More than 800 people across Europe have been arrested after law enforcement cracked the network of EncroChat, a company that sold encrypted Android smartphones with messaging software that officials say was predominantly used for coordinating organized crime operations.
Suspicious features — EncroChat marketed its phones for their offer of "worry-free secure communications," though some features hinted at the audience it had in mind. EncroChat's phone booted into a vanilla version of Android by default, but to access the secure chat application, users had to use a special command to boot the device into a secondary partition of Android.
It's one thing to want your chats to be private and encrypted, but obscuring the very existence of a chat app on your phone is on another level of caution. Perhaps due to the nature of the business being conducted on EncroChat – i.e. importing weapons, ordering attacks on rivals, etc — the very presence of it on your phone could be implicating. Users paid an astonishing subscription fee of $1,700 every six months for the privilege of using the service.
EncroChat phones came with other security features, like a "panic wipe" that wiped the device clean if a specific four-digit passcode was entered on the lockscreen.
Not so secure after all — Unfortunately for users, EncroChat apparently wasn't as secure as promised. French police were able to locate some of the servers for the messaging service and install a "technical device" to intercept and decrypt user messages. Law enforcement began collecting data from EncroChat after the "encryption code" was cracked in March. That makes it sound like EncroChat wasn't encrypting chats end-to-end after all, or else they'd need private keys from both the sender and recipient in order to read messages.
In 2017, another encrypted phone provider called Ennetcomm saw its messages decrypted after Dutch authorities discovered it was creating keys on its own servers, which police were able to capture after they seized its servers. That's really the problem with trying to conduct crimes digitally — even the smallest security lapse can create a gaping hole.
Somehow word got out of the interception of EncroChat and users began throwing away their phones in droves. But by then it was too late, as authorities had already intercepted "millions" of messages. Police say as a result of the investigation they have already been able to prevent at least one murder and kneecap massive gang operations across Europe.