Pagoda Blog


How Secure is Your Messaging App?

August 17, 2017

Everyone with a smartphone uses messaging apps to communicate with friends, family, and coworkers. iMessage, Facebook, Snapchat, Instagram, Twitter, Wechat, WhatsApp, Facetime, Google Hangouts, and Skype are just some of the apps dominating this over-saturated market. Amazon also plans to throw its hat into the arena with a messaging app called Anytime for smartphones, tablets, PCs, and smart watches. The app will have text and video, the ability to send photos with filters, play games, and engage with an array of Amazon services, from finding music and shopping retail to ordering food and chatting with businesses.

 

All of these messaging apps have one particular thing in common that should be called into question: all of them are free. Why is this? We may not pay monetarily for the luxury to instantly connect to millions of people worldwide but we do pay with our privacy.

 

Many messaging apps are constantly tracking your messaging habits, including the content of those messages. This data is then used to create targeted advertising and new products that seem to know our wants and needs just a little too well. Whether you’re sharing sensitive company data or personal photos, the idea that tech giants have access to all this data should make you a bit uneasy. Not all apps are created equal, however, and with all the options, we can and should choose a messaging app that honors our privacy.

 

Here are four questions you should ask before connecting with friends, family, and colleagues via a messaging app:

 

What type of encryption does the app use?

Encrypted sites and apps use complex algorithms to scramble letters and numbers, making the information indecipherable to anyone trying to intercept the data without your permission. All major messaging apps use some form of encryption but they’re not all created equal. While your data may be indecipherable to hackers, the owners of the messaging app sometimes keep the key to decrypt your messages so they can sell the data to marketing groups for targeted advertising. While this is a seemingly benign use of your personal information, your data is vulnerable to hackers if they break into the messaging app’s server.

 

End-to-end encryption (E2EE) is the most secure as it guarantees that only you and the intended message recipient can decipher the message. Open Whisper Systems Signal Protocol is the most trusted version of E2EE. WhatsApp activates Signal by default but not all messaging apps that use it do the same. Facebook Messenger, for instance requires that you manually choose the “secret” option on the top right of the “new message” screen each time you send a message.

Is the app’s software open-source?

Open-source means that a software’s code is available to the public to review and critique. It doesn’t guarantee security but it allows experts to check for back doors and bugs and warn users of these potential security flaws. Telegram and Signal are both open-source messaging apps.

 

What type of message deletion does it offer?

If your phone is stolen and hacked into, encryption is useless. The only way to protect your messages from prying eyes is to delete them after they’re sent. Most apps allow you to manually delete messages from your own device but some go further and allow you to delete them from the recipient’s device as well. The messaging apps Telegram, Signal, and Wickr automatically delete messages after a set amount of time via a self-destruct feature.

 

How much metadata is stored with the app?

Regardless of the level of encryption or message deletion options, every messaging app stores some of your information. This information can include your location when you sent a particular message, who you sent it to, what time it was sent, and other data beyond the actual content of your messages.

Bruce Schneier, security expert and CTO of Co3 Systems, said in his 2014 keynote address to SOURCE Boston, “Metadata is far more intimate than our conversations. It shows where we go, our interests, our relationships – it shows who we are.”

 

We should not take the value of our metadata lightly. Always review the metadata storage policies of a messaging app to find out what type of information the company stores on their server and for how long. Signal stores the least metadata of any major message app – the only data recorded is the last time each user connected to the server. That’s it. No contacts, locations, or even the exact time a message was sent, only what day. To minimize the information you share, you can also choose not to share your phone’s contact list with messaging apps.

 

For more information about the security of messaging apps, check out TechRadar’s top ten best secure messaging apps of 2017 and this detailed comparison between WhatsApp, Allo, and Signal.

 

Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and learn how to protect and grow your business with monthly IT tips from our experts. Subscribe today.

 

Need ongoing IT support for your business? Contact us for a free consultation. We’d love to work with you!

 

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at support@pagoda-tech.com to schedule a complimentary IT consultation.

 




Return to Pagoda Blog Main Page