password, password change, frequency, IT, IT security, security

Millions of people exchange messages every day. Messaging apps make it easy. But what happens to a message while you are typing it or once it has been sent? Private messages can potentially be read by third parties, such as the organizations behind the apps, and governments who collect private information on their citizens. Hence the importance of using a secure application in your communications.

What makes a messaging app secure?

There are multiple factors that can make an application secure. Here we can see three of the most relevant ones:

1. End-to-end encryption.

This is the key since it ensures direct secure messaging. This means that from the moment a message is typed, to the time it spends in transit, until the other person receives it, no one else can see that message. Therefore, the message can not be snooped by third-parties, and the information can not be stolen while it is being transmitted.

Many applications offers end-to-end encryption. In some cases, this security feature is enabled by default. In others, the final user may need to ensure that it is activated, or maybe the app encrypts messages only in certain scenarios. On the other hand, there are different encryption protocols. Some more proven and safer than others.

2. Open source code.

It refers to any application whose source code is available to anyone. So, experts can freely check the code and try to find any weaknesses or vulnerabilities, that later on, will be fixed. 

3. Data collection.

The messaging apps can collect information about you and the device you use. This is commonly known as metadata. Metadata includes data such as who you talk to, for how long, at what time, your IP address, phone number, the location of your phone, etc.

What alternatives do we have today?

There are multiple messaging apps available. We have created a list of the three most used apps on the market today, and we have summarized their security features. These apps are: Signal, WhatsApp and Telegram.

1. Signal.

Signal is entirely free and is quite easy to use. This app uses a proven super-strong encryption protocol. The best thing about this private messaging app is that it is an open source project supported by donations and grants, so there are no advertisements, no affiliate marketers, and no secret tracking. Furthermore, any experts can freely audit the app’s code for any vulnerabilities in its security. This helps ensure that Signal’s security is always up to date.

There are other features like encrypted voice calls, group chats, media transfer, archive functionality. The messages can also be set to self-destruct after a set amount of time. Signal also allows you to set a password to lock it. So even if your phone falls into the wrong hands, your messages will still be protected.

2. WhatsApp.

WhatsApp is one of the most popular messaging apps being used today, more than 2 billion users worldwide. It’s available for free and you can easily send text messages, photos, as well as video and voice messages. It uses the super-strong encryption protocol developed by Signal since 2016.

This app is owned by Facebook, the world’s biggest social network, since 2014. Facebook can’t read user’s messages, the end-to-end encryption prevents that, but WhatsApp did announce that they would be sharing user metadata with Facebook, for various purposes such as ad-targeting.

All WhatsApp users must agree this update to have their user data shared with Facebook or risk losing their ability to use the app altogether. The update originally set to go into effect on February, it has been delayed until May since the lot of misinformation about the revision of the privacy policy.

3. Telegram.

Telegram is a popular messaging app. You can set messages to self-destruct, share videos and documents, and participate in group chats of up to 200,000 users.
This app uses its own custom MTProto encryption rather than a more proven secure system, such as the Signal protocol. Its encryption system is considered as unsafe by many experts, who have expressed skepticism about the lack of transparency surrounding its protocol. On the other hand, this app is open source code.

End-to-end encryption is not enabled by default on Telegram, so you need to make sure the Secret mode is activated in order to protect your communications. Other types of chat and file transfers are encrypted, but only for part of their journey to other parties.

Last month a research showed that the “People Nearby” feature could allow an attacker to triangulate the location of unsuspecting users. This feature is disabled by default, but users who enable it will be publishing their precise location inadvertently.

Our recommendation

From a security stand point, Encripto recommends using Signal, as it is the safest and most private alternative available as of today.