Schmoose is currently available on Windows Phone 8, Android from Version 4 and on iOS7
When starting the app for the first time, you need to enter either a valid email address or a SMS-capable phone number. At that time, schmoose has already created a public/private key pair on your device. The data you've just entered will then be encrypted and signed before it is sent to one of our servers.
We’ll promptly send you an email containing a short code to validate your email address. When you open the schmoose app on your device, you’ll be requested to enter the code, which will then be securely transmitted to the server for verification. If you’ve specified a phone number rather than an email address, we’ll send a short message to that number. This message also contains a code for completion of the validation process. If the SMS or email (check your spam!) doesn’t reach you, just request a phone call. A gentle voice will then tell you your code. It does not help to delete and reinstall schmoose!
You can synchronize your address book with the server-side schmoose directory. This simple process will send hash values of the email addresses and/or phone numbers of your address book contacts to our server-side schmoose directory. For each match, the server will send back the individual schmoose ID of the found contact as well as the corresponding public key(s).
In order to connect to other people individually, without synchronizing your address book, you simply tap in the phone number and/or email address of the contact you want to chat with. A hash value is calculated and sent to one of our servers to be looked up in our global schmoose directory. If a corresponding contact is found, the server will send back the individual schmoose ID of the found contact as well as the corresponding public key(s).
You receive the schmoose ID from your intended messaging partner through any external channel of your choice (phone, email, slip of paper, face to face …). You enter your counterpart’s ID into the schmoose app, which then retrieves your contact’s corresponding public key from the schmoose server. If you’re able to meet your messaging partner face to face, you can directly exchange your schmoose IDs and public keys by scanning each other’s schmoose QR code.
Before deleting schmoose it is mandatory to re-register (especially if you own only one device running schmoose). Use "settings - devices" to do so. After de-registration you may easily delete or de-install schmoose.
Yo need to de-register your old device first! Up to 5 devices may be registered concurrently. Settings - Devices shows an overview of the current devices. This is the place to de-register your old device. CAUTION: If you de-register all your devices, your user credentials will be deleted.
schmoose security functions are strictly specific to your device (end-to-end encryption) so that no one else can assume your identity and use it to receive or understand your messages. For this reason you are strongly advised to set a master password (under “Settings – Devices”). Only when you can prove, by entering your master password, that you are already a schmoose user, will you be able add more devices (or replace your old device) and as such continue with your contacts and chats. You should unregister/delete a defunct, old device under “Settings – Devices”, so as not to use up your license. For security reasons, a device that has not been unregistered stays reserved. Without a master password you will always have to register as a new user and enter your identification information (telephone number or email address) and reconfirm its authenticity (by text message or email). You will have to re-add your earlier contacts.
You are one of the first 10.000 users, who got the BASIC version for free. This version (June 2014) cannot send videos but allowss up to 3 devices. Licenses are roughly described under https://schmoose.ms/ section „Functions“. All licenses are limited to one year. After that year, you will be downgraded to the FREE version and advertising banners may appear. You may then pay for the BASIC version or upgrade to PROFESSIONAL. In-App-purchase is currently not yet available, but you may use it before end of the year.
schmoose can only find such contacts from your private directory - who already use schmoose and - who have made their mailing address or phone number public accessible in schmoose and - exactly this mailing address or phone number was stored in your phone directory. To connect users, schmoose uses phone numbers and mailing address of already known users which are made public to others.
We originally wanted to go with "schmooze" as in, "have a friendly, private conversation". But legal said no, so instead we went with "schmoose" – pronounced /ʃmuːz/, which for us was pretty much the same thing. That was when localization threw up their hands, so we boldly embraced our inner moose – that noble, fiercely private beast.
Currently, our servers are located in data centers across Germany / Europe.
Well, we decided to start closed source, considering that schmoose is a product that could eventually help pay our bills. But we don't preclude the future possibility of sharing portions of our codebase with the Open Source community. We intend to have trusted experts with the right background and knowledge in software security analyze our product’s source code for any potential flaws.
Because we are building the messenger we always wanted!
Your messages are still kept private, even if someone listens to the message traffic and tries to understand (i.e. decrypt) what’s going over the wire. Schmoose relies on transport layer encryption as well as message level encryption in order to provide a high degree of privacy to its users.
Your messages are encrypted on your device using the public key of the receiver(s). Only encrypted messages leave the sender’s mobile device.
Only the intended receiver is able to decrypt your message back into readable format by using their private key. Because all private keys are created on the users’ devices and never leave these devices, schmoose is unable to decrypt your messages into a readable format.
To use more than one device, you need a master password. This ensures that you are the correct recipient of the same messages on your various devices. You’ll also need this master password later on to transfer your schmoose access to a new device – so you can remain the same user and preserve your previous contacts and chats.
If you use an Android device, you must always enter a password when starting the schmoose app. This prevents any unauthorized person who may have simply copied your whole device from being able to read your messages.
Please make sure to remember your password well! We cannot help you if you lose it!
OTR requires the recipients of a message to be online for a session to be negotiated. This falls short of the requirements of real-world mobile-to-mobile messaging, where connectivity gaps and offline periods are still all too common.