Last time we analyzed the question of what makes for secure messaging apps. Now we’ll take a look at the level of security provided by several of today’s popular message exchange programs.
These apps are built into their respective social networks. For this reason alone, they’re certainly not in the running to win “most secure messaging apps of 2016”. The lion’s share of these companies’ profits comes from targeted advertisements. As such, these companies are always trying to gather more data about their customers. It would be naive to think that they don’t use the same methods with their own messaging apps. In short: it’s inadvisable to discuss business or confidential information through Google Hangouts or Facebook Messenger.
Viber is rich in functionality – besides the usual options, it even allows users to send money through Western Union. In the past, Viber has had weak security, but recently its developers have been working hard to turn it into a real, secure messaging app by, for example, adding hidden chats and end-to-end encryption. However, this is not yet available in all countries. Another issue is that messages are stored on company servers (which means they can be read by people other than their sender and intended recipient). The app also lacks password protection.
The reputation of this truly mighty yet warmly loved communications juggernaut is somewhat compromised by its belonging to Microsoft, which, naturally, collects users’ data. The elderly among us internet users might remember a time when Skype was an independent program and was, if not the most secure messenger, then certainly among the best.
Pavel Durov’s project was fated for success: it came out at the same time as Edward Snowden’s revelations showed people that privacy online isn’t a luxury, but a necessity. Telegram has always supported end-to-end encryption, but for some reason this function isn’t enabled by default. It also supports automatic deletion of messages. Data that has not been destroyed is stored on company servers in an encrypted format. Every cluster is encoded with a separate key. Many experts, however, have questions about the encryption protocol this company uses. It was developed in-house and is not used by anyone else. Who knows whether it’s adequate?
Secure messengers for iOS are old news. Apple has always placed a large, and from a user’s point of view, perhaps excessive, emphasis on security. This secure messenger was first designed for iPhones and iPads. It now has an Android version too. The best testimony for Signal comes from Edward Snowden – he stated on his Twitter account that he prefers it. Everything is as it should be: end-to-end encryption, impossibility of server side access, and open-source. The only thing lacking is that messages can’t self-delete after being read by their addressee.
This is the world’s most popular messenger, for many reasons. One of them is its security. Although WhatsApp belongs to Facebook, it’s developed by a separate, independent entity. It’s based on an open-source code base, supports end-to-end encryption as of this year, and does not allow the service provider to read messages. It uses the same encryption protocol as Signal – Open Whisper Systems. This can be safely called a secure messenger.
This app is little known but very interesting. If we were to judge by technical parameters, it is the single most secure messenger. It’s a Swiss program that deletes messages immediately after they’re read – they cannot be copied or screenshot. Moreover, to use Threema you don’t need to add a telephone number or e-mail address – this messenger can be used anonymously. During registration, a random Threema ID is generated. It can be obtained by simply dragging your finger on the screen of your smartphone! The developers recommend adding new contacts in person by scanning a QR code from your friend’s phone. Such contacts get the highest level of verification and security. There is only one flaw with this service – it’s paid, and costs $2.50. But for such a level of security, perhaps it’s okay to pay. The messenger also has many other advantages, such as its convenient and elegant interface and a large set of additional functions.
Here we present our rating of secure messengers in a table:
|End-to-end encryption||Open Source||Protected from service provider access||Required personal data||Deletion of messages after reading|
|Facebook Messenger||no||no||no||Facebook account (e-mail, telephone number)||no|
|Google Hangouts||no||no||no||Google account (e-mail, telephone number)||no|
|Viber||yes (being implemented)||no||no||telephone number||no|
|Skype||no||no||no||e-mail, telephone number||no|
|Telegram||only in secret chats||yes||yes||telephone number||only in secret chats|
|yes||yes||yes||telephone number – copies contacts from address book||no|
|Signal||yes||yes||yes||telephone number – copies contacts from address book||no|
As we see, the most popular messaging apps are not the most secure. And the safest are not particularly popular. Perhaps it’s time to changes our habits? To start using the most secure messenger for iOS or Android, and convince your friends to do the same?