the art security and drag other companies through the mud... Man, that really takes the cake.
I shudder to think what it must be like to be a developer there, knowing they're lying so blatently.
2023-05-05: Converso asks: 'How were you able to decompile the source code of the app and what do you think should be done to protect against that in the future?'
So I think some of the devs were in way over their heads too!
The fundamental problem with cryptography is that it's significantly harder to create a system that others can't crack than to create a system that you yourself can't crack.
I get that building secure communication from scratch is hard, but claiming those things is just outrageous. I see absolutely nothing for them to gain for making such an app with unsubstantiated claims.