{"id":1808,"date":"2016-08-09T17:55:33","date_gmt":"2016-08-09T14:55:33","guid":{"rendered":"https:\/\/www.protectimus.com\/blog\/?p=1808"},"modified":"2019-06-06T13:29:25","modified_gmt":"2019-06-06T10:29:25","slug":"secure-messaging-app","status":"publish","type":"post","link":"https:\/\/www.protectimus.com\/blog\/secure-messaging-app\/","title":{"rendered":"What Makes for a Secure Messaging App?"},"content":{"rendered":"

The pace of modern life leaves no time for long, thought-out messages. Perhaps that\u2019s why today\u2019s answer to the wordy correspondences of yesteryear is text messaging. Practically everyone has at least one messaging app on their smartphone, and many of us use several. But what factors do people consider when choosing messaging apps? Is security one of those factors?<\/p>\n

Recently a team of experts led by a group of Google employees surveyed more than 1500 users to discover what causes them to choose different apps. Unfortunately, the security of messaging apps was the least important feature for most users. The greatest factor turned out to be how many of the user\u2019s friends themselves used the app. The survey also showed that users value free messengers — especially those preinstalled on their devices. Very few respondents said that they care about secure messaging apps.<\/p>\n

However, the problems of privacy and online security remain urgent. In fact, they\u2019ve grown ever more serious with the mass adoption of smartphones, which are more prone to hacking than stationary computers and laptops. A large number of vulnerabilities in Android<\/a> devices is especially well-known, but hackers actively target iPhones as well.<\/p>\n

Taking into consideration that messaging apps are widely used for the transmission of confidential data in both personal and professional spheres, attackers who have gained access to such apps can quickly find interesting information. We often think that hackers only want logins, passwords, and bank account numbers. But any information can be of use for fraudsters, for example, for phishing, or for social engineering. Government agencies also attempt to monitor private communications. The recent scandal over the FBI\u2019s attempt to break into an iPhone<\/a> is an example of this.<\/p>\n

But how can we tell that one program or another can actually provide privacy online? Experts look for a few particular functions, the presence or absence of which is important to consider when choosing \u201cyour\u201d secure messaging app.<\/p>\n

End-to-end encryption<\/h2>\n

Clearly, any secure messaging app must rely on the encrypted exchange. But there are different types of encryption. Typically, messengers send texts in an encrypted format, so they cannot be compromised while in transit. End-to-end encryption includes not only messages, but all information exchanged by users – files, photos, video, and music.<\/p>\n

Secure messaging app is open source app<\/h2>\n

The majority of popular messaging programs rely on closed proprietary architecture. So even tech savvy users have a tough time verifying whether the encryption and security are really as good as the developers claim.<\/p>\n

Access to messages for the service provider<\/h2>\n

Last February\u2019s scandal between Apple and the FBI, when federal agents demanded that the company unlock the smartphone of a suspected terrorist, is a vivid, memorable example. But one doesn\u2019t need to be a criminal to interest the FBI. Information about completely law-abiding citizens might also be of interest to government agencies for a variety of reasons. To obtain such information, the government most often subpoena service providers – not all of which can offer opposition as strong as giants like Apple. It\u2019s much simpler if the developers of a messaging app don\u2019t have access to their users\u2019 data in the first place. There are two ways to accomplish this: either the app must use an encryption algorithm that cannot be decrypted from the server, or simply the user’s data shouldn\u2019t be stored on a central server at all. The first tactic is used by WhatsApp, and the second by apps like Wickr and Threema.<\/p>\n

Registration Data<\/h2>\n

To create an account, messaging apps usually request certain confidential user information – often their telephone number, and sometimes an e-mail address as well (for Skype, Google Hangouts, and Facebook Messenger). In the case of a breach, any of these data is enough to threaten the confidentiality of users. Some messengers also automatically scan the smartphone\u2019s address book and copy all the user\u2019s contacts into their own register – so the risk extends even to the user\u2019s acquaintances who aren\u2019t using the app. Of course, this function exists for convenience. But this is one of those circumstances where convenience comes at the cost of security.<\/p>\n

Automatic deletion of messages<\/h2>\n

Some secure messengers for Android and iOS are designed to automatically delete texts once a certain amount of time has elapsed from reading. Automatic deletion can be implemented by default or as a custom option – like in the secure app Telegram. Of course, it can be inconvenient to lose the option to re-read old messages, but from a security perspective, this arrangement is ideal. No history means there\u2019s nothing for hackers to steal.<\/p>\n

This is far from a complete survey of the elements of an ideal secure messenger, but even these are enough to make communication online comparable in privacy to an in-person conversation.<\/p>\n<\/span>","protected":false},"excerpt":{"rendered":"

The pace of modern life leaves no time for long, thought-out messages. Perhaps that\u2019s why today\u2019s answer to the wordy correspondences of yesteryear is text messaging. Practically everyone has at least one messaging app on their smartphone, and many of us use several. But what factors do people consider when choosing messaging apps? Is security […]<\/p>\n","protected":false},"author":2,"featured_media":4329,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[7],"tags":[202,118,230,291],"class_list":["post-1808","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-news","tag-cybersecurity","tag-data-protection","tag-information-security","tag-messaging-apps"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/1808","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/comments?post=1808"}],"version-history":[{"count":3,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/1808\/revisions"}],"predecessor-version":[{"id":4330,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/1808\/revisions\/4330"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/media\/4329"}],"wp:attachment":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/media?parent=1808"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/categories?post=1808"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/tags?post=1808"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}