One of the most discussed and relevant topics today is the security of users’ personal data and privacy on the Internet. Advertising departments, governments, and other interested parties seek to obtain as much information about internet users as possible. However, few people want the notorious “Big Brother” to follow their lives and have access to personal data. After juicy scandals with Facebook data leakage and some other similar cases, it became clear that the safety of personal data on the Internet is, above all, the concern of the users themselves.
Therefore, it is not surprising that when users choose a service for communication and data exchange, they prefer those applications that provide strong data security. To make clear which apps are secure enough for users, we should start by defining what the concept of “encrypted messages” includes?
The most secure messaging services today use the end-to-end encryption method. According to this method, data is sent in encrypted form and no one except you and the recipient of your message can intercept this message and read it. The message is encrypted when sent and decrypted only on the recipient’s device using the decoder key. So, neither the government, nor hackers, nor even the developers of the app can read the message since none of them have the key to decrypt the message. Even if someone intercepts your message, all that he sees is the unbreakable cipher.
Unfortunately, not every messaging app on today’s market provides a needed level of data security. In this article, we’ll take a look at the basic parameters of the secure messenger, and make a list of the best secure messaging apps for Android and iOS.
There are several primary parameters helping you define that messaging application is capable of providing secure data exchange between users.
Using End-to-end Encryption Method
Today the fact that messenger uses end-to-end encryption for its purposes is the best indicator that this service is secured enough for your personal data. According to the end-to-end encryption method, only the sender and the recipient of the message have their unique copies of the encryption keys that can be used to open and decrypt this message. No one else — including third-party users, the government, or even the development company of the app — has such an encryption key copy. So they won’t be able to read your private encrypted data.
Since the end-to-end encryption method has been increasingly introduced among major market representatives, developers of many other messengers have begun to implement this method in their apps, too. However, even today not all communication services use this reliable encryption mechanism.
Open Source Code
Despite the fact that the idea to make the source code of an app open is connected with a high risk for developers, today this step is regarded by users as a guarantee of the integrity and reliability of the application. The openness of the code allows every user of the app to check it for identifying bugs, vulnerabilities, and weaknesses. Skipping bugs or vulnerabilities in the app may cause a security violation when storing and transferring data between users online.
Encryption Must Be Set by Default
Although the majority of instant messengers today offer end-to-end encryption to secure users’ data, these settings aren’t always enabled by default. In some messengers, users need to get to the settings menu and enable end-to-end encryption feature manually.
Well, of course, there are a lot of users today who understand the necessity of keeping their data safe and protected. But should they really think about the need to enable encryption settings manually? Probably not. Because it’s the developers’ concern, not users. And it’s more likely that users will decide that if this messenger uses the end-to-end encryption method, then it should be enabled by default. In our upcoming list of encrypted messaging apps, we pointed which messengers turn encryption settings on by default. That helps you when choosing the messaging app according to your needs.
Signal is a rare case when developers have taken care of protecting users’ data even before that issue has become so global. Since then, this app continues to evolve its safety and now it’s getting more and more reliable. From the start, Signal was designed to send and get messages with text, audio, gif-animations, as well as any file types, with encrypting this data and ensuring their reliable protection from third parties.
Signal uses its own infrastructure for data exchange, and the Axolotl protocol, which is an identifier of the strong security of user data. Axoloti protocol is also used by many other popular messengers. The main feature of this protocol is that it encrypts absolutely all user traffic including text and voice messages, different files, and video calls. Let’s list some other important benefits related to Signal reliability:
- Timer for self-destructing messages – users can set the specific time of deleting messages from senders’ and recipients’ devices.
- Open source code – provides users with the ability to audit the code of the app and its security.
- Password protection – setting a password to secure users’ chats and accounts from the wrong hands.
- Minimal storing of users metadata – unlike some other messengers, Signal Messenger stores only those metadata that is necessary for internal operations of the app alone (like phone number, profile information, etc.).
iOS and Android users can get a free version of Signal Private Messenger on their devices.
2. Telegram Messenger
This application is one of the youngest and fastest-growing messaging services on our list. From its appearance in 2013, now Telegram has more than 200 million registered users. But why is this messenger so popular? We can name a few important features of this app concerning its security:
- Open source code
- End-to-end data encryption
- Protection with a password
- Registration account not only by phone number but also by username, which gives more anonymity to the users
- Group chats creating feature supporting up to 100,000 members
- Self-destructed messages
- Two-factor authentication (both SMS code and a password)
- Ability to log out of all the devices that are logged at the same time (PC, tablet, smartphone)
- Automatic account self-destruction after a certain period of inactivity (half a year by default)
Seems like Telegram developers are very confident in the security of their app, so they even arranged a contest for cracking Telegram’s encryption for a $300,000 prize.
Despite all the advantages of this messenger, Telegram’s reputation may frighten some users away: after the scandal with the providing encryption keys to the Russian Federation Government in 2018, this messenger is officially banned in Russia. On the other hand, the desire of Telegram’s management to ensure the safety of their users’ data even despite the pressure of influential structures, gives it some extra points in the eyes of most users.
Telegram Messenger is available for the most popular platforms: for mobile (iOS, Android, Windows Phone), desktop (Windows/Linux, macOS), web-version, and Chrome app.
3. WhatsApp Messenger
WhatsApp was founded by Brian Acton and Jan Koum as a startup in 2009 and now it’s one of the most popular messaging services in the world. Facebook acquired this messenger for $19 million in February 2014. Since then, the application has been evolving and building up its user base.
We highlighted a few key features of WhatsApp, which guarantee the security of users’ data and contribute to the popularity of the app:
- End-to-end data encryption — from April 2016, WhatsApp uses the encryption protocol developed by Open Whisper Systems (the company that also worked on the Signal messenger).
- Two-factor authentication.
- Security code verification — WhatsApp provides users with the Verify Security Code screen. Due to this, users can understand that all messages in a chat are encrypted by its own QR code and a 60-digit number.
- Minimal messages storing — WhatsApp stores users messages on its own servers only for a short period from sending to its delivery. Plus, if the message can’t be delivered for any reason, WhatsApp will delete it from their servers after 30 days.
However, there are several risks that WhatsApp users are exposed to. First, the problem with unencrypted backups. Apple users got the ability to encrypt backups on iCloud in 2016, whereas messages of Android users stored on Google Drive are still not encrypted. This leads to a potentially dangerous situation where hackers (illegally) or governments (legally) can access the unencrypted backup data. Fortunately, users can protect themselves by simply disabling data backup on iCloud and Google Drive.
Second, after huge scandals around Facebook’s data leakage, there are many questions about the safety of WhatsApp users data. And whereas Facebook assures everyone that the company can’t view WhatsApp users’ personal data, the messenger’s management in its turn reports that they can share some user data with Facebook for designated use (for example, to organize targeted ads campaigns).
Despite the above, WhatsApp Messenger is still one of the most secure and popular services for sending messages, making audio and video calls, as well as file sharing. Besides WhatsApp for personal use available for iOS and Android users, in January 2018 the company launched WhatsApp Business version for small businesses.
Wickr is a messaging platform that has a strong security policy with reliable encryption and metadata deletion (such as geotags and message sending time) features. Also, users have the opportunity to configure the auto-delete message timer and other parameters to maximize control over the security of their private data.
Here are several main features of Wickr Me to ensure security:
- End-to-end encryption for all types of messages (text, audio, video, etc.), and files transferring — encryption keys are created using ECDHE.
- Screenshot-taken notification — a new feature of the app. According to it, users get a notification every time when someone makes a screenshot of the screen with the sent message.
- No user data stored on company servers.
- Screen anti-overlay protection — on Android devices, developers have implemented an additional security feature that disables “Screen Overlays” and protects the application from TapJacking.
- Defense against the usage of third-party keyboards — users of iOS devices also have an additional security feature that doesn’t permit third-party keyboards to record passwords, usernames, and other information entered by users.
- Bug Bounty Program — this is a program for those users, who are able to detect bugs and vulnerabilities in the safety of the app. Wickr’s management provides a reward for finding software bugs and system vulnerabilities up to $100,000 depending on their type.
For a long time, Wickr has been criticized for keeping the source code of the app closed. But in 2017, Wickr’s developers eventually posted a part of the source code on GitHub. Also, as a guarantee of users’ private data protection, the development team prepared a security document — Wickr Customer Security Promises, which is now available for all users of the app.
MBicycle experts really take charge of the importance of ensuring users’ data security on the web. At the moment, our iOS development team is working on the project of a messenger with additional functionality based on Signal open-source. This is an app for iOS and Android platforms and that uses end-to-end encryption for ensuring security. But it’s not just a service for safe communication. We’re trying to scale it up with several extra features like secure payments with blockchain, users’ personal news feed, and others to turn a typical messaging app into an advanced online ecosystem, like WeChat in China.
Maxim, iOS-developer at MBicycle
to set off your project.
If you are developing your own messaging application nowadays, then you should keep in mind a necessary minimum of parameters and features to assure security and privacy for users and their personal data:
- Using the end-to-end encryption method when sending and getting messages
- The source code of the app should be opened
- Securing chats and accounts with a password and/or two-factor authentication
- Timer for auto-deleting messages
- Minimizing users’ metadata storing on the servers of the development company
Ignoring these parameters during the development and implementation of a messenger today is fraught with the fact that such an app can be unclaimed among users.
MBicycle experts understand the importance of guaranteeing the security of user data. With the skills and experience in the fields of iOS and Android app development, the MBicycle team is ready to provide free consultation on your future project and offer a ready-made solution that fits all the principal standards of the market.