What is the best secure messaging app?

The world’s most popular messaging apps

While encryption and privacy play a vital role in selecting which messaging app to use, it’s also necessary to use the messaging apps that our friends use. According to Statista (2022), WeChat, WhatsApp, and Facebook Messenger remain the world’s most popular messaging apps despite Facebook’s questionable privacy practices.

• WhatsApp is used by over 90% of people in countries where it is the leading messaging app. In fact, WhatsApp is the most used messaging app globally.
• In 2022, about 83% of the US uses Facebook Messenger, whereas the majority of Latin Americans opt for WhatsApp.
• Facebook owns two of the market leaders (WhatsApp and Facebook Messenger), which means that most of the world uses Facebook-owned messaging apps.
• WeChat is used by the majority of people in China, since apps like WhatsApp and Facebook Messenger are banned.
• Telegram, known for its tight privacy controls, has struggled to find mass appeal, with most of its users being based in the Middle east.
• Security and privacy within messaging apps is becoming more important. If security is your first point of call over popularity, then read on.

How to choose a secure messaging app

Choose an app that uses end-to-end encryption and open-source code and does not store your data. Many messaging apps on the market are not all as secure as they say. In fact, even the most popular messaging app in the world is not immune to scams (check out scams on WhatsApp). To make your choice easier, we have compiled a list of apps that offer end-to-end encryption, which means that no one can see your conversations unless they have a private key to decrypt your message. Most importantly, that means even the service provider can’t see your messages – not even abusive employers, hackers, or government officials. However, their additional features – and shortcomings – are all different.

We reviewed 10 encrypted messaging apps and present their pros and cons.

Viber

• 

  E2E encryption
• 

  Self-destructing messages
• 

  Collects data about users and their contacts
• 

  Tracks users’ social media activity

Viber, one of the strongest WhatsApp competitors, was initially designed for making calls over the internet but soon grew into a full-fledged chat app. You can use it for sending voice and text messages, photos, and videos to other users and groups of users. All chats, including group chats, are fully encrypted. You can use Viber on mobile devices and most desktop operating systems. Yet one of Viber’s most attractive features is its self-destructing messages. But this is where the good news ends.

The company is infamous for gathering the names and telephone numbers of its individual users as well as the people on users’ contact lists, even if those people do not use Viber. Viber even goes as far as following their users’ activity on social networks. It utilizes all the metadata it can get, so using Viber’s services is risky.

WhatsApp

• 

  Uses Signal’s encryption
• 

  Most of your friends are probably on it
• 

  User friendly and offers extra features
• 

  Owned by Facebook
• 

  Has experienced a major breach

With over 1 billion users, WhatsApp is one of the most widely used messaging apps. It’s easy to use and offers features such as location and file sharing, gifs, and even desktop support. It also uses the powerful encryption protocol developed for Signal by Open Whisper Systems, which is considered the industry standard. The encryption features Perfect Forward Secrecy (PFS). This means that if someone manages to steal the decryption key to your conversation, they will only be able to see the last message you’ve sent. Everything else will remain private.

On the other hand, WhatsApp is owned by Facebook, which raises huge security concerns. Collecting users’ data is at the center of this social media giant’s business model, and it has failed to keep user data safe multiple times. Can we really trust Facebook, secure encryption notwithstanding?

On May 14, 2019, hackers found a severe WhatsApp vulnerability and used it to install surveillance malware on a select number of phones. This spyware was injected through WhatsApp audio calls (the targeted individual didn’t need to answer the call) and gave hackers access to victims’ text messages, emails, WhatsApp messages, contact details, call records, location, microphone, and camera. The vulnerability has now been patched.

Facebook Messenger

• 

  Most of your friends are probably using it
• 

  You can use it even if you deactivate your Facebook account
• 

  Encryption isn’t default
• 

  Doesn’t encrypt past conversations
• 

  Tracks your behavior

Billions of people use Facebook and its messaging services, but few know that the company’s app offers end-to-end encryption. That’s because Facebook did a great job at hiding the feature. (Find out how to start a secret Facebook conversation.)

It’s admirable that Facebook introduced this feature, but it doesn’t change the fact that the social media giant gathers data like who you text or how often you use the app. And let’s not forget that in 2018, Facebook became infamous for its multiple data breaches. It’s become hard to trust with your privacy!

iMessage

• 

  Encryption turned on by default
• 

  Collects user information based on their behavior
• 

  Fails to encrypt other sensitive data like mobile numbers, metadata, or data stored in cloud

There’s no doubt that Apple products have a good reputation when it comes to cybersecurity. iPhone owners’ alternative to text messages – iMessage – has default end-to-end encryption. However, it still has several vulnerabilities and is far from the most secure messaging platform.

Information like mobile numbers and contact lists is stored in plain text rather than hashes, as are timestamps and IP addresses. The app also fails to encrypt your metadata and any data synced to iCloud. If anyone hacks into your cloud, they will have backdoor access to your device.

Telegram

• 

  Offers disappearing messages and other extra features
• 

  Easy-to-use interface
• 

  While the app is open source, its servers are not
• 

  Encryption isn’t default
• 

  Uses a proprietary encryption protocol

Over 100 million people use Telegram. It’s true that the platform is easy to use, offers many extra features, and isn’t obligated to give out any user information to intelligence agencies (as far as we know). However, Telegram isn’t as secure as it wants us to believe.

First, it seems strange that such a security-oriented messaging app doesn’t have encryption turned on by default. Many people who use Telegram aren’t aware of this issue, which defeats the purpose of the app.

The Telegram encryption protocol is also flawed. It was developed by an in-house team with little experience in cryptography. Telegram servers aren’t open source, so the code hasn’t been audited by third parties. The company also doesn’t provide transparency reports.

Read on to see our top three secure messaging apps, or check out this video explaining why we picked them.

Silence

• 

  Secure SMS/MMS solution
• 

  Free for all
• 

  No screenshotting
• 

  No internet connection required
• 

  For Android devices only
• 

  No live support
• 

  Limited user base

Silence is a secure SMS/MMS app that you can use even if you are not connected to the internet. You can send messages to anyone, not just Silence users. However, end-to-end encryption is only available when texting other Silence app users. It is also available on Android devices only.

All messages stored on your phone are encrypted, an incognito keyboard doesn’t remember your typing history, and a security screen option prevents users from taking screenshots. Security-wise, Silence is one of the most secure messaging apps, but if you are looking for more sophisticated features like video calls, you’ll have to look elsewhere.

Threema

• 

  Doesn’t store data or log IP addresses
• 

  Saves a minimum amount of metadata
• 

  Messages and contacts stored on the user’s device instead of servers
• 

  Don’t have to provide email or phone number to sign up
• 

  Limited user base
• 

  No free version

Threema is a paid encrypted messaging app that provides a high level of anonymity. It offers private text and voice messages, voice and video calls, group polling, and file sharing. You don’t even have to provide your email address or phone number to sign up. Instead, you are assigned a randomly generated ID. You can verify your contacts through a QR code.

Your messages are deleted from Threema servers as soon as they’re delivered, leaving no trace. Metadata is not stored, except for the smallest amount needed for the app to function. Overall, Threema provides highly secure services and submit its software for external audits to confirm it, making it one of the most secure messaging apps out there. There is one drawback, possibly temporary, which is the small number of users — only around 11 million in the last quarter of 2022.

Wire

• 

  Open source
• 

  Complies with European Union data laws
• 

  Can be used on majority of internet browsers
• 

  Collects some data about its users

At first glance, Wire ticks all the boxes of a truly secure messaging app – it offers end-to-end encryption, complies with all European Union data and privacy laws, it’s open source, and it isn’t obligated to share its data with surveillance services. Plus, you can use it on most popular browsers like Firefox, Chrome, Safari, and Opera. However, Wire does collect and store some user data.

The creators of the app admitted to keeping records of who users contacted and, unfortunately, it’s all saved in plain text. It also stores users’ email addresses, phone numbers, and usernames. According to Wire, this information makes device synchronization easier and is deleted once the account is deactivated.

Wickr

• 

  You don’t need a phone number or an email address to sign up
• 

  Open source
• 

  Offers a “shredder” feature
• 

  Doesn’t collect user data or store metadata
• 

  Offers a Pro version for businesses
• 

  Might be difficult to switch from other messaging platforms

Wickr is one of the best secure messaging apps on the market. It’s open source and doesn’t collect user data or metadata. It also offers a “shredder” feature, which automatically deletes all conversations and files ever shared on the platform. You can set a timer for when to delete them. Most importantly, you don’t need a phone number or an email address to register, so it’s even easier to keep your life private.

The only downside is that Wickr isn’t as popular as Signal or Telegram. It was initially designed for businesses and enterprises, so it wasn’t widely advertised to everyday users. Wickr still offers a paid Pro version where you can have encrypted group video calls, something no other app currently offers. If you are not an entrepreneur and want to use Wickr, you’ll need to convince your friends to move as well.

Signal

• 

  Handles group chats, SMS, voice, video, documents, and picture messages
• 

  Offers disappearing messages (with a timer)
• 

  Signal protocol
• 

  Open source
• 

  Doesn’t store user data or metadata
• 

  Advocated for by Edward Snowden
• 

  Needs a phone number to register

Signal is the overall winner for both iOS and Android users. Signal created an encryption protocol that is now recognized as the most secure messaging app protocol available. It offers everything most users need – SMS, video and voice calls, group chats, file sharing, and disappearing messages – without stuffing the app with ads and collecting user data. It’s also an open-source platform so anyone can check it for vulnerabilities. Speaking of which, a potential security flaw may have been found by an Israeli security firm, which is why it’s best to always use a VPN alongside your favorite secure messaging apps.

Do you need an encrypted messaging app?

Yes, you do need to use one of the best encrypted messaging apps because encryption protects your communication from being intercepted. Third parties can easily read unencrypted messages, while encrypted messages have an extra layer of protection. End-to-end encryption means that only the recipients of the message can read it because they are the only ones who have the decryption key.

With so many online threats putting us at risk, it is only wise to use one of the most secure messaging apps. Chances are most of your social crowd is using one, so you just need to decide which one to choose, based on the descriptions above.

Tips on how to secure your messaging app

Encrypted messages are much more secure than unencrypted, but you should still exercise caution when using even the most secure messaging apps. Follow this checklist to keep your private messaging app protected:

• Be careful on public Wi-Fi networks. These networks usually lack even the basic security measures, making it much easier for hackers to snoop on your web traffic. If you are using an unencrypted messaging service on public Wi-Fi, cybercriminals can intercept your messages, photos, passwords, and other sensitive information you share. A secure VPN can help protect you by hiding your traffic from snoopers and preventing security breaches.
• Don’t provide private information through chats. Avoid sharing your passwords, banking information, logins, and any other sensitive information through chats. And never share this type of information with strangers.
• Don’t click suspicious links. If someone you don’t know texts you and sends even an innocent looking link, do not click on it. Online scammers are known for sending random people links to phishing sites.
• Use a reliable VPN. It encrypts your app traffic and online traffic instantly and powerfully. Paid VPNs like NordVPN are better funded for R&D in encryption methods, so you’re guaranteed next-level security on and off the apps you use. NordVPN’s additional Threat Protection Pro feature takes your security to the next level by blocking ads, trackers, and malware. It even scans your files for malicious software during download, so you can rest assured your device will not get infected even if you click on a suspicious link by accident.

Why you should always use a VPN

End-to-end encryption isn’t foolproof. Backdoors within encrypted apps are being exploited all the time. In 2020, security firm Cellebrite (used by the FBI, the Myanmar police, and governments), announced that it was able to circumvent Signal’s end-to-end encryption. WhatsApp was cautioned over its lack of end-to-end encrypted backups, and if you don’t make your Telegram chats “secret,” they won’t be encrypted. So, whichever encrypted messaging app you choose, make it even more secure by turning on the NordVPN app, which immediately hides your traffic from snoopers who could be lurking in the network.