Secure Messaging Matters
In Part 1 of our Mobile Messaging series, Laura discussed the importance of using secure mobile messaging apps and how to choose the best messaging apps on the market.
- Messaging apps reveal more personal information than we realize.
- Secure messaging is important because criminals can extract information from our messages that can lead to a variety of identity crimes.
- Three features every secure mobile messaging app should have:
- End-to-end data encryption
- Ability to permanently delete messages
- Limited metadata storage
This month, we’ll explore some of today’s most popular mobile messaging apps and see where they stand when it comes to security. By highlighting some of the best messaging apps on the market, we hope to help increase your messaging security.
8 Messaging Apps: Security Breakdown
While the table above outlines basic security features of each messaging app, here’s how we ranked them after diving into their privacy policies.
Signal rates as one of the most secure mobile messaging apps available on the market. One notable characteristic of this app is that its security features are not just limited to your text messages. The app keeps your text messages safe, as well as voice or video calls, image and video files and group conversations. Other security features include tools that prevent others from capturing information via screen shots and other screen-scrubbing programs outside of Signal.
Signal is available for both Android and iOS, and it can become your default messaging app. Importing your existing texts into the platform will help you avoid sending unsecured messages by accident.
We’ve ranked Telegram as the second best messaging app because it offers a wide range of security features to protect your sensitive information. You can send texts and media files to single recipients or inside a group conversation – all protected by end-to-end encryption. While Telegram can become your default messaging app via your phone number, users can also search for others within the app by their usernames.
WhatsApp just missed our top spots because it’s only recently taken a proactive approach to security. Industry experts have argued that WhatsApp’s security functions were once easy to bypass – most notably by government agencies. However, the company recently added a two-factor authentication login option. Additionally, WhatsApp allows you to set a password to access the app itself and has a secure lost/stolen mode.
#4: Apple iMessage
Apple iMessage is a built-in messaging app that surprisingly doesn’t skimp on security. Apple iMessage has a messaging feature known as “Invisible Ink.” Invisible Ink messages will disappear shortly after they are read. And like any data sent between iMessage users – Invisible Ink messages are end-to-end encrypted. Be careful — if you are sending messages to someone not using iMessage, your texts will not be protected by Invisible Ink or Apple’s end-to-end encryption. iMessage is only available to iOS users.
#5: Facebook Messenger
Facebook Messenger offers a feature called “Secret Conversations” that provides optional end-to-end encryption and disappearing messages between users. However, normal messages sent through Facebook Messenger are not protected by end-to-end encryption, nor do they disappear. Any message outside of Secret Conversations could be decrypted by Facebook if the company deemed it necessary. Users, be wary – the fact that Facebook Messenger has both secure and normal messaging options within the same app can lead to accidental mix-ups when sending sensitive information.
Skype is a widely-used app that surprisingly harbors a few security holes. Skype’s video and messaging capabilities have made it a popular choice for personal and business use. Therefore, it’s even more important that messages are sufficiently protected on this platform. In-transit, your Skype calls are encrypted, but they are stored on Skype servers in an unencrypted state. Like traditional Facebook Messenger, Skype encrypts your messages, but not through end-to-end encryption. In other words, Skype would be able to decrypt your messages if they ever needed to access them.
#7: Direct Messages (Twitter & Instagram)
Direct Messages are #7 on our list because they do not offer the same level of security as other previously mentioned apps. Direct Messages are popular messaging features – specifically on Twitter and Instagram. They allow you to send messages and other media attachments to a single user or in a group conversation. Messages are encrypted on Twitter and Instagram servers, but they are not protected by end-to-end encryption. While the apps allow you to delete messages from your own devices, messages you’ve already sent will still live on other participating devices until they are manually deleted.
Unfortunately, popular social media app Snapchat ranked last on our secure messaging list. While it is true that Snapchat’s notorious “disappearing messages” delete messages from all participants’ devices after they are read, they are not end-to-end encrypted. Messages are only deleted from the company’s servers once they’ve been opened. Unread messages can stay on Snapchat servers for up to 30 days.
What should I do?
If you’ve been using apps that we listed as insecure, don’t panic. Understanding how your apps use and store your information can lower your chances of accidentally leaking sensitive information through your personal messages with others. Use our table above to compare messaging apps to pick one that works for you. Avoid sharing personal information over messaging apps that are not equipped with proper security measures.
Keep following Fighting Identity Crimes to stay up-to-date on the latest breach and scam news, as well as receive tips from our industry experts on how to secure your identity.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.