What do encrypted messaging apps do, how secure are they, and which one is best for you?
It’s not just international spies who need to be able to share information privately. From time to time, every one of us wants to know that our private conversations aren’t being overheard by hackers, government surveillance authorities, or just curious acquaintances. Encrypted messaging apps provide a solution, but not all of them are equal. To find out which encrypted messaging apps you can rely on, read on.
What Operating System Does it Support?
Of course, there’s no point using an encrypted messaging app that isn’t compatible with your operating system. That said, the vast majority of apps are released for both Android and iOS. iMessage is worth noting because it’s only available for iPhone users. And, while ChatSecure does have an app for Android, it’s no longer actively maintained. Only its iOS app is still being developed. Telegram can be used on a Windows phone handset as well as on an Android and iOS phone. Finally, Signal can be used on any tablet, computer, or phone that supports the Chrome browser thanks to its new Chrome browser extension as well as on an iPhone.
How Secure is the End-to-End Encryption?
End-to-end encryption should be a basic requirement for every encrypted messaging app. It basically means that only you and the person you’re messaging can read your messages; to anyone else it will just appear as garbled nonsense. Still, there are levels of reliability when it comes to encryption. Facebook Messenger only encrypts conversations if you opt in to ‘secret conversations’ via the mobile app. Because Facebook holds the encryption key, it’s able to decrypt and read your messages if it chooses, like if someone reports the conversation. iMessage only guarantees its encryption for cases in which both participants are using iPhones. In contrast, SilentPhone leaves the users to hold the encryption key so that the company couldn’t unlock messages even if it was ordered to do so.
The most secure messaging apps use high level encryption along with smart ways for each participant in the conversation to identify each other without the app holding identifying data. Signal allows each person to use a safety number so that they can identify each other. ChatSecure offers a digital fingerprint which verifies the other user and is experimenting with the use of Tor via Orbot to add an extra layer of security by masking your location. Wicker.me makes use of a video key verification system. Users can send short clips of securely encrypted video to verify each other instead of using a phone number or email address. One last option worth mentioning is Threema, which employs a unique ID key for member verification instead of phone numbers or email addresses. You can also use a scannable QR code for user verification.
Does it Keep a Copy of Your Messages?
Along with the level of encryption, another important question to ask is what data the messaging app itself stores. The most secure messaging apps don’t keep a copy of your messages or any identifying information about you, which includes your name and your phone number. Signal is one of the leaders, thanks to its commitment not to store any messages or metadata at all. Wicker.me goes one step further – you can use it without inputting a phone number. Instead of sharing your phone number you can create a unique pseudonym to hide your identity entirely. Threema promises that it won’t store any messages or metadata. It also permits users to chat entirely anonymously without revealing their identity even to the app. ChatSecure assures users that it doesn’t store any messages or metadata, but in addition to this it uses Off the Record (OTR) protection. OTR makes it impossible to prove that you sent any message so that you can safely deny any claims.
On the other hand, there are apps which encrypt your messages but still don’t go all the way to keeping your details entirely private. Facebook is already notorious for mining as much user data as it possibly can. Even in the encrypted Facebook Messenger it still stores metadata. Facebook also warns that it will decrypt and read messages if they are reported by another user. Since Whatsapp was acquired by Facebook it’s not entirely trustworthy either. It promises never to store messages but it does keep metadata.
One more word of warning – if you backup your messages from any app into the cloud, they’ll no longer be protected by the app’s safeguards.
Can You Set Messages to Self-Destruct
Although it sounds a little dramatic, many messaging apps have the added security of letting you set messages to disappear after a certain period of time, much like Snapchat. Signal users have the option of choosing between regular and self-destructing messages so as to remove your message from circulation entirely after a certain point. Wicker.me also allows users to manage the settings that determine how long it will be before their message self-destructs and Silent Phone provides a similar service. Somewhat surprisingly, Facebook Messenger also lets users decide whether a message should self-destruct and if so, how long the interval should be.
Can You Erase a Message?
Wiping a message from the app entirely is only offered by a few messaging apps. Wicker.me has a useful feature that lets you securely erase a message and remove it entirely from the app archive. Silent Phone has a fast option to quickly close down the app and wipe all content and all your contacts from it. This way you can remove all traces that you ever used an encrypted app along with all the content that was shared through it, so that no one becomes suspicious of your reasons for using a secure messaging medium.
Can You Send More Than Text Messages?
While there are many secure encrypted messaging apps, most of them stick to encrypting only text messages. Signal, one of the most secure apps available, is only secure for messages and group chats. ChatSecure also only covers text messages, not voice or video calls. However, it does extend its protection to cover files, photos, videos, and audio clips sent through the app. Telegram allows users to share videos and documents securely as well as participating in group chats. Viber shows users a color-coded padlock icon to indicate whether this text message exchange, voice call, or video call is encrypted (gray for encrypted, green for encrypted with a trusted contact, and red for non-encrypted) so that you’ll also know your security level. Viber also offers ‘hidden chats’ so that users can hide chatrooms when using a shared device.
How Much Does it Cost?
There’s not too much to choose between secure messaging apps because most of them are available for free download. One exception is Silent Phone, which offers the basic app for free but requires you to pay to access the best features.
Is the Source Code Publicly Available?
One final way to check the reliability of a secure messaging app is whether or not the source code has been made publicly available for checks and audits. Signal and Silent Phone both opened up their source code to public scrutiny so that users can feel confident that there are no hidden bugs, backdoors, or traps. While Wicker.me has not made its code available publicly, it has shared it with many prominent security organizations to be audited. ChatSecure remains the only completely open source secure messaging app, which means that it’s constantly probed and improved by thousands of developers.
Share Secrets Securely
Whether you’re the next top secret whistleblower or just want to keep your curious boss or relatives out of your private chats, you can rely on encrypted messaging apps to keep you protected.