The Most Secure Messaging Apps that you Probably Never Heard of

mage courtesy of Perri Scope at Flickr.com

A secure messaging system gathers a few characteristics that allow users to safely communicate without fear of having their conversations, images and data intercepted. Now, we are all aware of WhatsApp and different alternatives, but how many of them are completely safe. Even though WhatsApp can now make the cut, due to its latest upgrade, there are still other options out there that you may have never heard about. The Electronic Frontier Foundation (EFF) designed a Secure Messaging Scoreboard, which allows to compare specific data to analyze just how secure the messaging app is. It examines dozens of technologies and rates them to get a range of security best practices among the top messaging software out there, including chat clients, test messaging apps, email applications and video calling. We all use these apps on a daily basis, be it for work or to stay in touch with friends and family, but how sure are we that our information, conversations and data is safe while we communicate with others. This scorecard measures seven dimensions to evaluate if the communication app is secure. 

-Are they encrypted at all stages of the communication?

-Is the encryption end-to-end so the messaging companies can’t access your communications?

-Is there a way to verify who you are messaging?

-If for some reason, the encryption keys are stolen, is all of your previous information safe?

-Can the app code be independently reviewed?

-Is the design of the cryptography, along with the implementation, available for review?

-Finally, has the code and implementation been audited independently in the last year?

Now, it is important to clarify that these individual traits don’t guarantee a secure network, but instead the combination of all of them. Especially considering when an app fails, the first four should be present to ensure your security.

Which ones aren’t safe?

mage courtesy of Cyril Vallée at Flickr.com

If they are popular, they are probably not that safe. The most popular apps are usually the ones that don’t pass the test. In fact, from the most popular apps that were tested all failed, with the exception of iMessage. The other ones tested from the popular apps were: BlackBerry Messenger, Facebook Chat, Skype, Snapchat, Viber and WhatsApp. Although WhatsApp, didn’t pass the test at the time, it may be quite different with the end-to-end upgrade it made recently. BlackBerry Messenger, only passed the first criteria of being encrypted in transit, the same as Skype and Viber. Whereas Facebook Chat, Snapchat, and WhatsApp (again when the study was made) only passed in the previously mentioned criteria and the fact that they have had recent audits of their code. iMessage, as mentioned before, is one of the safest from this group of popular apps which passes on five of the seven criteria. It has the previously two that were mentioned, as well as having an encryptor so the provider can’t read your messaged, previous comments are secure even if your keys are stolen and the design is properly documented.

Which ones are safe, but you don’t know about?

In this category we’ll have some apps that I’m almost sure you’ve never heard of, but do fill all seven criteria; ChatSecure, Silent Phone and Silent Text from Silent Circle, and Signal, RedPhone and TextSecure from WhisperSystems.

ChatSecure is a free app you can download from iOS and Android, and uses a few cryptographic libraries that are very well-known such as XMPP, OTR and Tor. You can communicate with other users who are using the same app or other apps that use the same protocols.

Silent Circle has a subscription plan and it covers two of the apps that were evaluated with all seven criteria: Silent Phone and Silent Text. Both apps are available in iOS and Android. It is a sort of secure Skype. The different thing about these apps is that they can also call non-users and the call will continue to be encrypted.

WhisperSystems is actually the same company that designed the new encrypted system for WhatsApp. They initially started off with their RedPhone and TextSecure apps that are used on Android, and Signal for iOS. These apps integrate with the phone’s dialer on the android version, so you’ll always get the option of making an encrypted call of sending a secure message. On the iOS version, it’s not quite as integrated.

All of the apps mentioned could be used to ensure that your communication is secure and not in danger of being tapped by anyone, including the phone manufacturer or the apps designer. Online there are tons of ways of being hacked or tricked into handing over their personal information, by anyone from a hacker to the government. So, if you’re interested in keeping your communications private, feel free to use any of these because they comply with all 7 seven criteria and will for sure keep your conversation between you and the end user.