Privacy, data protection and secure communication are always hot topics in the instant messaging and social networking world. Sometimes the issues at hand are greatly exaggerated by the media, however, quite often messaging apps have security and privacy flaws which users should be aware of. There aren’t many messaging apps which serve as a good example of how to protect as user’s privacy and personal data. That’s why today I want to take a closer look which messaging apps offer secure communication.
Market leader of messaging apps does not serve as a good example
One of the market leading messaging apps, Whatsapp, is definitely not a good example when it comes to protecting a users privacy. Whatsapp has had several security issues in the past. For years on most devices a user’s personal data, content and address book have been transmitted to the server unencrypted. Whatsapp has used HTTPS, but then has sent messages and content unencrypted, and even your ID visible in plain text. Thus in Wi-Fi networks it has been very easy for others to intercept a user’s data and to follow conversations. Actually there is even an Android app called “Whatsapp Sniffer” which allows to easily scan other people’s conversations in the same Wi-Fi. Only recently Whatsapp said to have closed these encryption issues. However, with millions of clients and different version out in the market, it will take a longer time till the existing security issues are really closed. And it remains to be seen if this encryption is a save one at all. Besides Whatsapp is an American company whose privacy and data protection enforcements are generally weak. From a market leading messaging app with millions of users I would have expected a better security and privacy concept.
European messaging apps better for privacy and data protection
Actually for better privacy and data protection it might be worth looking at European messaging apps, which have much stronger legal requirements in regard to protecting a user’s data. So far a good example is Grouptime from Germany. The Germans have some of the strongest data protection legislation in the world, and regular investigate and challenge the policies and practices of Facebook, Google and the like. Grouptime seems to completely anonymize your personal data and use secure encryption and transmission methods. In addition, the messaging app aims to provide an easy to use private messaging and sharing service by default, so the app has a simple privacy concept by design where no complicated settings are required. For further details read one of Grouptime‘s last blog posts how they protect your privacy and data.
Facebook Messenger and iMessage seem to have flaws
One would think that Apple’s iMessage is generally safe. The recent SMS spoofing issues show that privacy flaws currently exist, and also there have been some other smaller security issues with iMessage in the past. I guess, since iMessage and iCloud are rather new services, these issues will be solved by Apple soon. And one of the good things of iMessage is, that data is transmitted encrypted. However, the question for me is, to what degree my messaging data is really anonymized in Apple’s iCloud? Probably it isn’t encrypted on iCloud.
The Facebook Messenger is also not a good reference for a secure and private messaging app. Well, Facebook alone has already enough flaws when it comes to privacy and data protection. Recently though, it became apparent that Facebook seems to regularly scan your messages for specific keywords.
There are lots of other messaging apps out there. In general, I would say that smaller messaging apps are more likely to have security flaws, that are yet undetected, and that European providers offer better data protection (like e.g. Grouptime). Anyway, SSL encryption (https) should be a standard for messaging apps to provide privacy and security for their users. I will do some more research, and will follow up with more news on that topic in the near term.