Your One-Stop Guide to Secure, Encrypted Messaging
Now that smartphones have ensured that we're connected to the internet 24/7, online privacy has become more important than ever. With data-mining apps hoping to sell your information for targeted ads, and government agencies only one subpoena away from knowing every detail of your private life, encryption has become our last line of defense.
It was recently revealed that iMessage, the iPhone's default messaging app, can send some bits of data to Apple, even though messages were previously thought to be fully encrypted. Other popular platforms have unforeseen security issues, too, so end-to-end encryption is only part of the story.
But which encrypted messaging app is the most secure, and truly the most private? Below, we break down some of the most popular options available right now, and highlight their strengths and weaknesses. This list may expand as new companies integrate encryption in the near future.
WhatsApp has been a heavy favorite worldwide for its ease in sending and receiving instant messages, including audio, video, and documents. It currently boasts a user base of one billion, and had recently finished rolling out end-to-end encryption for everyone, and WhatsApp claims to not have access to these encrypted messages at all.
Users on older versions of WhatsApp might not have encryption enabled, so make sure to always stay updated with the current version. If you want to verify that you have end-to-end encryption with another user, you can use a QR code and 60-digit passcode to do so.
The drawbacks to this? The privacy is maintained only if the user endpoint devices in the chat are fully secure themselves, an issue that does plague some Android users. Users also have to ensure that they're running the latest updated version of the app, and that means you and the people you're communicating with.
Signal has been well received by those very sensitive to digital privacy issues, most notably by Edward Snowden himself. Created by Open Whisper Systems (who also lent assistance to WhatsApp in their implementation of end-to-end encryption), Signal offers private messaging and phone calls via their mobile and desktop apps, both of which were made available to the public after an invitation-only beta program earlier this year.
What Signal offers is end-to-end encryption based on free- and open-source code, as well as added layers of security verification. The setup is easy and the layout offers large enough text within the interface. In order to contact someone through Signal, both parties need to have the app installed and then go through a security check involving correctly identifying random words to make sure you're connecting with the right person. At present, a major draw for Signal has been the full encryption of phone calls with no hitches.
Like WhatsApp, they claim to have zero access to your messages.
The VoIP and instant messaging app Viber made the recently announced end-to-end encryption for all chat conversations whether they're group-based or one-on-one as well, as for all calls. This goes into effect immediately where Viber's developers are located in Belarus, Israel, Brazil, and Thailand, with a global rollout over the next few weeks. Users looking to take advantage would then need to update to the latest version of the app and then use a QR code to re-authenticate themselves.
This latest move by Viber also includes a Hidden Chats feature that lets you protect certain chats with a four-digit PIN code. There is also a color-coded security system that users can utilize to verify how secure their chats are, which can come in handy given that Viber does support up to 200 users on a group chat conversation if needed. One feature that Viber hopes will attract more users is the enhanced delete feature which allows you to simply erase any evidence of a chat from your device and that of whoever else was on the chat with you.
What could be tricky for those interested in the newest version of Viber? For starters, you do have to make sure you're upgraded to the latest version on your device, which could leave those with older operating systems and devices left out, including those on PCs, who'll need Windows 10. Another thing to take a wait and see about is the company's plan to introduce bots into the app as a way to expand its appeal to businesses and to incorporate other services like gaming.
ChatSecure is another solid option here, as it provides Off-the-record (OTR) encryption for all messages, which is a top-notch security protocol designed by cryptographers Ian Goldberg and Nikita Borisov. ChatSecure is fully open-source, and the fact that it uses the OTR encryption standard means that it's cross-compatible with other OTR messaging clients.
ProtonMail stands out as an ancestor of sorts when it comes to the wave of end-to-end encryption services that are being provided. Created by a group of scientists from MIT and CERN, ProtonMail offers end-to-end encryption of email and is highly dependent on the user to create and remember a password to gain access to them. Users can also send and receive emails to those not using ProtonMail and still enjoy the protection of the service by manual encryption. There's even an option to give your emails an expiration date before sending them out.
ProtonMail may not be as attractive to users who want to apply end-to-end encryption across all their platforms, but it still is considered a good traditional system to communicate with full privacy and does allow for users to upgrade to a premium account which lets them use a custom domain.
On the surface, a messenger app with Google's new Assistant giving you tips and search results while you're carrying on a conversation might sound like the farthest thing from secure. However, Google kept privacy-focused users in mind while developing Allo, so full end-to-end encryption is possible here.
For truly secure messaging, you'll simply need to start an "Incognito Mode" chat in Allo. Once you do that, your messages will be fully encrypted from the time they leave your phone until they arrive on the recipient's device. You'll lose out on some of the cooler features with Incognito Mode, but you can get those right back by opening a non-secure chat for more lighthearted conversations.
Similar to Allo, Facebook Messenger now supports a fully encrypted communication mode. By default, your conversations are only encrypted as the messages move from Facebook's servers to either person's device, so Zuckerberg & Co. have a chance to analyze texts along the way.
However, using the new "Secret Conversations" feature, your messages will be 100% encrypted, and you can even opt to have the messages disappear from both devices after a period of time. Again, though, end-to-end encryption is only available when you start a "Secret Conversation."
Threema has gotten a little bit of buzz, mainly among those in its origin country of Switzerland. Its user base in comparison to the others listed here is small (at last report, 3.5 million), but what's drawn people to Threema is the company's policy on protecting your metadata as well as using on an open-source code based on the NaCI Library. Plus, there's end-to-end encryption for all message types.
Threema also offers a unique user ID generated by the initial app launch, and the ability to verify other users by QR code as an added layer of protection. Users can't make phone calls, but they can send voicemails, texts, and multimedia files. The company has also made it possible for businesses to send messages to clients who have the app installed in a gateway system similar to SMS gateways.
LINE, the communications app that got its start in Japan due to a natural disaster, has grown to be used by close to 400 million worldwide. LINE is unique because their end-to-end encryption is enabled within the "Letter Sealing" feature between users in all chat room messages. However, you need to activate this feature manually, and all parties in a conversation must enable this feature also for it to be truly private.
Just like Viber, it also has a Hidden Chat feature, as well as a time-limited messaging feature. And LINE claims that "no LINE employee or third party, besides the chat participants themselves, will be able to view [messages]."
Telegram has emerged as a hefty rival to WhatsApp, and has been working on improving their suite of offerings to users. Included among its newer features is a new video player for iOS users, as well as a revamped chat interface for Android users.
The standout feature is centered on their "Secret Chats" end-to-end encryption which users can switch on. They can then verify each other's identity with visual-based keys.
The encryption Telegram offers has gotten some dubious attention due to terror groups creating secure channels with it, but the company has been vigilant in eliminating those channels once detected by their personnel. Telegram also claims to be more secure than WhatsApp and LINE.
Dust is a fairly new entry to the encrypted messaging app game, and comes from business titan and digital maven Mark Cuban. What makes Dust unique is that messages sent through the app never come in contact with the company's servers. In addition, messages don't get stored on a user's device and once they're read, they vanish. That alone is mind-blowing.
Dust, available for iOS and Android users, was crafted with the emphasis on communicating quickly without leaving a trace, and initial reactions have gotten great feedback. Cuban has stated that future plans for the app will include expansion to other sources and a version for the Web.
Surespot is less known, but has been rising in usage due to its encryption based on a public-key cryptography system and reliance on 256 AES-GCM. It offers encrypted offline backup through iTunes and local storage on Android devices. Another intriguing feature is the ability to create and use multiple identities for business purposes or regular means.
Surespot claims that their servers never see the private key, so they have no way of decrypting messages from their end. Your username is also not associated with an email or phone number, which gives you even more privacy. Unfortunately, this is also a bad thing, because your password for Surespot can never be recovered or reset.
There are others that offer encryption, but not end-to-end. So if you're using these extensively, bear in mind the conditions each app has in terms of privacy.
- Google Hangouts: Like iMessage, all messages through this service are encrypted, even on their servers. But if legal authorities request it, Google can hand those messages over.
- Kik: Their messages aren't encrypted, but the company does ensure that they're erased from their servers once they're delivered to someone's device.
- Twitter: There's no end-to-end encryption when it comes to their direct messages, and they can be subject to review and seizure by law.
- Snapchat: Yes, snaps do get erased from their servers once their recipients open them up on their devices. However, those that don't get opened stay on the servers for 30 days and can be subject to review by legal authorities despite being encrypted.
- Skype: Their instant messages aren't encrypted and can be seized by the law if requested.
- WeChat: The messages aren't encrypted and can even be tracked via GPS according to some accounts.