Your Messaging App Probably Isn’t As Secure As You Think

Author

Helen A.S. Popkin

November 7, 2014

More than a few messaging apps aren’t doing everything they can to keep your nude photos from leaking on to the Internet or The Man from eavesdropping on your personal conversations, the Electronic Frontier Foundation reports.

In fact, after  evaluating three dozen communication tools for its new Secure Messaging Scorecard, the EFF found that there there are only a handful of truly secure messaging apps. And odds are good that most people aren’t using them. 

You might not be familiar with the top scorers, which include ChatSecure, CryptoCat, Signal/Redphone, Silent Phone, Silent Text, and TextSecure. These are the six apps that met the EFF’s seven-point criteria for secure messaging:

  1. Messages are encrypted in transit
  2. Messages are encrypted so the service provider can’t read them
  3. Contacts’ identities can be verified
  4. Past communications are secure if keys are stolen
  5. Code is open to independent review
  6. Security design is properly documented
  7. The code has been audited

Apple’s iMessage and FaceTime products stood out as the best of the mass-market options, although neither currently provides complete protection against sophisticated, targeted forms of surveillance. Many options—including Google, Facebook, and Apple’s email products, Yahoo’s web and mobile chat, Secret, and WhatsApp—lack the end-to-end encryption that is necessary to protect against disclosure by the service provider. Several major messaging platforms, like QQ, Mxit and the desktop version of Yahoo Messenger, have no encryption at all.

Apple’s iMessage and FaceTime did best among mainstream apps, “although neither currently provides complete protection against sophisticated, targeted forms of surveillance,” the EFF said in a statement

If you’re looking to keep your service provider out of your communications, forget about Secret, SnapChat and WhatsApp, as well as Apple, Google and Facebook’s email services and Yahoo’s mobile and Web chat. None offer end-to-end encryption necessary to keep your conversations from being accessed by the company sending them. 

Of course, it could be worse. According to the EFF,  QQ, Mxit and the desktop version of Yahoo Messenger, “have no encryption at all.”

Lead illustration courtesy of Shutterstock

Great ! Thanks for your subscription !

You will soon receive the first Content Loop Newsletter