So the police hacked criminals' phones

It was the French police authority that first managed to penetrate Encrochat's messaging service - which other European authorities then had to take part in and thus gain access to conversations between criminals.

How the data breach was carried out is not entirely certain.

But Pontus Johnson, professor with a focus on cyber security at KTH, believes that it is about the police having access to Encrochat's own servers.

- To hack the server itself, it was probably only required that Encrochat's cloud provider cooperated to provide the police with access to their infrastructure.

Once the police had access to the server, it seems that they have installed software on the server which in turn installed malicious software on all these mobiles.

Then they could take part in the communication before it was encrypted.

"A medium-sophisticated notch"

According to Johnson, the police intrusion is quite advanced, but not excessive.

- It is medium-sophisticated, it is not super clear exactly what they have done.

But I guess they have had physical access to the server, and then it is not very difficult.

Writing the malicious code they have used is nicely done, but not very advanced.

How do you think the police did not detect Encrochat?

- Probably they used a Trojan horse hiding on the server.

Do you think the police can hack other encrypted apps like Telegram or Signal?

- This was based on Encrochat being able to distribute software updates to the phones via its own update infrastructure.

If you have the Signal app on your iPhone, the Signal developers can only distribute updates via Apple's network.

Then Apple checks that no malicious code is distributed.

If, on the other hand, the police hacked Apple, then they would have the opportunity to hack these apps as well, but then far more than just criminals' chats would leak.