The world is more connected thanks to mobile apps. After all, just about everyone needs a way to communicate with friends, family, and colleagues at work. When it comes to messaging apps, it's easy to be overwhelmed by the plethora of choices available to us based on network provider, platform, device versioning, and of course, the type of communication taking place. As such, we've decided to list five popular messaging apps and the important security features behind them, because secure messaging and privacy should always be a top priority.
As the world of mobile devices continues to expand, messaging apps have to follow suit. Listed below are five popular messaging apps and their encryption features that users depend on for daily communication.
- Facebook Messenger
What is end-to-end encryption? For the uninitiated, end-to-end encryption basically means that only a sender and the recipient of a particular message can see one another's messages. In essence, the messages cannot be decoded and unraveled in-transit or during transmission by outsiders or even the maker of the application. According to The Electronic Frontier Foundation (EFF) – a leading nonprofit organization that is committed to "defending civil liberties in the digital world" and "champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development" – very particular methodologies have been put in place to assess the security of certain messaging apps, starting with encryption. The primary question surrounding encryption for messaging apps is centered on determining whether communication is encrypted in-transit.
According to the EFF, "this criterion requires that all user communications are encrypted along all the links in the communication path." In some instances, data and metadata (user names and addresses) transmitted on a company network may or may not be encrypted. However, for external, and more importantly, more common usage, encryption is a driving security feature – especially on unsecured and public networks. This criteria requires messages to be encrypted during transmission. Those messages then pass through a firewall before hitting the provider's servers, which means they can only be decrypted by a private key on the intended receiver's device. This is important because end-to-end encryption ensures messages can only be read by the intended recipients, with no data logged on untended servers.
Enabling end-to-end encryption for all messages allows the user to remove metadata from single messages (i.e. the time the message was sent, geo-location data, seeing if and when the message was read by recipient, etc.).
WhatsApp is perhaps the most popular messaging app because it enables easy communication across global networks. Most people use WhatsApp on a wireless Internet connection or using their cellular data network to text, send picture and video messages, and even record voice messages to others. This is crucial for international travel, which is one reason why Facebook acquired WhatsApp. Regarding end-to-end encryption for WhatsApp, which was unrolled in May 2016, the encryption is based on the Signal protocol – the same tech also used by open source messenger Signal.
Another popular messaging app, Facebook Messenger, isn't quite as secure, yet. However, Facebook is testing end-to-end encryption on its popular messaging application. Facebook Messenger currently uses secure communication channels to help block spam and malware. However, users need additional safeguards – especially when disclosing private health, financial, and location-based information with trusted recipients.
SnapChat might be the trickiest messaging app, based on the functionality that makes it so popular – the immediacy and temporary status of messages sent and received. At the most basic and common method and level-of-use, users send and receive messages that are on set timers for one-time viewing before the messages are 'deleted' and inaccessible. SnapChat allows messages to be encrypted in-transit; however, there's a catch. According to the tech-based site, Recode, 'Snapchat messages are encrypted while at-rest on Snapchat’s servers (though the company has the encryption key if needed). Snaps are deleted from the servers as soon as they’re opened by the intended recipients, and Snapchat claims these delivered messages “typically cannot be retrieved from Snapchat’s servers by anyone, for any reason.” But unopened Snaps are kept on the servers for 30 days before being deleted. That means Snapchat might have to hand over unopened, private messages if required by law.'
Although Skype is most-commonly used for video and voice conference calls, it has an instant messaging chat window feature. This is incredibly helpful for private conversations that take place with people on the call, in queue for the next call, or who just happen to be online and connected to Skype. Skype does allow messages to be encrypted during transmission, but Skype does not offer end-to-end encryption for any instant messages sent on the platform. Instead, messages are stored on Skype’s servers for a presumably set length of time. What does this mean for users? Well, in short, it means Skype has the capability to turn over private messages on its servers if summoned by a judge or required by law depending on the country and communication in question.
Allo is a messaging app made by Google to be released this summer on Android and iOS platforms. What makes it popular is a feature-rich interface complete with graphics and doodles. From a functionality standpoint, the app works with Google Assistant to merge schedules and make suggestions for calendars and tasks. Allo does include an option for users to send their messages with end-to-end encryption, but they must opt to turn on and configure the encryption in the settings. This 'incognito' mode will be an option that includes capabilities like expiring chats, private notifications, and of course, end-to-end encryption. In an effort to provide a uniform security feature that users have come to expect with messaging apps, Allo differs in that end-to-end encryption is not a default setting like it is in WhatsApp and Viber. The complexity, however, really lies in the app's dependence on reading your messages to help coordinate events, tasks, and fixtures in the calendar – which it can’t do if your chats are end-to-end encrypted. Edward Snowden, whistleblower and former NSA contractor, was critical of Allo and expressed his views on Twitter stating, "Google's decision to disable end-to-end encryption by default in its new #Allo chat app is dangerous, and makes it unsafe."
For users, Allo presents two options: privacy and increased security or transparency through interactivity. Although users will often choose for the transparent and less-secure option, security is still an issue and civil liberties advocates are already voicing displeasure about it.
What users need to know is that end-to-end encryption is becoming a standardized expectation built into the software of popular messaging apps. Ultimately, the level of security is up to the user's discretion and day-to-day needs. Additionally, the type of communication and the network on which that communication takes place on are main factors to consider. Overall, end-to-end encryption is a topic that continues to drive discussion and debate on multiple forums. From personal civil liberties to law enforcement agencies demanding access to files and data – there are many reasons that default encryption on mobile apps is a Catch-22 of sorts. By providing increased security, it could also cause law enforcement and auditors to lose access to important communications they need in order to secure criminal and civil court convictions.
Sign up for our Developer-focused newsletter CODE. Designed hands-on by developers, for developers. Keep up to date on topics of interest: tutorials, tips and tricks, and community building events.
CenturyLink Cloud – We’re a different kind of cloud provider – let us show you why.