Want to know which is the best encrypted messaging app? Unfortunately, it’s not that simple, because apps that are ideal in some circumstances often have to make trade-offs that make them less practical in others.
This means the best app will depend on the situation, so you’re still going to need several different options that provide you with the right mixture of practicality and the appropriate security levels for any given conversation.
To get started, let’s go through the reasons why you should use an encrypted messaging app, as well as the features of a hypothetical perfect app. Then we can investigate the major apps on offer, as well as when to use each one.
To finish, we’ll go into the limitations of these apps, and situations where even the best protection can’t save your data.
Why use encrypted messaging apps?
In recent years, messaging apps have become one-stop-shops where we can conduct the bulk of our communication. Most of us have our phones on us the majority of the time, so these apps allow us to communicate whenever we want. This made messaging apps far more practical than other communication channels like landline calls and desktop-based messaging.
For the most part, these apps are free, which is another advantage over things like phone calls and SMS messaging. The majority of apps offer a range of different ways you can contact others as well. You can send people text messages, voice messages, make voice or video calls, send pictures and even share files.
On top of this, a number of messaging apps offer encryption from end-to-end, which essentially means that the data can’t be accessed on its journey between your phone and your recipient’s. This helps to prevent hackers from listening in on your conversations and stealing data, plus it keeps the government from snooping as well.
These aspects make encrypted messaging apps more secure than phone calls, text messages, standard email and even the humble post office. When you add all of these features together, there are a lot of reasons to take advantage of encrypted messaging apps. But not all of them are created equal, nor do their developers always take your security seriously.
The perfect encrypted messaging app
If we could make a dream app, it would combine a variety of different features, but unfortunately, reality gets in the way and forces us to make compromises. Nevertheless, the perfect app would be:
Able to communicate with everyone
Ideally, we would want just one app that we could use to contact everyone. As it stands, we go through the annoyance of switching between different apps, texts, email and calls when we communicate with our friends, family and colleagues.
It would be more efficient if we could just do it all in one place. Theoretically, this could be accomplished in two ways. The first is if everyone has and uses a universal messaging app. The alternative would be for a single app to be able to send messages to all of the other apps.
At the moment, all of our popular encrypted messaging apps can only be used to talk to others that use the same platform. You can’t send a WhatsApp message to someone’s iMessage account, you can only send it to other WhatsApp users (although soon, Facebook will be integrating its apps so that people can send messages between WhatsApp, Facebook Messenger and Instagram).
Getting everyone to use the same app may not be practical due to our different needs. The other option is for a range of different apps to use the same protocol, allowing interoperability. As an example, if you’re a Gmail user, you aren’t limited to only sending emails to other Gmail accounts. You can send an email to anyone. As can Outlook users and everyone else.
Similar systems are possible for messaging apps, all it takes is for multiple platforms to use the same underlying protocol. This already exists, with apps like ChatSecure and Conversations each using the XMPP protocol, allowing users to send and receive messages from different applications that use the same protocol.
This approach isn’t perfect, and many developers have rejected it for both commercial and technical reasons. It’s in the interests of Facebook and other companies to keep you locked into their messaging services. In a more practical sense, using an open protocol limits what developers can achieve and makes it harder for them to add new features for security or functional purposes.
Full-featured & easy to use
If we want everyone to use the same app, then it would need to include every feature that users could possibly want. If it doesn’t have things like video chat, emojis or GIFs, then some users will head to other services that offer those options instead.
On top of its features, an ideal app would be simple and convenient. It would automatically sync our contacts, make it easy to find new people, and offer quick and easy communication. Unfortunately, several different convenience mechanisms come in conflict with some of the privacy and security measures that we will discuss below.
Dedicated to security
Security is critical in any situation where we are sending sensitive or valuable information. By default, the internet is a very insecure place and attackers can be lurking at every corner. This is why it’s important for our messaging apps to take their security seriously.
One of the most important features for a secure app is end-to-end encryption. When this is implemented along with best security practices, it makes it essentially impossible for anyone to access data that travels between the app on your phone and your recipient’s app. This means that neither the criminals nor the government can access any data or messages in transit over the service.
For some users, the perfect app would allow them to remain anonymous. This means that the platform would let them sign up without handing over any data. As it stands, all of the more mainstream applications require some kind of identifier, whether it’s an email or a phone number. In certain cases, there are ways to sidestep this, but it’s still a hindrance.
Anonymous users would end up facing practicality issues because the apps wouldn’t be able to offer them handy features like contact syncing without compromising their identity.
For both privacy and security reasons, it’s ideal for the app to avoid storing user information. Platforms need to collect and process some metadata to establish and enable your communications. It’s also possible for them to delete the data afterward. Some services process and store significantly more metadata than their rivals, which is a huge red flag for privacy and security.
It’s also important for any secure messaging app to be open source. This means that the code is available to the public and can be inspected by anyone. The more people looking at the code, the greater the chance of someone spotting vulnerabilities or malicious actions.
External security audits should be conducted as well, but not as a substitute for open-source software. Audits are done by a small group of people, which increases the likelihood of the review becoming compromised. The results may not be made public either. External audits lack the same kind of scrutiny that comes from the collective eyes of a community pouring over the source code.
A wide variety of other security features that should be implemented as well, such as perfect forward secrecy. This is a cryptography term that means even if the encryption keys are compromised in the future, they can’t be used to access past messages. Others may want features like self-destructing messages, or even a mechanism that disables screen captures.
It may be ideal to have many of these security features enabled by default to protect users, allowing them to disable those that get in the way of their use. Alternatively, an ideal app could have strict, standard and light modes which make it easy for users to adapt the security configuration to their needs.
It’s not just the features that matter – the developer’s attitude is also important. The developer of this hypothetical app should be committed to privacy, security and transparency. They should resist intrusions from the authorities and refuse to collect user data for advertising.
The best encrypted messaging apps
Now that we have discussed the ideal features of a secure messaging app, we can begin to analyze the more common apps for their positive and negative attributes.
We will start by covering several security focused apps and then move on to those with wider networks. There are countless other apps on offer, each with their own interesting security features, or large userbases in certain regions.
The main aim is to investigate the apps with the best security as well as the most common ones, to give you insight on which are fine to use, as well as those that you need to steer clear of.
Let’s start with Signal, which is often seen as the gold standard when it comes to encrypted messaging apps. It’s got a lot going for it, security-wise, although it’s not perfect, and some alternatives may have individual features that certain users prefer.
The application offers a range of features that make it comparable to a service like WhatsApp. It’s got everything important, from text to video calls, to group chats and emojis. It’s also incredibly easy to use compared to other secure forms of communication like PGP.
Signal stands out for its encryption setup, which has been orchestrated in such a way that the company generally can’t access your data or the keys that secure it. It doesn’t hold on to your metadata either, so when the authorities subpoena Signal’s records, there’s not much that it can hand over.
This has been tested in court before, and the only data that the company was able to hand over was the timestamp for when the account was created, as well as when it was last connected. Retaining such a limited amount of data indicates that Signal places a significant level of concern on the security and privacy of its users.
You may not want to be bored with the details, but its security is achieved through a variety of algorithms and security mechanisms. These include XedDSA and VXEdDSA digital signatures, the extended triple Diffie-Hellman key agreement protocol, as well as the Double Ratchet and the Sesame algorithms.
Anyone with the technical know-how can check up on Signal’s code because it’s open source. It’s also been audited by researchers, which found “no major flaws in its design”. This is a far more glowing review than it sounds like in the nitpicking world of security.
Overall, the protocol has fared incredibly well against all of its scrutiny, which is why many view it as the best and most practical secure messaging solution.
One of the main gripes that the security-conscious have with the app is that it requires a phone number for registration. This is used to verify a user’s account, removing the need for usernames and passwords. It also makes it easier to discover contacts that use Signal.
Some people are reluctant to hand over their phone number, but it’s only needed to set up the account. Users can also use a VoIP number, landline, or a non-personal number, so there are workarounds to the issue.
Another plus for Signal is its structure, funding and overall vision. It was co-founded by Moxie-Marlinspike, an enigmatic man renowned for being an anarchist sailor, as well as a crypto-savant. After years of squatting and hitchhiking, he co-founded a company called Whisper Systems.
When it was acquired by Twitter, he became the social media platform’s head of cybersecurity. He ended up leaving the company to start Open Whisper Systems, the company that now develops Signal. In doing so, he walked away from $1 million in stock options.
The app is free with no ads, and it doesn’t collect or sell its user data. It currently subsists on grants and donations, which have come from the Freedom of the Press Foundation, Brian Acton, and others.
While these details don’t automatically make Signal a trustworthy organization, it does make it come across as more reliable than alternatives like Facebook that rely on data mining to make their billions.
The biggest drawback of Signal is that it’s nowhere near as popular as mainstream apps like WhatsApp or Facebook Messenger. It’s popular for journalists, activists, politicians and others who deal with sensitive information, but it hasn’t seen the same kind of broad adoption as its bigger rivals.
This means that you may not be able to use it to message many of your friends, family or colleagues. You can try to encourage them to adopt it, but it’s not always an easy sell. While it’s one of the best options for whenever you are dealing with sensitive or valuable information, you may have to revert to less secure alternatives like WhatsApp or Facebook Messenger to talk to certain people.
Wire is less popular than Signal, but it has some differences that make it a suitable alternative in certain circumstances. It offers the core group of expected features, such as messaging, voice and video calls, as well as group chats. It also includes a range of collaboration tools targeted toward the business market. The Wire app is also relatively convenient and easy to use.
One of its advantages is that it allows users to register without handing over a phone number. They can simply sign up with usernames and passwords instead. Its messages are encrypted with Proteus, which is based on the Signal Protocol. Wire uses SRTP and DTLS for voice calls.
Wire is also open source and has been audited externally. Earlier versions had some security issues, although the problems have since been addressed. As it stands, the app is thought to offer a high level of security.
One of the biggest downsides of Wire is that it stores far more metadata than Signal. This information is kept as plaintext and it includes who was contacted and when which is undesirable for users who want to keep this information hidden. According to statements from Wire, this information is kept to help with syncing contacts across multiple devices.
There is no public information (at the time of writing) that indicates whether the platform has been forced by any authorities to hand over user data, so we don’t currently know how the app would fair in this manner in comparison to Signal.
Judging by the fact that Wire collects more data, it’s best to assume that it would be forced to hand over more to the authorities, but we don’t know whether or not the company is willing to drag its heels when confronted by law enforcement demands.
The project is based in Switzerland and made up of many former Skype employees. It initially received funding from Iconical and has committed itself against using ads to support the platform. It currently offers both free plans and premium options, which presumably provide funding for its development and running costs.
Wire has a smaller network than Signal, which means users have even fewer people to communicate with. Despite this, it’s a practical solution for business users, those who want a cross-device platform and for users that don’t want to hand over their phone numbers.
Wickr is one of the older security-focused apps, offering features such as messaging, video calls, photo sharing and syncing across devices. Like each of the apps discussed in this article, Wickr has its own pros and cons. This means that it will be a suitable choice in some situations, but not in others.
Wickr offers three different services:
- Wickr Me – A free personal messaging app.
- Wickr Pro – A business collaboration platform with both free and paid options.
- Wickr Enterprise – A scalable and compliance-ready tool aimed at filling the needs of enterprises.
Each of these levels includes different features which may slightly alter the security and privacy setup. This article will be mainly looking at Wickr Me, because it’s the most comparable service to the other apps that we will discuss.
The Wickr messaging protocol offers end-to-end encryption with perfect forward secrecy and an excellent disappearing message system. Its security setup has received favorable reviews from security experts, and it has also been praised by the Electronic Frontier Foundation for its overall approach to transparency.
The application strips metadata from communication that travels through its network, which is a win for user privacy. Another important feature is that it doesn’t require a phone number or any identifying information. This means that it can be used for anonymous messaging, unlike Signal.
Wickr also has a strong security history. Some bugs were found several years ago, but they have since been patched. Even within the security niche, such a small number of flaws is commendable.
One of the major issues with Wickr is that it isn’t fully open source. The code for the app’s cryptographic protocol was finally released in 2017, but its client application and server-side code are still unavailable.
According to ZDNet, the Wickr’s former CEO was resistant to fully opening the code due to “the company’s proprietary intellectual property and a for-profit business structure.” Wickr released the code for the security protocol after a change of leadership, but it still refuses to publish the code in its entirety.
A lot of people seem to think that the app is fully open source. This impression may have spread because many media articles don’t make it clear that only the security protocol was made open source, and not the client or server code.
This is a dangerous misconception because it leads people to believe that the full code has been openly reviewed by the community for backdoors and other vulnerabilities. This is not the case, and although the company seems relatively trustworthy overall, we can’t know for sure until the code is made fully open source.
At this stage, Wickr seems to show no intentions of heading in this direction, which could indicate that making the security protocol’s code open source was more of a publicity stunt than a commitment to security.
The chance of Wickr having a backdoor for the authorities may be relatively low, but since many other security-focused apps face the full scrutiny that comes from being open source, these alternatives are even less likely to have one.
While fully open-source apps are generally preferred by the security community, it’s only fair to consider the other side as well. Wickr has undergone external reviews from a number of trusted organizations. These include Aspect Security, Veracode, NCC Group and the AICPA. The company also has a bug bounty program that offers up to $100,000.
Ultimately, you will have to make your own decision about whether you trust the company and its audits, or whether you prefer an option that the open-source community can look over.
On the upside, Wickr is very transparent about what data it collects, as well as under which conditions it may be forced to hand over personal information to the authorities.
Wickr stores the following information on those who use its Me service:
- The date an account was created.
- The type of devices the account was used on.
- The date of last use.
- The total number of sent and received messages.
- The number of external ID’s (email addresses and phone numbers) connected to the account, but not the plaintext external IDs themselves.
- The avatar image (if the user provided one).
- A limited set of records regarding recent changes to account settings. These can include whether a device has been added or suspended, but does not include message content or routing and delivery information.
- The Wickr version number being used.
Those who use the Pro service have the following information stored as well:
- Their network affiliation.
- Their Wickr Pro ID (email address).
- Their phone number, if it was provided by a network administrator as a second authentication factor.
Depending on how Wickr Pro is set up, it may collect even more data. The company includes the following disclaimer:
For Wickr Pro, the configuration of each network may vary depending on the enterprise needs. Thus, the information Wickr may be able to provide in response to a lawful request for user information will vary as well.
Wickr also releases transparency reports twice each year. Its report from July 1 covered the requests it received in the previous six months, which included:
- Five search warrants that covered eight accounts (a single order can concern more than one account).
- 49 court orders concerning 75 accounts.
- 40 law enforcement subpoenas covering 59 accounts.
- Zero national security requests.
- 21 other requests.
- Four requests concerning non-US residents.
As we stated above, when Wickr receives these requests, it can only hand over the information it stores, not the message contents or metadata.
Wickr’s core team is comprised of cybersecurity specialists and privacy experts. Much of its initial technical development was overseen by one of the organization’s co-founders and its former CTO, Doctor Robert Statica. He has an impressive infosec pedigree, which, combined with the company’s current leadership, has kept the project in good hands.
The organization received initial funding from a diverse group or organizations, including the Knight Foundation, Breyer Capital, Juniper Networks, CME Group, Wargaming and others. This is pretty standard for a for-profit firm. Wickr’s business model currently seems to be based on offering premium subscription services.
Overall, Wickr is quite similar to Wire because it offers a range of business services and allows users to sign up anonymously. It gains extra points in that it doesn’t store metadata like Wire does, however its refusal to make its code fully open source will put off many more security-conscious individuals.
While Wickr is generally a good service, Signal offers a larger network and several security benefits. Unless you specifically require the business collaboration tools or anonymity, Signal is probably the better choice in most circumstances.
Riot takes a different approach to the previously discussed apps and is probably best left to power users at the moment. It’s open-source and uses the federated Matrix protocol, which means that Riot users aren’t limited to sending messages to others that have installed the same app.
Because it’s built on top of an open standard, Riot messages can be delivered to any other application that also uses the Matrix protocol. This means that a Riot message can go straight to the inboxes of anyone that uses programs like Fractal or WeeChat Matrix.
The federated nature makes it kind of like email – you can send and receive emails from anyone, even if you use Gmail and they use Outlook. Just like email, the Matrix protocol aims to be widely accepted, allowing people to send each other messages no matter which client they are using.
There are official bridges to protocols like XMPP and IRC, as well as the Slack collaboration tool. The community has also developed its own bridges that relay messages to and from a variety of popular types of communication, including:
- Facebook Messenger
- Google Hangouts
Riot offers a variety of common features, from text to video calls, private chats to group chats, file-sharing, and even bots. However, it’s not as easy to use, and far less mature than a competitor like Signal.
Despite the seeming advantages of being able to communicate between apps, federated systems also have their downsides. They can make development more challenging, which can lead to getting left behind by siloed systems such as Signal and Wire. This means that they may be late to adopt new features and security mechanisms, making the services less appealing.
The end-to-end encryption in Riot’s Matrix protocol is built on top of the Double Ratchet algorithm that Signal also uses. Matrix uses MegOLM for group chats, as well as a number of other cryptographic techniques.
Riot is still a relatively immature app, so its current security is debatable. In April, the servers for the underlying Matrix protocol were penetrated by a hacker, which may have given them access to message data, password hashes and access tokens.
The key for signing the Riot app may also have been compromised, which could have potentially allowed the attacker to release a malicious version of Riot. The developers released a new version of the app with a different ID to prevent this possibility.
At this stage, it seems like no thorough security audit has taken place, so it’s hard to know just how well Riot holds up against scrutiny. Apps in their early stages tend to be fraught with security issues, so users need to be cautious, however this doesn’t necessarily mean that Riot won’t be a secure app in the future.
Riot traces itself back to Amdocs, an Israeli multinational now headquartered in the US. A chat tool was created within the company, which morphed into the Matrix protocol. A subsidiary was created to handle the project, but its funding was cut off in 2017.
This led to the core developers establishing their own company to focus on building both Matrix and Riot. Much of the initial funding came from the community, with a cash injection from Status, partnerships and the potential for consulting. Under this business model, the app is currently being offered for free, without ad support.
There is a small amount of online skepticism about the app’s beginnings under Amdocs, which was previously investigated for possible Israel-linked spying. The investigation didn’t find any evidence, and the project is now run by a separate company. The link is probably one of the least concerning aspects of Riot’s security, but some infosec nerds love a good conspiracy.
At this stage, Riot has a relatively small network. Its website implies that it has seven million users, while Google’s Play Store claims 10,000+. Riot’s figures could certainly be accurate, because most of its community are security conscious, making them more likely to download the app through their browser or F-Droid.
Despite its small user base, Riot is far more usable than these numbers imply because of its interoperability with other applications that use the Matrix protocol, as well as its bridges to other platforms.
Now that we have discussed a few different security-focused apps, it’s time to look into the more mainstream platforms. As a compromise between security and having a large network, WhatsApp is probably the best bet. Feature-wise, it has pretty much everything most people need, it’s built on top of Signal’s protocol, and it has an incredible number of users, with 1.5 billion active monthly users by the end of 2017.
Due to its ubiquity, most readers are probably familiar with it, so we won’t cover its features in detail. The most important part is its security. In 2014, WhatsApp made waves in the tech industry as one of the first major platforms to begin encrypting its messages from end-to-end by default.
It collaborated with Signal’s parent Open Whisper Systems to make it happen, leading the pack in the current wave of encryption adoption. While it’s built using the same protocol, not all aspects are the same. To start with, its code is proprietary and not open for inspection. This means that we can’t be completely sure of what’s going on under the hood.
Although a few vulnerabilities have been found, they have been vastly overstated by the media. In 2017, the Guardian reported a significant flaw that endangered users – however, this was later found to be inaccurate and the paper has since retracted the article.
In May, a vulnerability was found in WhatsApp, but it has since been patched. While the flaw was certainly worrying, it needs to be viewed in its proper context. It involved a very advanced technique developed by the NSO Group, a security company that develops such complex attacks that it can essentially be viewed as a cyber-supervillain conglomerate.
It’s not exactly clear how many people were affected, but if similar attacks are anything to go by, the hack would have taken a large number of resources to mount, and could only have been used in a targeted manner.
Following this logic, it seems that low-risk users weren’t vulnerable, and even if they were, they are now safe as long as they have installed the latest update. Despite these occasional and overblown reports, WhatsApp’s platform is one of the more secure mainstream options available
While the app’s security is decent, the most alarming differences between WhatsApp and Signal come down to the amount of data that WhatsApp collects, as well as who controls it. WhatsApp stores far more metadata than Signal, including who was contacted, what time the communication occurred, and how long any calls lasted for.
It openly shares this information and address book data with the authorities if it is ordered to do so. Although WhatsApp can’t hand over the message content, the metadata is often enough to help law enforcement with its investigations.
WhatsApp also hands over this data to Facebook under the justification that it supposedly helps to fight spam, track metrics and show more relevant ads. The exception is in Europe, where EU regulation prevents the company from doing so.
Facebook has a long history of privacy violations – its business model relies on it. Despite WhatsApp’s decent security implementations, it’s hard to get past its subservience to such a controversial company. It already shares its metadata, but could it’s privacy and security get worse over time?
Everything about WhatsApp’s future is up in the air because Facebook is currently in the middle of a massive overhaul that aims to integrate Facebook, WhatsApp and Instagram to allow cross-platform messaging between the services.
It’s hard to know how this will impact security because, at this stage, not a lot of detail has been released. Facebook has expressed a greater commitment to privacy in the future, but at this stage, we can’t be sure how things will end up.
WhatsApp is far from perfect, particularly when you consider who its overlord is. However, considering that so many people already have it, it’s a good choice if more secure options aren’t possible.
Telegram is often thought to be a secure alternative, but when you dig deeper, not everything is as it seems. It’s feature-rich and growing rapidly, especially in countries where other services have been banned.
The first strike against the application is that its encryption scheme, MTProto, is based on Telegram’s own cryptography. This is a cardinal sin because cryptography is notoriously complex and easy to screw up. The platform has long been criticized by cryptographers for not using a more secure and thoroughly scrutinized encryption scheme.
The second major fault is that only its client-side source code is open source. This means that we don’t really know what’s going on with the server side. Telegram claims that it will eventually release the entirety of the code, but it can’t be thoroughly investigated for security issues until then.
Telegram has also been criticized for its default messaging setup, which is not encrypted from end to end. The company has access to the keys that protect a user’s communications and could theoretically be forced to give them up to the authorities.
Telegram claims that this has never happened, and that because of its configuration, it would take court orders from multiple countries to make it do so, but it’s still a point of concern that Signal and WhatsApp do not share.
Telegram also offers a secret chat function that encrypts messages from end-to-end, but this is problematic as well. To begin with, it’s also based on Telegram’s controversial encryption scheme, which may not be as secure as the company asserts.
The other critical aspect is that it takes extra effort to encrypt conversations in this way, which means that most people don’t bother with it. If you are security conscious, it’s probably best to stick with an app that secures everything by default, so that you don’t have to take any extra steps to keep your communication safe.
At the moment, group chats can’t be encrypted in an end-to-end manner. The company has also come under fire for launching cryptography contests, where up to $300,000 was offered if anyone could attack the platform in a specific way. The scenario was unrealistic and was derided by security bloggers.
As was expected, no one managed to win any of the competitions, however, this wasn’t necessarily due to Telegram’s security. Cracking contests are generally regarded with disdain by the infosec community, since they are often unfair and more about posturing than actual security.
Telegram’s security practices may not be the worst in the world, but it certainly comes across as shady. Security always involves some degree of trust, and some of the above-mentioned practices have eroded this.
iMessage comes with Apple products by default, but its exact number of users is hard to source. As of 2017, it was estimated that there were around 700 million iPhones across the globe, so an estimate of over one billion users wouldn’t be unreasonable.
Despite being limited to Apple users, it’s important to look into the app’s security because of how popular it is. The first major issue is that the code is proprietary and not open source, which means that the security community hasn’t had a chance to look over it.
The company conducts internal audits, but information about external reviews is hard to come by. Because of this, it’s hard to know if they have been conducted, when the most recent one took place, and what the results were.
Another issue is that iMessage uses 1280-bit RSA keys. While these are currently strong enough to protect against most attacks, it’s not out of the realm of possibility that a nation-state attacker could brute force them. For this reason, NIST currently recommends 2048-bit RSA keys as a bare minimum.
A few security holes have been found in iMessage over the years, but nothing outrageous. In 2016, researchers from John Hopkins University discovered a bug that enabled them to collect the encryption key, however it has since been patched by Apple.
When it comes to the company’s overall privacy and security approach, its hard to know where Apple actually stands. The company’s case with the FBI regarding the San Bernardino shooting seems to show that both the company and its end-to-end encryption stand up strongly against the authorities.
On the other hand, leaked NSA documents allege that Apple was one of a handful of companies that gave the three-letter agency access to their systems in order to spy on people in certain situations. The company denied any active involvement in the program.
It’s hard to know Apple’s exact positions on the matter, but it is worth noting the company’s business model doesn’t revolve around gathering data, unlike its rivals, Facebook and Google. Overall, iMessage probably shouldn’t be your first choice for security, but it should be fine as long as your threat-level isn’t too high.
8. Facebook Messenger
Finally, we come to one of the most popular messaging platforms, an app that you should steer clear of if you care about your privacy and security. Facebook Messenger is ubiquitous, free, easy to use and continues to add new features, but the service doesn’t do anywhere near enough to protect the interests of its users.
Facebook generates the vast majority of its income by harvesting personal data and inserting ads, so privacy goes against its current business model. Its security reputation isn’t exactly stellar, either.
To start with, end-to-end encryption is not offered by default. As we discussed under the section on Telegram, this means that the overwhelming majority of people won’t take up the opportunity to use its Secret Conversations feature, which is based on the Signal protocol. The result is that most people’s private messages are being scanned and analyzed by the platform.
On top of this, the company’s code is proprietary and not open to review by researchers and the rest of the open-source community. This means that we don’t know what’s really going on and if there are any backdoors or vulnerabilities.
If we were to cover all of the company’s past security and privacy incidents, we’d be here all day. As a starting point, we have:
The above issues barely scratch the surface of Facebook’s privacy and security issues. Suffice to say, Facebook Messenger is just about the worst app you can use if you are looking for a secure and private platform.
Facebook recently promised a change in direction to become a more privacy-focused company. It’s also undergoing a major overhaul to integrate WhatsApp, Instagram and Messenger, but it’s hard to tell how much these changes will affect the company’s services in the long run.
Other messaging apps
We’ve given you a quick rundown of some of the most popular apps, as well as a few with the best approaches to security. There are countless more that fall into either category, but it’s simply not practical to cover every single one.
If you want to evaluate an app that we haven’t talked about, ask the following questions:
- Is it security and privacy-focused?
- Is it open source?
- Has it been audited?
- Is it well-regarded by the security community?
- Have there been any previous security incidents? Were these minor or major? Have they been remedied?
- Is the company transparent?
- Is it gimmicky (watch out for buzzwords like blockchain or military-grade encryption)?
- Who owns it? What are their motivations?
- What business model sustains it? Advertising? Data mining? Subscriptions? Donations?
If the application does reasonably well in each of these areas, then it’s probably trustworthy. However, it may also be worthwhile to try and find a review conducted by a trusted security researcher.
Which encrypted messaging app should I use?
The best approach is to use the most secure app that’s practical for your communication needs. If the person you want to talk to has an app like Signal, or they’re willing to download it, then why not use it instead of an alternative that will hoover up your information?
As a rough and highly debatable guide (depending on your individual concerns), it’s probably best to go down this list of apps in the following order, and use the first one that suits the situation:
- Signal, Wire, Wickr or a high-security equivalent.
- WhatsApp or iMessage.
- Facebook Messenger.
You should also take the time to analyze your individual threat level, as well as the risks of a given conversation or topic. This will help you decide which app is the most appropriate in a given situation.
If you’re a high-value target like Edward Snowden, it’s best to always stick to the more secure end of the spectrum. On the other hand, if you’re a grandma wishing your grandchildren happy birthday, your security needs probably aren’t as great.
Why should you use the most secure app possible?
Using the most secure app comes with several distinct advantages:
It protects your data from the companies, hackers and law enforcement
An app like Signal has been proven not to store any significant user data. This means that they aren’t collecting all of your information and using it for advertising purposes or to sell on to others. Another major benefit is that if hackers try to access their servers, they’re not going to come away with anything useful.
A further advantage is that there isn’t much data that Signal can give up to law enforcement when pressured. This is crucial for activists or those living in authoritarian regimes who may be unfairly targeted by the authorities.
When you compare a security-focused app to an application that falls on the other end of the spectrum, like Facebook Messenger, the differences are astonishing. Facebook probably knows more about you than your Mom, and uses that information in a number of dubious ways. It’s had numerous data breaches and doesn’t seem to have any concern about handing over data to the authorities.
You don’t have to switch apps, & it protects against accidental disclosures
A common argument is that most communication doesn’t contain any sensitive or valuable data, so why bother protecting it? To start with, conversations have a tendency to go off on tangents and can easily result in us talking about topics that require security and privacy, all before we even realize it.
If this happens on an app like Facebook Messenger, the data falls straight into the company’s hands and could even end up making its way to hackers or the authorities. If you are already using an app that protects your data, these kinds of accidental slip-ups aren’t as much of a concern.
When you use a secure app by default, it also means that you don’t have to keep switching apps whenever sensitive topics come up. This makes things easier and also protects you from discussing these subjects on an insecure app out of laziness.
If you are being targeted by the authorities, it can also provide additional safeguards. Let’s say you conduct most of your conversations on Facebook Messenger, and whenever something important comes up, you say “Let’s switch to Signal” to your recipient.
If the authorities get a hold of your Facebook records, they’ll see your frequent references to Signal, and then the conversation ending. They won’t be able to tell what you were talking about on Signal, but the information they have gives them a pretty good guess that it might be worth looking into.
It also tells them who you were talking about it to and when. Sometimes, this can be all that the authorities need to get a proper footing for their investigation.
Whenever you can, try to convince your friends, family and colleagues to use more secure messaging platforms. If you are talking about something that is sensitive or valuable, you should insist on using a suitably secure application.
Even when conversations aren’t so important, it’s best to gently pressure your recipients into using a more secure application. But make sure that you don’t get too caught up in security and lose sight of other things that matter.
If someone wants to arrange a harmless coffee date via Facebook Messenger, or your cousin wants to show you pictures of their dog through the platform, maybe you should just let them. Some people don’t have time or may not understand the need for security, and in many situations, it’s just not worth sacrificing the personal relationship.
As long as you’re not Julian Assange, the value of the interaction and the friendship is probably far greater than any losses that come from Facebook finding out that you don’t think frappuccinos should exist, or that your cousin’s dog is kind of lopsided.
The limitations of secure messaging apps
If you make the switch to a secure messaging service, it’s easy to fall under the illusion that your communications are bulletproof. They’re not, and there are still a few ways that your data can be compromised.
Even if you are using one of the best apps out there, all that it can provide is encryption from end-to-end. This means that you enter data into the application, it gets encrypted, travels through the organization’s servers, gets delivered to your recipient’s app and decrypted, then the message is available for your recipient to access.
While your data will be safe when it travels between the applications, it’s still vulnerable before it’s been encrypted and once it has been decrypted. This means that if either your or your recipient’s device has been compromised, then an attacker may be able to access the communications. This is why it’s important to maintain good security hygiene, to try to prevent spyware from ending up on your device.
It’s not just malware that you have to watch out for. If you are using an app that backs up your conversations, this probably isn’t being done with a high level of security. While attackers may not be able to access your communication as it travels from app to app, they may be able to get to it once it has been backed up.
Weak passwords could also lead to your data being exposed. If anyone can find out, guess or brute force you or your recipient’s password, then they may be able to access your account and see your messages. Strong passwords and two-factor authentication can keep you safe, although you should watch out for SMS verification because it’s insecure.
Another major problem is that you or your recipient could end up in situations where you are forced to hand over your passwords, or details about what was discussed. Your recipient could have been compromised from the start, and may be informing the authorities or other adversaries.
Alternatively, either of you may end up being threatened by law enforcement with a hefty jail sentence, or give in under the influence of torture. People will hand over a lot of information when they are under duress.
While using security apps goes a long way towards protecting you, your data and your communications, there are some extreme circumstances where it can’t help. Despite this possibility, these scenarios are incredibly rare, and most people should feel confident with the safeguards their apps give them, as long as they are using them appropriately.