What Makes for a Secure Messaging App?

Posted By Denis Shokotko on Aug 9, 2016 | 0 comments

The pace of modern life leaves no time for long, thought-out messages. Perhaps that’s why today’s answer to the wordy correspondences of yesteryear is text messaging. Practically everyone has at least one messaging app on their smartphone, and many of us use several. But what factors do people consider when choosing messaging apps? Is security one of those factors?

Recently a team of experts led by a group of Google employees surveyed more than 1500 users to discover what causes them to choose different apps. Unfortunately, the security of messaging apps was the least important feature for most users. The greatest factor turned out to be how many of the user’s friends themselves used the app. The survey also showed that users value free messengers — especially those preinstalled on their devices. Very few respondents said that they care about secure messaging apps.

However, the problems of privacy and online security remain urgent. In fact, they’ve grown ever more serious with the mass adoption of smartphones, which are more prone to hacking than stationary computers and laptops. A large number of vulnerabilities in Android devices is especially well-known, but hackers actively target iPhones as well.

Taking into consideration that messaging apps are widely used for the transmission of confidential data in both personal and professional spheres, attackers who have gained access to such apps can quickly find interesting information. We often think that hackers only want logins, passwords, and bank account numbers. But any information can be of use for fraudsters, for example, for phishing, or for social engineering. Government agencies also attempt to monitor private communications. The recent scandal over the FBI’s attempt to break into an iPhone is an example of this.

But how can we tell that one program or another can actually provide privacy online? Experts look for a few particular functions, the presence or absence of which is important to consider when choosing “your” secure messaging app.

End-to-end encryption

Clearly, any secure messaging app must rely on the encrypted exchange. But there are different types of encryption. Typically, messengers send texts in an encrypted format, so they cannot be compromised while in transit. End-to-end encryption includes not only messages, but all information exchanged by users – files, photos, video, and music.

Secure messaging app is open source app

The majority of popular messaging programs rely on closed proprietary architecture. So even tech savvy users have a tough time verifying whether the encryption and security are really as good as the developers claim.

Access to messages for the service provider

Last February’s scandal between Apple and the FBI, when federal agents demanded that the company unlock the smartphone of a suspected terrorist, is a vivid, memorable example. But one doesn’t need to be a criminal to interest the FBI. Information about completely law-abiding citizens might also be of interest to government agencies for a variety of reasons. To obtain such information, the government most often subpoena service providers – not all of which can offer opposition as strong as giants like Apple. It’s much simpler if the developers of a messaging app don’t have access to their users’ data in the first place. There are two ways to accomplish this: either the app must use an encryption algorithm that cannot be decrypted from the server, or simply the user’s data shouldn’t be stored on a central server at all. The first tactic is used by WhatsApp, and the second by apps like Wickr and Threema.

Registration Data

To create an account, messaging apps usually request certain confidential user information – often their telephone number, and sometimes an e-mail address as well (for Skype, Google Hangouts, and Facebook Messenger). In the case of a breach, any of these data is enough to threaten the confidentiality of users. Some messengers also automatically scan the smartphone’s address book and copy all the user’s contacts into their own register – so the risk extends even to the user’s acquaintances who aren’t using the app. Of course, this function exists for convenience. But this is one of those circumstances where convenience comes at the cost of security.

Automatic deletion of messages

Some secure messengers for Android and iOS are designed to automatically delete texts once a certain amount of time has elapsed from reading. Automatic deletion can be implemented by default or as a custom option – like in the secure app Telegram. Of course, it can be inconvenient to lose the option to re-read old messages, but from a security perspective, this arrangement is ideal. No history means there’s nothing for hackers to steal.

This is far from a complete survey of the elements of an ideal secure messenger, but even these are enough to make communication online comparable in privacy to an in-person conversation.