We all have private conversations we want to keep, well, private! Whether it’s an embarrassing story, office gossip, or opening up about your feelings, the last thing you want is for someone to see your messages or have them used to serve you ads. Unless you’re using an encrypted messaging app, you’re leaving it all out in the open.
While encryption and privacy play a vital role in selecting which messaging app to use, its also necessary to use the messaging apps that our friends use. According to Statista (2019) WhatsApp, Facebook Messenger, and WeChat, remain the world's most popular messaging apps despite Facebook's questionable privacy practices.
There are many messaging apps on the market, but not all of them are as secure as they say. All of the apps on this list offer end-to-end encryption, which means that no one can see your ‘secret’ conversations unless they have a private key to decrypt your message. Most importantly, that means even the service provider can’t see your messages – not even abusive employees, hackers or government officials. However, their additional features – and shortcomings – are all different.
We reviewed the pros and cons of 7 encrypted messaging apps and ranked them from the least to the most secure.
With over 1 billion users, WhatsApp is one of the most widely used messaging apps. It’s easy to use and offers features such as location and file sharing, gifs, and even desktop support. It also uses the powerful encryption protocol developed for Signal by Open Whisper Systems, which is considered the industry standard. The encryption features Perfect Forward Secrecy (PFS). This means that even if someone manages to somehow steal the key to your secret conversation, they will only be able to see the last message you’ve sent. Everything else will remain private.
On the other hand, WhatsApp is owned by Facebook, which raises huge security concerns. Collecting users’ data is at the center of this social media giant’s business model and it failed to keep user data safe multiple times. Can we really trust Facebook, secure encryption notwithstanding?
Update on May 14, 2019:Hackers recently found a severe WhatsApp vulnerability and used it to install surveillance malware on a selected number of phones. This spyware was injected through WhatsApp audio calls (the targeted individual didn’t need to answer the call) and gave hackers access to victims’ text messages, emails, WhatsApp messages, contact details, calls record, location, microphone, and camera. The vulnerability has now been patched. We have moved WhatsApp from #4 to #7 as a result.
Billions of people use Facebook and its messaging services, but few know that their app offers end-to-end encryption. That’s because Facebook did a great job hiding the feature. (Find out how to start a secret Facebook conversation here.)
It’s admirable that Facebook introduced this feature, but there are still many reasons why it’s at the bottom of our list. The social media giant still gathers data like who you text or how often you use the app. And let’s not forget that, in 2018, Facebook became infamous for its multiple data breaches. They’ve become hard to trust with your privacy!
There’s no doubt that Apple products have a good reputation when it comes to cybersecurity. iPhone owners’ alternative to text messages – iMessage – has default end-to-end encryption. However, it still has a bunch of vulnerabilities and is far from the most secure messaging platform.
Information like mobile numbers and contact lists is stored in plain text rather than hashes, as are timestamps and IP addresses. The app also fails to encrypt your metadata and any data synced to iCloud. If anyone hacks into your cloud, they will have backdoor access to your device.
Over 100 million people use Telegram. It’s true that the platform is easy to use, offers many extra features, and isn’t obligated to give out any user information to intelligence agencies (as far as we know). However, Telegram isn’t as secure as it wants us to believe.
First, it seems strange that such a security-oriented messaging app doesn’t have encryption turned on by default. Many people who use Telegram aren’t aware of this, which defeats the purpose of the app.
The Telegram encryption protocol is also flawed. It was developed by an in-house team with little experience in crypto, which isn’t advised by cybersecurity experts. Telegram servers aren't open source, so the code hasn’t been audited by any third parties. This poses potential risks regarding any backups. The company also doesn’t provide any transparency reports.
Read on to see our top three secure messaging apps, or check out this video explaining why we picked them.
At first glance, Wire ticks all the boxes of a truly secure messaging app – it offers end-to-end encryption, complies with all European Union data and privacy laws, it’s open source, and it isn’t obligated to share its data with surveillance services. Plus, you can use it on most popular browsers like Firefox, Chrome, Safari and Opera. However, Wire does collect and store some user data.
The creators of the app admitted to keeping records of who users contacted and, unfortunately, it’s all saved in plain text. They also store users’ emails, phone numbers and usernames. According to Wire, this information makes device synchronization easier and is deleted once the account is deactivated.
This app is one of the best secure messaging apps on the market. It’s open source and doesn’t collect user data or metadata. It also offers a ‘shredder’ feature, which automatically deletes all conversations and files ever shared on the platform. You can set a timer for when to delete them. Most importantly, you don’t need a phone number or an email address to register, so it’s even easier to keep your life private.
The only downside is that Wickr isn’t as popular as Signal(#1) or Telegram(#5). It was initially designed for businesses and enterprises, so it wasn’t as widely advertised to everyday users. Wickr still offers a paid Pro version where you can have encrypted group video calls, something no other app currently offers. If you are not an entrepreneur and want to use Wickr, you’ll need to convince your friends to move as well.
Signal is the overall winner for both iOS and Android users. Signal created an encryption protocol that is now recognized as the most secure messaging app protocol out there. It offers everything most users need – SMS, video and voice calls, group chats, file sharing, disappearing messages, etc. – without stuffing the app with ads and collecting user data. It’s also an open source platform so anyone can check it for vulnerabilities. Speaking of which, a potential security flaw may have been found by an Israeli security firm, which is why its best to always use a VPN alongside your favorite secure messaging apps.
End-to-end encryption isn’t foolproof. Backdoors within encrypted apps are being exploited all the time. In 2020, security firm, Cellebrite (used by the FBI, Myanmar police, and governments), announced that they were able to circumvent Signal’s end-to-end encryption. User metadata on Clubhouse was found to be insecure, WhatsApp was cautioned over its lack of end-to-end encrypted backups, and if you don’t make your Telegram chats ‘Secret’ they won’t be encrypted.
A VPN encrypts your app-traffic and online traffic, instantly, and powerfully. Paid VPNs like NordVPN, are better funded for R&D in encryption methods, so you’re guaranteed next-level security on and off the apps you use. All you have to do is turn on the NordVPN app, and everything you do online is encrypted, hiding it from snoopers who could be lurking in your network.