WhatsApp, iMessage, Skype, Snapchat and DMs. There’s even a Messenger Kids app for children by Facebook. The list goes on and on when it comes to ways to communicate with your friends, family and work associates.
While most of your texts might be asking “what’s for dinner?”, other texts, especially those pertaining to work, can be highly sensitive. There’s been a lot of talk regarding encryption lately. As more privacy concerns come to light, people are becoming increasingly aware of the risks when communicating on non-secure lines. Even Jeff Bezos fell victim to a phishing scheme, proving that it can happen to anyone.
Today we’re highlighting some of the most popular messaging platforms from least to most secure, and providing helpful tips on what you should watch for when it comes to texting securely.
Let’s begin with the most basic method: good old-fashioned text messages. Short Message Service (SMS) and Multimedia Messaging Service (MMS) are the default method on cellphones which makes it a quick and easy way to stay in touch. However, these types of texts are not secure by design which means the messages you send are in plain text and can be open to interception. Depending on how private your exchanges are, it’s also important to keep in mind that your phone provider will have access to your communications.
Is iMessage secure?
If you’re an iPhone user, you likely prefer exchanging iMessage and FaceTime with your fellow Apple users. On their website, Apple states:
We designed iMessage and FaceTime to use end-to-end encryption, so there’s no way for Apple to decrypt the content of your conversations when they are in transit between devices. Attachments you send over iMessage (such as photos or videos) are encrypted so that no one but the sender and receiver(s) can access them. These encrypted attachments may be uploaded to Apple.”
The last sentence is the part which may give some users pause. It’s worth noting that while you have the option to automatically have your iMessages deleted from your device after a set amount of time, you also have the option to back them up on your iCloud. Apple has strengthened their two-factor authentication and only allows you to change your password via a trusted device. But, like all cloud accounts, there’s always the potential for a breach, however small that chance may be.
Remember: If you happen to send an iMessage while not on WiFi and data is turned off, or you’re out of service reach or texting an Android user, by default the message will send via SMS anyway.
Is texting from Android safe?
Google is currently working with phone companies to move texts from SMS to RCS (otherwise known as Rich Communication Services). The RCS protocol is referred to as “Advanced Messaging” by some carriers and offers modern features like read receipts, improved image sharing, group chats and more. While some of the more prominent Android phone-makers like Samsung support RCS in their default texting app, not all Canadian carriers have been as quick to adopt the new technology, according to Mobile Syrup.
On the security side of things, RCS may pose similar concerns as its predecessor. An article published by Wired last December claimed, “When security researchers looked under the hood, they found the way carriers and Google have implemented the protocol creates a basket of worrisome vulnerabilities.”
Bottom line: if you’re in search of a secure means of communicating, keep reading.
You likely use emails the most when it comes to business communications. Just like with text messages, email platforms rank low on the list when it comes to security. Emails are written in plain text and are shared across insecure networks which means anyone who may be listening in along the way can easily intercept the message and read it.
Now, that’s not to say you can’t enhance the security of your email account. Encrypting your emails with a key is one way — but, you need to share that key with the person on the other end of the communication to ensure they can receive and ultimately read that email. Since both you and the receiver need to understand what you’re doing, this process can turn into quite the production.
Alternatively, with email applications like Gmail, you can install a third-party plugin. This plugin can ensure your emails are secure, however it will only work with other Gmail users. Another popular choice is ProtonMail which boasts having end-to-end encryption and a setup that keeps you anonymous by not tracking IP logs.
The third and best option is investing in a software like Office 365. While the Microsoft program makes encryption easier to implement, it’s still not completely intuitive which means you’ll need someone tech-savvy to help you out. If you need a hand getting started, reach out to us today.
Bottom line: email can be more secure, but only if it’s set up properly.
3. Facebook Messenger
You’re browsing Facebook anyway, so why not send a friend a message through their built-in, direct messaging platform? The big issue to keep in mind is the fact that the platform is owned by Facebook — a company who's business is collecting and monetizing from users’ personal data. Facebook Messenger is also not end-to-end encrypted by default.
Messenger does have an option to turn on “secret conversations” which allows messages to self-destruct after a certain amount of time, but the feature isn’t obvious nor intuitive to most users.
In 2019, Mark Zuckerberg made a dramatic pledge to apply end-to-end encryption to user communications across all its platforms by default. Earlier this year, Jon Millican, Facebook software engineer for Messenger privacy, reportedly said, "While we have made progress in the planning, it turns out that adding end-to-end encryption to an existing system is incredibly challenging and involves fundamentally rethinking almost everything."
Bottom line: if you’re concerned about your personal data being collected and sold, Facebook Messenger likely isn’t the best option for you.
Bottom line: Even if your conversations stay private, WhatsApp can collect your metadata and put it in their “about you” file on Facebook.
Now that we’ve gotten the top (and less secure) modes of communication out of the way, let’s focus on the best-ranked apps. Telegram, which launched in 2013, is a good solution for those who work across multiple devices. It isn’t hooked up to a phone number and allows the option to require a passcode when opening the app on your device, making your account both flexible and secure.
Much like with the Messenger app, Telegram offers a “secret chat” function which enables end-to-end encryption. These secure conversations leave no trace on their servers, support self-destruction and do not allow message forwarding. In addition, they are not uploaded to the Telegram cloud and can only be accessed on their devices of origin.
Though they historically used private encryption, they’ve recently made the switch to an open source code. This is great news because now anyone can check out their code, protocol and API to see how everything works though GitHub. This adds a solid level of transparency for users.
Bottom line: if you’re looking for a secure, cloud-based program that’s available to use on multiple devices, Telegram is a good solution.
Unlike its competitors, privacy isn’t an optional mode on Signal — it’s the basis of its existence. What makes Signal different can be traced to its origin. First launched in 2010, the app is an independent nonprofit that is not tied to any major tech companies. Its development is supported entirely by grants and donations, including a fiscal sponsorship from the Freedom of the Press Foundation which promotes its use to journalists and whistleblowers.
On its website, Signal dotes the tagline, “No ads. No trackers. No kidding.” And, they really mean it. Like Telegram, Signal uses open-source encryption, plus they subject the entire platform to security audits on an ongoing basis. This means cryptographers have plenty of opportunities to search it for flaws.
Another perk about the app is the fact that they store very little information about you. From a functionality standpoint, you can still share videos, voice memos, GIFs and more, all while knowing your messages are fully encrypted and impossible to intercept.
Considering the focus of the program is based on its security, Signal is still quite user friendly and includes all the “fun” stuff you’d expect from a messaging app. You can easily setup “disappearing messages” which go away after the text has been read and can even wipe out all your conversations simultaneously.
Bottom line: Signal is one of the most secure texting apps you can get.
This list is extensive but certainly not exhaustive! There are many communications platforms available to choose from and new programs are always coming out. Due to the nature of software changes, updates are constantly being made and in security, like in many things, there’s always room for improvement. Our hope is that through a better understanding of the different methods of messaging and some insights on what to look for, you'll be able to better evaluate your technology.
When it comes down to it, people often choose convenience. After all, you want to be on a program that your family, friends and associates are using. Remember: your conversations are only as secure as the person you’re sharing them with. Always be sure you know who’s on the other end of your chat and only open links you’re expecting.