Review: Pretty Easy Privacy for Android

pretty easy privacy app
The Pretty Easy Privacy app in the Google Play store.

Pretty Easy Privacy (PEP), a new Android application still in beta testing, has joined the market of encrypted email apps with the tagline “Privacy by Default”. How easy is PEP? Well, not that easy, as it turns out.

PEP gets its name from a play on Pretty Good Privacy, also known as PGP. PGP is the granddaddy of encrypted email systems, and was invented by Phil Zimmerman in 1991.  Many modern open-source encrypted email applications still rely on the PGP framework. In a nutshell, to send and receive encrypted emails, both the sender and receiver have to have their own public and private keys.  Managing keyrings, exchanging public keys, and the large number of email clients that don’t natively support PGP are just a few of the challenges to encrypting email today. In the mobile sphere, these challenges remain a major roadblock to widespread adoption of encrypted email applications.

Enter PEP. The premise of the app is to enable encryption by default in an email app with a nice user interface, and with less of the manual configuration that is often required by other apps. Installation was easy, and as promised, the app automatically created an encryption key. The app uses a “traffic light” system to indicate whether a message is secure: green is for secure and trusted, yellow for secure but not trusted, and red to indicate a possible compromise by a “man in the middle” attack. Grey is used to indicate an unknown recipient.

 

To test out PEP, I installed the app on two different Android devices, and followed the default installation steps preconfigured in the app.  In order to trust an email partner, the app requires confirmation of trustwords. These trustwords are generated by the app, and in theory, should appear for both partners using PEP. However, this did not happen. I was able to see the trustwords on one phone, but was unable to view or generate trustwords on the other phone to verify. Even after hitting verify for the trustwords on the first phone, after several attempts, I was unable to actually send an encrypted email message, despite the app showing that the partner account was secure and trusted.

Overall, Pretty Easy Privacy offers a very nice interface for email, but still has work to do to provide a truly easy-to-use encrypted email platform. A novice user would still find sending and encrypting email a very difficult task on the PEP app for Android.