Last month, Cambodia saw the launch of its first messaging app, CoolApp, similar to popular international apps, WhatsApp, Signal and Telegram.
However, digital app experts and critics raised concerns that CoolApp might be used by the government for surveillance, and infringe on data privacy and security, and suppress political rivals.
CoolApp was developed over three years (2021-2024) by more than 10 technical IT professionals and business experts, CEO Lim Cheavutha said in a 4:39-minute video clip.
Cheavutha did not respond to CamboJA News’ questions on the app.
In the video, he said they purchased international license softwares and “used some of the styles” from existing foreign messaging apps.
“We used the example and saw some styles from foreign social media messaging apps like WhatsApp, Signal or Telegram, and combined it with our idea to create CoolApp,” Cheavutha said in the video.
He was proud that CoolApp was his “second achievement” after establishing Freshnews – an online media early 2016.
He said CoolApp possessed a data center which gained experience from the Fresh News’ data center that could store huge data and allow millions of users to access the site.
He recalled that prior to the establishment of Freshnews in early 2016, a “group of foreigners”, who worked at a foreign media in Phnom Penh, did not believe that a Khmer person could set up an online publication.
“This is a Cambodian achievement, no foreigners came to create Freshnews with Khmer people. Some foreigners seem to look down on Khmer people […] also a small number of [Khmer] people often criticized Khmer achievements,” Cheavutha said.
Over the last 10 years since Freshnews was created, many did not believe it belonged to a Khmer person.
“But Khmer people did it. They [foreigners] claimed that Khmer people can’t do it, but we have created [CoolApp],” he said.
“Cambodia now has a powerful social network [Cool App], especially the safest for all users,” Cheavutha told online media Kampuchea Thmey Daily. Cambodia has its “own social messaging app” to circumvent the closure of foreign social media apps or other “happenings”. If that happened, “then Cambodia will be in turmoil”, he said.
Eva Galperin, director of cybersecurity at Electronic Frontier Foundation, told CamboJA News via email of “some suspicions” she had about the end-to-end encryption (E2EE), which ensured users’ privacy.
“The website promises that all messages are 100% end-to-end encrypted, but I’ve not been able to find any documentation describing the encryption algorithm they [CoolApp] are using, how it’s being implemented or reviews of their methodology by cryptographers,” she said.
“If people want end-to-end encryption that definitely works, they should use Signal or WhatsApp,” Galperin added.
The difference between CoolApp and others
Digital security consultant Nget Moses opined that it was not sufficient for a social messaging app to say that it uses E2EE, instead there has to be public disclosure.
“Firstly, [it should state the] document specifying the type of encryption protocol that the service uses and a technical document explaining how the encryption protocol is used for its services.”
“Secondly, it [should] show open-source code verifying use of E2EE. Thirdly, [it should produce] a document from an independent auditor on open-source code, including a network traffic analysis test to check if E2EE is really secure,” Moses said.
Creating a messaging app was “easy” but ensuring that the app was safe for use was difficult and made it harder for users to trust the app, he shared.
The demonstration of transparency in its open-source code and independent evaluation report on its source code “does not affect insecurity” but would help emphasize the security of its app “more than writing or posting on its website”.
Moses analyzed some of CoolApp’s functions and compared it with Signal and Telegram.
He said CoolApp may have copied the Open Source code from Signal, but has not yet made public the Open Source code of its app archive, so it is still not clear. “There remain doubts whether CoolApp uses open-source or closed-source.”
Signal uses open source code and Telegram uses open source code for some parts. The display of open source code was to demonstrate the transparency of security to users in order to gain their trust in their services.
On the other hand, it allows the app developer community to help each other find bugs and update the app. Moses said if CoolApp used closed-source, it would be difficult to guarantee that the app was as “secure as they claim to be”.
In terms of security audit, CoolApp does not present a security assessment that the app is secure. “Maybe CoolApp just started and it needs some time to get constructive feedback.”
He said Signal was secured by “several independent audit teams”, whereas Telegram has shared information about some of its app audits.
CoolApp has yet to show its encryption protocol, Moses mentioned, noting that Signal’s encryption protocol was widely recognized as secure. However, Telegram used a protocol which was not considered the most secure.
Regarding its privacy policy, CoolApp has some information on its website, but it was limited compared to Signal and Telegram.
Moses said in terms of transparency, CoolApp did not provide sufficient public technical information to the security of the app. “Signal has displayed its open source code to the public, and Telegram showed some parts, but not all.”
All three apps he surveyed in relation to requesting permission had the same “request for access” for camera, contacts, location, microphone, storage and others. They also all collected data, Moses said.
Fear of surveillance and suppression
Since CoolApp’s launch on June 21, 200,000 downloads have been recorded, Freshnews posted. The app is owned by Coolapp Co Ltd, a private company registered with the Commerce Ministry in 2021. It lists Cheavutha as board chairman.
He is also the CEO of Freshnews, which is aligned to the government. The news website previously made an exposé of several audios and videos, resulting in the persecution of opposition party members.
“It [the app] is a good thing for public communication but I don’t want to see the person creating a political tool which is not useful [to national interest],” said Ou Chanrath, formerly a Cambodia National Rescue Party lawmaker. He is now vice president of Cambodia Reform Party.
“Actually, there is a connection because of the political [affiliation],” Chanrath said. Many opposition party members and activists, who were arrested and sentenced used social media to communicate, which was leaked and their messaging apps hacked.
While Chanrath welcomed Cambodia having its own messaging app, he raised concerns that the app would be “used by the government to monitor and suppress opposition political parties”.
“It is true that some people talked privately [on messaging apps], and there was hacking or [secret] audio recording, so it’s an issue we’re worried about,” he said.
He said developed countries which have created messaging applications were “independent”, with no political influence.
Senate president Hun Sen said CoolApp played a role in protecting national security by preventing foreign intervention in Cambodian communication.
“I have to think about safeguarding national security, [to make it] difficult for foreigners to interfere with our information,” Hun Sen wrote on his Facebook June 23.
Just like other countries, which have their own communication systems, such as WeChat in China, Zalo in Vietnam, Kakao Talk in South Korea, Telegram in Russia, Cambodia too has CoolApp, he said.
He called on civil servants and armed forces to use CoolApp to ensure “confidentiality” and to prevent “disconnection by foreign systems”.
“CoolApp uses the most confidential system – encryption system. It cannot view or read our messages, not even CoolApp,” Hun Sen said.
Campaign to install CoolApp
Following Hun Sen’s call to civil servants and armed forces to use CoolApp, the National Assembly issued a proclamation. It informed officials that the app was modern and employed high innovative technology.
It was “useful for communication” in the daily communication of civil servants and communication among the public. “It’s convenient, fast and safe.”
Government officials, including National Police Commissioner chief Sar Thet, Labor and Vocational Training Minister Heng Sour and Tboung Khmum provincial administrative appealed to the public to use CoolApp as it was developed by Cambodians.
Cambodian Institute for Democracy president Pa Chanroeun lauded Cambodia’s ability to create social messaging app as online communication was essential for daily work these days, but companies should emphasize respect for privacy and security for people to use with confidence.
“If the company can have a mechanism in place to ensure respect for privacy as well as security, I believe it can raise Cambodian people’s confidence to use the app,” he said.
He observed that many people have expressed concern about the safety and privacy when using the app.
Chanroeun said CoolApp was created by a local company which has “close ties” to the leadership as well as politicians. “It is the reason why some people are worried about their safety and privacy,” he shared.
Regarding the National Assembly’s call, Chanroeun said, the fact that a state institution announced its support for a private company, it was likely to affect the competition in a free economy.
According to the World Population Review, Telegram had more than 10 million users in Cambodia as of early 2023, online media Kiripost reported.
In 2023, Datareportal showed that there were 11.37 million internet users in Cambodia, and 10.95 million social media users. Facebook users amounted to 10.45 million and Instagram, 1.75 million users.
TikTok had 7.06 million users, Linkedln – 530,000 members, and X, previously called Twitter, had 393,200 users.
Telecommunications and Post Ministry spokesperson Liv Sophanarith and National Assembly spokesperson Leng Peng Long could not be reached for comment.