The French government released a beta version of Tchap, an Android app set to replace WhatsApp and Telegram as a messaging solution used by government employees. Tchap isn’t touted as a classified communication channel, but merely as a way to keep official government business on servers located in France and not in Facebook’s or Telegram’s data centres.
Nevertheless, the new app was off to a rough start. The security researcher Baptiste Robert managed to hack the system and view internal discussion channels hosted by the service. He discovered several other vulnerabilities as well. The DINSIC, the French inter-ministry directorate for information systems that runs Tchap, reacted quickly and deployed a patch. It also emphasised that the program is still in beta testing, and the government also launched a bug bounty program for Tchap.
Storing and protecting data remains a major challenge
While some governments and companies might think that storing data on their own servers instantly provides better privacy and security, the incident with Tchap is a reminder of all the challenges such efforts entail. Data storage remains a sensitive operation that needs to be handled with the utmost care and extensive testing prior to the official launch of any software products.