Security and privacy
Tella was built to protect those who face physical and digital repression, so all of Tella’s features and product decisions are built with privacy and security in mind. Tella is regularly audited by independent security firms, and features and documentation are designed with the support and guidance from security professionals.
We only collect the minimum amount of data that is necessary to fulfill the purpose of Tella. We never collect personally identifiable information. We never disclose, share, or sell any of your data to third parties.
Through using our app, users may send data to servers managed by individuals or organizations they're working with. We encourage users to ask these individuals or organizations about their data privacy policies, as they may differ from ours. We provide the same standard of privacy protection to all our users no matter where you are in the world.
Tella Android, as available on the Google Play Store, includes two trackers, Google CrashLytics and Google Firebase Analytics, which help us detect bugs and crashes. This is critical to keep the app secure and performant for at-risk users.
Tella for iOS does not include any trackers. As a result of Apple’s strict iOS app policies, Tella for iOS is currently not available on alternative app stores or for manual install.
Tella integrates various security measures in place to achieve an acceptable level of security:
- Encryption at rest: All data is encrypted at rest, on the user's device. This means that unless the app is unlocked (by entering the user's lock), the data it contains cannot be accessed at all. Even if someone seizes the phone and extracts all the data using a computer, the data will remain unreadable.
- Encryption in transit: All data being transferred between Tella and servers (see Connections section) is encrypted throughTransport Layer Security (TLS). Tella makes it impossible to send data to a server without TLS encryption.
- Lock: Tella users choose a lock for the app as soon as they install it. Password, Pattern and PIN locks are available and each level of security is communicated to the users.
- Lock timeout: Users can also configure a lock timeout, to choose how quick Tella will lock when not in use. By default, the lock timeout is set to ‘immediately’, so as soon as the user exits Tella, the app locks and all of the data is encrypted.
- Camouflage: On Tella Android, there are currently two camouflage modes for Tella: a fully functional calculator and the possibility to change the app name and icon to make it harder to find on the phone. Due to iOS restrictions, it is not possible to camouflage Tella for iOS.
- Quick Delete button: Users can enable a quick delete sliding button to quickly wipe data from Tella in an emergency situation. Users can choose, in the Tella settings, to delete all the files stored in Tella, draft and submitted forms, server settings and the app itself when that button is triggered. When the Quick Delete button is triggered, a 5-second countdown is displayed to the user. During the countdown, the user can cancel the Quick Delete action by tapping anywhere on the screen. When the countdown reaches 0, the delete action set by the user is applied. If the user had selected the ‘delete Tella’ options, Android will ask them to confirm the app’s deletion.
- Camera silent mode: Users can choose to turn off the camera shutter sound to draw less attention when taking photos.
- Screen security: By default, Tella blocks screenshots and screen recordings inside Tella and hides the screen preview in the list of recent apps. This setting can be disabled, for example to record tutorials inside Tella or mirror the app to a computer for a presentation.
- Restrict unlocking attempts: Users can decide how many failed unlock attempts are allowed before everything inside Tella is deleted and whether a visual indicator with the remaining unlocking attempts will be visible on the unlock screen or not.
There is no such thing as an app that is 100% "secure". Security is dependent on the threats and risks faced by each user, and the capabilities of adversaries. With Tella, we did our best to add as many layers of security as possible to reduce the likelihood that someone can detect the app or access its data. Here, we list all the important security risks and limitations users should be aware of when using Tella:
- On Android, when Tella is camouflaged using one of the two [camouflaging methods available], the app can still be detected in the Android Settings. This means that someone who navigates to the Android settings > Apps will be able to see that there is an app installed on the device that is called “Tella”. They will also be able to see the size of the app. So if the user stores very large files, like videos, the app may raise attention.
- File management:
- Files that are exported out of Tella to the device file system are no longer encrypted. This means that anyone with access to the device who browses the file system or gallery may be able to find those files.
- Files that are shared through third-party apps may be visible to those apps and saved unencrypted on the device’s file system, and someone searching these apps may be able to find the files. For example: a photo stored inside Tella and shared on WhatsApp will be visible inside WhatsApp, and will also be visible in the file system, where WhatsApp photos are stored. This happens because in order to share with third-party apps the file needs to be saved on the phone file system, which is not encrypted. This is why we recommend manually deleting the file from the device’s file system after sharing it.
- Importing a file creates a copy of this file, and then imports and encrypts it into Tella. On version 1.1(iOS) and 2.1(Android) we developed a feature for users to select if they want to keep or delete the original file when importing to Tella. However, we recomend to verify the original file is not present on the Trash bin (My files > Trash) and to delete the file from any automatic backup services you have enabled on your phone (Google Photos, Dropbox, etc).
We regularly ask independent security firms to audit our code to ensure it is robust and secure. You can see the full reports from these audits on this page. This is the summary from the latest audit and the current implementation status:
|Unrestricted Unlock Attempts||Medium||Implemented|
|Android Cipher Stream I/O Key PBKDF2 Iterations||Low||Resolved|
|Tella iOS Cleartext Audio Data may Persist Longer than Required||Low||Resolved|
|Tella Android Outdated Retrofit2 Dependency||Low||Resolved|
|Tella Android Deprecated Dependency: Butterknife||Informational||In Progress|