The most popular messaging app has hundreds of millions of users, but how secure are they really. The Electronic Frontier Foundation has been finding out, producing a “secure messaging scorecard” to rate them on a range of criteria.
“Many companies offer ‘secure messaging’ products – but are these systems actually secure? We decided to find out, in the first phase of a new EFF Campaign for Secure & Usable Crypto,” explains the EFF.
“This scorecard represents only the first phase of the campaign. In later phases, we are planning to offer closer examinations of the usability. And the security of the tools that score the highest here.”
Are messages encrypted in transit, and encrypted so the provider can’t read them? Can you verify contacts’ identities? Are past communications secure if your keys are stolen? Is the code open to independent review, is the security design properly documented, and has the code been audited?
What’s interesting is that the apps that score seven green ticks are the likes of ChatSecure, CryptoCat, Signal, silent phone, Silent Text and TextSecure. Yet for most mainstream users, what defines their choice of messaging app is not “how secure is it?” but rather “which one is my friends using?”
BBM, Facebook chat, Google Hangouts, Kik Messenger, Skype, Snapchat, WhatsApp, and Viber. Don’t score well on the EFF’s criteria, for example. Apple’s iMessage actually does pretty well, with five out of seven ticks.
Even so, will the EFF’s new research encourage those mainstream messaging apps to beef up their security? Or are we going to continue seeing a divide. Security-conscious people messaging other security-conscious people on the niche apps. While everyone else continues using the popular apps.
The important security is in your choice of messaging app, and whether you’ve tried to persuade friends to switch from one to another on those grounds.