The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals very likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are intensely using instant messaging apps as well.
This means that a hefty amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security slots in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a excellent blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a superb guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally prompt. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It embarked doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the aim was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are intensely encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to display users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema began life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, displaying that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage truly is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list completes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption worthless in one fell swoop
It’s good that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that powerless password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments hanker for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strongly using instant messaging apps as well.
This means that a gigantic amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security slots in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a good blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a excellent guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pics and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally swift. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It embarked doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the objective was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strongly encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure accomplish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to display users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema commenced life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, displaying that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage truly is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s good that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a feeble password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that powerless password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals very likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are intensely using instant messaging apps as well.
This means that a thick amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security fuckholes in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a excellent blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a fine guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally rapid. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It embarked doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the purpose was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strenuously encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema embarked life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, demonstrating that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently produces an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption worthless in one fell swoop
It’s good that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing feeble passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that powerless password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals very likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are intensely using instant messaging apps as well.
This means that a hefty amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security slots in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a good blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a superb guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally rapid. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It embarked doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the aim was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strongly encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema commenced life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, displaying that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently produces an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s fine that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that powerless password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments hanker for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strenuously using instant messaging apps as well.
This means that a hefty amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security slots in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a good blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a excellent guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pics and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally swift. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It began doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the objective was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strongly encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure accomplish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to display users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema commenced life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, demonstrating that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently produces an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s excellent that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments hanker for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are powerfully using instant messaging apps as well.
This means that a thick amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security fuckholes in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a fine blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a superb guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally quick. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It began doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the purpose was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strenuously encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to showcase users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema commenced life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, displaying that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list completes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption worthless in one fell swoop
It’s excellent that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a feeble password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strongly using instant messaging apps as well.
This means that a yam-sized amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security crevices in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a superb blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a superb guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally swift. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It embarked doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the aim was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are powerfully encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema embarked life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, showcasing that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list completes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption worthless in one fell swoop
It’s superb that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing feeble passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a feeble password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments hanker for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strongly using instant messaging apps as well.
This means that a big amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security crevices in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a fine blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a excellent guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally swift. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It embarked doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the aim was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strongly encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to display users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema embarked life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, displaying that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage truly is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list completes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s good that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals very likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are intensely using instant messaging apps as well.
This means that a fat amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security crevices in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a good blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a excellent guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pictures and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew amazingly prompt. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It commenced doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the purpose was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strenuously encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure accomplish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to showcase users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema embarked life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, displaying that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s superb that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that powerless password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals very likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are intensely using instant messaging apps as well.
This means that a giant amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security slots in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a excellent blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a fine guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pics and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally quick. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It began doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the aim was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strongly encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure accomplish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema commenced life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, showcasing that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption worthless in one fell swoop
It’s superb that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing feeble passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals very likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are intensely using instant messaging apps as well.
This means that a hefty amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security crevices in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a fine blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a fine guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally rapid. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It embarked doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the objective was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are intensely encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure accomplish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to showcase users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema commenced life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, demonstrating that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage truly is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently produces an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption worthless in one fell swoop
It’s excellent that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that powerless password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments hanker for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strenuously using instant messaging apps as well.
This means that a hefty amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security fuckholes in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a fine blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a superb guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally prompt. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It embarked doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the purpose was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strenuously encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema commenced life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, showcasing that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage truly is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s superb that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing feeble passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that powerless password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments hanker for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strenuously using instant messaging apps as well.
This means that a gigantic amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security slots in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a excellent blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a excellent guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pictures and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally swift. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It commenced doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the purpose was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strongly encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to showcase users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema embarked life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, showcasing that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s superb that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing feeble passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a feeble password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are powerfully using instant messaging apps as well.
This means that a giant amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security fuckholes in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a fine blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a superb guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew amazingly quick. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It embarked doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the aim was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are powerfully encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure accomplish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to showcase users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema commenced life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, showcasing that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list completes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption worthless in one fell swoop
It’s fine that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strongly using instant messaging apps as well.
This means that a big amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security slots in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a good blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a good guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pics and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew amazingly rapid. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It embarked doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the aim was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are powerfully encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema began life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, displaying that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage truly is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently produces an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list completes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption worthless in one fell swoop
It’s excellent that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strongly using instant messaging apps as well.
This means that a large amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security slots in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a good blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a superb guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally quick. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It commenced doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the purpose was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are powerfully encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema began life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, demonstrating that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage truly is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently produces an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s fine that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that powerless password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals very likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strenuously using instant messaging apps as well.
This means that a fat amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security slots in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a fine blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a excellent guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pictures and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew amazingly quick. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It commenced doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the objective was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strenuously encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema embarked life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, displaying that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage truly is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently produces an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption worthless in one fell swoop
It’s excellent that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that powerless password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments hanker for it, companies seek access to it, and cyber criminals very likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are powerfully using instant messaging apps as well.
This means that a thick amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security crevices in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a good blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a fine guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pics and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew amazingly swift. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It began doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the objective was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strongly encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema embarked life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, showcasing that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage truly is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently produces an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption worthless in one fell swoop
It’s good that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a feeble password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that powerless password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals very likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are intensely using instant messaging apps as well.
This means that a massive amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security crevices in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a good blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a superb guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally swift. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It embarked doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the objective was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are intensely encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure accomplish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to display users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema began life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, displaying that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list completes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s superb that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing feeble passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strenuously using instant messaging apps as well.
This means that a yam-sized amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security crevices in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a fine blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a good guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pics and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally rapid. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It began doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the aim was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strenuously encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure accomplish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema embarked life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, showcasing that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage truly is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption worthless in one fell swoop
It’s excellent that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing feeble passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a feeble password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that powerless password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals very likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are intensely using instant messaging apps as well.
This means that a large amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security crevices in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a fine blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a good guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pictures and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew amazingly rapid. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It commenced doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the aim was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strongly encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema commenced life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, showcasing that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption worthless in one fell swoop
It’s fine that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing feeble passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that powerless password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are powerfully using instant messaging apps as well.
This means that a large amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security slots in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a excellent blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a excellent guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew amazingly swift. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It commenced doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the objective was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strenuously encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure accomplish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema began life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, displaying that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage truly is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently produces an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list completes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s superb that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing feeble passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a feeble password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that powerless password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments hanker for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are powerfully using instant messaging apps as well.
This means that a ample amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security crevices in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a good blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a superb guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pics and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally prompt. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It commenced doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the purpose was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strongly encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema began life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, demonstrating that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage truly is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s superb that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are powerfully using instant messaging apps as well.
This means that a big amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security fuckholes in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a fine blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a superb guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pics and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally swift. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It began doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the aim was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are intensely encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure accomplish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema began life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, displaying that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently produces an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list completes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s superb that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strenuously using instant messaging apps as well.
This means that a hefty amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security fuckholes in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a superb blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a good guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pics and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew amazingly rapid. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It began doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the aim was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strenuously encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to showcase users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema embarked life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, showcasing that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage truly is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently produces an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s good that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing feeble passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a feeble password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that powerless password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strenuously using instant messaging apps as well.
This means that a enormous amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security crevices in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a fine blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a excellent guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew amazingly quick. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It began doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the purpose was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are powerfully encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure accomplish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to showcase users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema began life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, displaying that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list completes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption worthless in one fell swoop
It’s fine that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing feeble passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strongly using instant messaging apps as well.
This means that a enormous amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security slots in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a fine blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a good guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pictures and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew amazingly quick. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It began doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the aim was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strongly encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure accomplish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to display users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema commenced life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, demonstrating that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently produces an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s superb that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments hanker for it, companies seek access to it, and cyber criminals very likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are intensely using instant messaging apps as well.
This means that a hefty amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security fuckholes in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a fine blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a superb guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pics and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew amazingly quick. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It commenced doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the purpose was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strongly encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema began life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, demonstrating that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list completes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s good that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing feeble passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a feeble password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments hanker for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strenuously using instant messaging apps as well.
This means that a phat amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security crevices in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a fine blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a superb guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pics and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally swift. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It began doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the aim was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strenuously encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to display users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema commenced life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, displaying that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently produces an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list completes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption worthless in one fell swoop
It’s fine that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing feeble passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals very likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are powerfully using instant messaging apps as well.
This means that a ample amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security crevices in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a excellent blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a good guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your pics and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew exceptionally quick. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It commenced doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the purpose was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are strongly encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure accomplish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to demonstrate users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema embarked life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, demonstrating that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage truly is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list completes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s fine that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing feeble passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a powerless password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments hanker for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strongly using instant messaging apps as well.
This means that a gigantic amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security slots in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a fine blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also spinned out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a fine guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Trio. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew amazingly prompt. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It embarked doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the aim was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are intensely encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to showcase users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema embarked life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is utterly useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, displaying that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently produces an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list finishes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s truly not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s good that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a feeble password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.
The Best Encrypted Messaging Apps You Can (and Should) Use Today
The Best Encrypted Messaging Apps You Can (and Should) Use Today
If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.
We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments covet for it, companies seek access to it, and cyber criminals most likely want it the most.
But what’s so special about my data?
The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.
Wake-up call: the data you share in your IMs
Today I’m going to concentrate on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.
Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.
Junior generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are strenuously using instant messaging apps as well.
This means that a big amount of data is stored, transmitted and collective through these messages.
And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also suggest the option to be used for both online IMs and SMSs.
Everything is just a click or a tap away. But not only for you.
You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.
Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.
Here’s a latest example of how security fuckholes in these apps can expose your data to malware and other cyber threats:
The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would permit an attacker to modify the contents of someone’s talk history as well as give them the capability to spread malware through the talk service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.
Do I have your attention now?
Good. Because you’re going to want to find out about this.
Why end-to-end encryption matters
As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.
The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.
Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a superb blogpost:
Albeit encryption in transit is widely used, it has serious security problems.
For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.
For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.
His comparison inbetween different types of data encryption is also useful to explain the difference inbetween the widely used encryption in transit and the more secure end-to-end encryption process:
Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.
So are you ready to explore some of the most secure instant messaging apps out there?
The most secure messaging apps
1. WhatsApp
It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around six months to implement, but it sends a clear message that this type of encryption should be the norm.
Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.
Two. Viber
When it launched its 6.0 version, Viber also flipped out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a good guide for those who want more details on this security enhancement.
The guide mentions one exception which this encryption level doesn’t cover: attachments collective via the iOS Share Extension. Here is the official statement:
Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your photos and movies are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.
As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.
Three. LINE
This app has fairly an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity bruised the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.
Once LINE was released to the public, it grew amazingly quick. By the end of 2015, it had already passed the seven hundred million users mark. Yes, one could say they’re big in Japan!
The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.
Four. Telegram
In their own words: “Telegram is a messaging app with a concentrate on speed and security.”
When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over one hundred million active users every month and growing permanently.
Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Talks.” Here’s more about this feature:
And when you delete messages on your side of the conversation, the app on the other side of the secret talk will be ordered to delete them as well.
You can order your messages, photos, movies and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then vanish from both your and your friend's devices.
All secret talks in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret talk from their device of origin. They are safe for as long as your device is safe in your pocket.
Five. KakaoTalk
Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It embarked doing so back in 2014! All you need to do is use the “Secret Chat” option.
The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.
6. Signal – Private Messenger
This secure messaging app has fairly a rich history, which I’ll attempt to sum up for you.
Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.
Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the purpose was to improve the security in the microblogging platform.
The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.
Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.
7. Cyber Dust
This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:
Cyber Dust permits you to communicate loosely and honestly. Send and receive text messages, stickers, links, photos, movies and more.
Your messages are protected from screenshots and vanish after they are read.
They are intensely encrypted and never touch a hard drive- not even our own.
Once your messages are gone, they are truly gone forever, never to be recovered.
For Your Information: users do have the option to keep the messages from disappearing if they want to.
What Cyber Dust is attempting to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.
Will it be as successful as they plan? We’ll just have to wait and see.
8. ChatSecure
This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted talk app available for both Android and iPhone.
ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)
The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure finish privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.
ChatSecure is very open about the encryption protocols it uses to display users that their communication is truly safe while using the app.
9. Threema
These guys put it in the name:
Threema began life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.
Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group talks, media files and even status messages.
The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.
Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also attempts to suggest all the details necessary to back this statement.
Ten. Wickr – Secure Messenger
The company that makers Wickr – Secure Messenger was created in two thousand twelve by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.
What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.
This page dedicated to the encryption standard used in Wickr is enormously useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:
11. Cyphr
Thought the list was over? There are actually a few more apps to explore!
Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!
The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.
Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.
Albeit it doesn’t have desktop and web apps yet, Cyphr is worth a attempt.
12. CoverMe
CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.
And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?
13. iMessage and FaceTime
If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.
There's been a lot of controversy surrounding the case of the San Bernardino attacker's phone, which led to the encryption dispute inbetween Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, showcasing that they're ready to go to court to defend this aspect of their business.
Your iMessages and FaceTime calls are your business, not ours.
Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.
Apple has no way to decrypt iMessage and FaceTime data when it’s in transit inbetween devices.
And they even explained how secure iMessage indeed is, so you can feel certain about using it to keep your communication safe.
Users: “300 billion messages [sent] using iMessage, and the service presently supplies an average of 28,000 messages per 2nd” (2016 statistics)
More to come
The list completes here for now, but I have a feeling I’ll have to update it soon.
For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.
There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big switch takes place.
The Electronic Frontier Foundation is also preparing a fresh guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s indeed not an effortless task to analyze these apps, so be patient – the guide will be published soon enough.
Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.
Albeit rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.
How you can make end-to-end encryption futile in one fell swoop
It’s excellent that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:
- Choosing powerless passwords for their online accounts
- Reusing passwords across online accounts
- Not ensuring the physical security of their device.
If you choose a feeble password, it will be lightly compromised through a brute-force attack. (Learn how to get better at password management.)
If that feeble password is reused on numerous accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.
If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.
The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.
If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.