Tag Archives: privacy

Top 10 Questions To Select A Secure And Private Messaging App

Couple of weeks ago we came across important questions for selecting secure messaging apps for businesses. Many people have asked us, what consumers should take care of when selecting a private and secure messaging app? Ideally a provider of a messaging app should answer all the following questions with YES. Here we go:

1. Is the transmission of the messages and all communications between the app and the server protected with an SSL encryption?

2. Are the messages and content end-to-end encrypted? Meaning: Only the sender and the receiver of a message can read it (this is quite important)?

3. Are the messages stored in a completely encrypted form on the server?

4. Is the provider not able to read the messages on the server?

5. Does the provider completely anonymize user accounts, messaging logs and profiles, and thus fully protect the privacy of users?

6. Your address book data is only stored on your device, and not stored on the servers of the provider?

7. The messaging app provider has a strong privacy policy, and does not sell or trade user data?

8. Is there a regular backup of the data on the server?

9. Is all data stored on servers outside of the USA (where it cannot be easily accessed by US government agencies)?

10. Is the provider of the messaging app based outside of the USA (again: thus cannot be easily accessed by US government agencies)?

A lot of messaging apps claim to be completely safe and encrypted. However, there are huge differences between providers as you can tell by this questionnaire. Not a lot of apps can answer all questions with YES. You will have to judge by yourself, what questions and topics are most important for you, and thus select a private and secure messaging app for your needs.

Advertisement

New Messaging Apps and Current Trends

The first wave of messaging apps on smartphones had mainly one goal: To replace texting/SMS and offer better messaging at much lower cost. The instant messaging apps started with sending simple text messages, and then soon added the ability to exchange photos and other digital content, as well as nice features like delivered receipts. Nowadays, many messaging apps are far superior to texting/SMS, and several even offer group chats. To better understand, what the next wave of messaging apps will improve, it makes sense to have a closer look at current trends in the messaging space.

Stickers, Fun and Personal Messaging

Stickers have probably been the biggest trend among messaging apps for the last couple of months. In addition to the classical emoticons (emoji), stickers offer users an additional way to express themselves – referring to the questionable quote: “a sticker says more than a 1000 words”. Most major providers (e.g. Line, Viber, Kakao Talk, ChatON) have added stickers of all sorts: Comic figures, cartoons, art, popular brands, etc. These stickers are often available in packages, and in many cases they cost between $1 and $2. Stickers have become a substantial source of revenue for messaging apps – especially for the Asian providers, which generate millions of dollars with stickers.

Another way to make texting more fun and personal is the introduction of custom fonts. If a message can be sent in a custom font like a handwriting, marker, news or comic type, it enables the user to better express themselves and gives the message a personal note. Furthermore, with custom themes or backgrounds users can receive kind of a “mobile postcard”. The first messaging app that introduced custom fonts and themes for more personal messaging was Grouptime, but other providers seem to start to follow.

Single Purpose Messaging Apps

Snapchat was one of the first popular single purpose messaging apps. Snapchat allowed users to send photos only, and assured that they are deleted on the recipients device automatically. Recently, some other apps have tried to be successful with the single purpose approach as well: DingDong focuses on location sharing only and GIF Chat enables users to exchange animated GIFs only. The success of the single purpose messaging apps remains to be seen. If they offer differentiated functionality or a use case that cannot be easily replicated by the leading messaging apps, they have a chance to establish a niche for their product. However, e.g. a standard location sharing feature alone is probably not enough to make such a simple app attractive for a broader set of users.

GIF Chat

Better Group Messaging and Sharing

While group chats are a standard by now, the users are often not satisfied with standard group chat functionality anymore: For sharing of photos with friends, group chats are easy to set up, but are not visually nice and don’t provide quick feedback mechanisms. Even if group chats are easy to set up, if you regularly start group chats with the same people, there should be simpler ways to add recipients or save distribution lists. Or, if users start different topics within the same chat, the communication can get confusing. These are just some of many examples, where better group messaging functionality is required.

Thus, some providers are now offering sophisticated group messaging and sharing solutions for family and friends (e.g. Grouptime, Line Band).  Some of these apps really work like the combination of an instant messaging app and a private social network: There is real-time communication with push notifications, but the group messages are presented in a nice visual feed, even with the ability to like content. Once you have tried it, you will see how superior this is to traditional group chats.

Stronger Security and Privacy

Due to the latest PRISM and NSA affair, more and more users are worried about their privacy and demand stronger security features from messaging apps. As a result, several secure messaging apps have been announced (e.g. Hemlis, Whistle). However, since end-to-end security and complete privacy protection are complicated topics, it remains to be seen how secure and good these apps will be initially (UPDATE: At least Whistle seems not to be secure in its current version). In the meantime we expect the providers of established messaging services (at least the better ones) to improve their security and privacy features. From our point of view, security and strong data protection should be a standard for messaging apps, and not a feature.

Gaming and Public Chat Forums

Especially the Asian messaging providers have started to introduce games, third party services and public chat forums in their apps. This is basically the Facebook strategy: Building a platform for all apps and services, and trying to offer the user everything in one app. Users, who love games and public interest forums, will find a benefit from this approach. Still, for many users these apps will become to complex and cluttered with features, and they will prefer the more simple, focussed and let’s say traditional messaging apps.

Business Messaging Apps

For the business communication with colleagues and teams, messaging apps are becoming more and more important. Of course businesses could use traditional instant messaging apps like Skype, ICQ, etc. or the newer versions of Whatsapp, Viber, Line and Co., but often a dedicated messaging app for business communication has advantages.

Desktop and Mobile Apps Offered

Most business messaging apps not only offer mobile apps for iPhone and Android, but a desktop client to enable easy access to your messages. This is generally great, but requires a good synchronization mechanism between the various clients and the server. Besides push notifications for new messages need to be delivered reliably.

Since some of the business messaging apps have their origin on the desktop, reliable push notifications and synchronization are often not certain. So if you select a provider, make sure to test these features beforehand.

Video Communication and File Sharing

Business messaging apps enables users to have 1-to-1 and group chats. Several apps also feature persistent chat rooms for individual projects, teams or entire departments. In order to serve more of your business communication needs, some of these messaging apps offer the ability to share files, and some even enable video meetings for small teams.

Strong Security and Privacy Required

Nearly all business messaging apps use an SSL encryption for the transmission of the messages, and promote the security of their services as being as safe as a bank. However, be aware that there still can be strong differences in the security and privacy features of the various providers. Depending on the level of security you need, you might want to ask yourself the following questions:

  1. Is only the transmission of the messages encrypted, or are the messages themselves encrypted as well?
  2. Are the messages stored encrypted on the server? And can the provider read the messages?
  3. Do user accounts and profiles get anonymized, so their privacy is fully protected? And if not, what user data gets stored?
  4. How regularly does the provider backup data, and on the other hand delete delivered messages from the server?
  5. Is the data stored in the USA (where it can be easily accessed by government agencies), in Europe (where data protection is much stronger) or elsewhere?
  6. From what country is the provider of the business messaging app, and what are the underlying data protection laws?

Relatively Young Market

Yet, there are not many dedicated and capable business messaging apps available. Several providers have started out with desktop and web apps and then extended into mobile (e.g. the business messaging services YammerHallHipChat and OneTeam). In addition, some new providers with a focus on mobile are about to launch: GoComm will focus on messaging for mobile workforces, and Teamwire will offer secure enterprise group messaging for instant, personal and private messaging with teams and colleagues.

Overall, it is still a relatively young market and it will be interesting to see, how business messaging apps will simplify and improve the communication as well as help to grow the productivity of a workplace.

Messaging Apps for Couples

Today I want to write a short post about messaging apps for couples. For modern-day couples these kind of messaging apps can be advantageous. Especially in situations where a spouse travels for work, or where the couple is in a long distance relationship.

A Private Space for Couples to Share

The most famous couple messaging apps are Avocado, Between and Couple. Another one called FeelMe is currently in the making. All these apps provide a private space for couples to share messages, photos, voice mails and videos. The advantage compared to classical texting is that you have dedicated app for your spouse, which you only have to open and can start texting right away (without searching for her/him). Some couples value a dedicated app where private moments and the history of their messaging texts are kept.

Between App for Couples

Special Features for Couples in Long Distance Relationships

However, since the benefits above alone might not be enough for some, most of these apps also offer shared to-do lists, sketches, albums and calendars. Further, apps like Couple and Avocado even offer “touch” features, showing when the other person is touching the phone. This should make the other person feel closer, even when she/he might be thousands of miles away due to a long distance relationship.

All couples apps above have a pretty nice design and user interface. If you are in search of a private messaging app for your spouse, try them out, and see which one best fits your need.

How PRISM Affects Messaging Apps

As a consequence of the PRISM scandal many users are worried about the protection of their privacy, and how safely service providers handle their data.

Probably most user data of messaging apps can be monitored

It seems that if you are not a USA citizen, the government and its agencies have less restrictions in regard to what data they can monitor. If you are a citizen of the USA, there seem to be more restrictions on how they can access your data.

Generally it is likely that the agencies get quicker access to companies based in the USA. In other countries legal hurdles will prevent a quick and direct access to a user’s data.

While reliable information is hardly available, not only big companies like Facebook, Sykpe, Google, Twitter, AOL, Microsoft, Apple, Yahoo, etc. are affected by PRISM, but probably as well many smaller service providers including the ones offering messaging apps and services.

Privacy and data protection unlikely with messaging app providers from the USA

Thus, most messaging app providers from the USA could well be affected by PRISM. And just to remember, some of them often haven’t had a history of being secure.

Overall, from a privacy perspective this can be worrying. It is not that the normal user has something to hide, but that her content and data might be monitored and stored somewhere without her knowledge.

Messaging services with end-to-end encryption from other countries beneficial 

Of course, people could turn to encrypt their messages, but many of the messaging apps offering encryption are not easy to use or not performant enough to be competitive. iMessage and Facetime are some of the exceptions which are said to be end-to-end encrypted. However, if Apple really has no master key to unlock your data, remains an open question.

If you are worried about your privacy, it is maybe worth taking a look at European messaging providers (for more info please read our secure and private sharing article). Some European countries like Germany have pretty strong law with regard to privacy and data protection. This could well be a safe harbor.

The Real Cost of Free Messaging Apps

Currently there are basically two types of messaging apps in the market: The first type has to be bought by the user for a license fee or a yearly subscription. The pricing is normally in the $1-2 range. The second type is free, and either comes with advertising or various in-app purchases to get the full functionality of the app.

Free messaging apps are users first choice

Needless to say, a user often goes for the free messaging apps. Especially if the feature set of the messaging app is competitive and compelling, only having to deal with ads seems pretty cheap initially. Besides many free messaging apps in the first 1-2 year after their launch don’t even show advertising to increase user growth. But make no mistake, sooner or later you will pay the price.

If you are lucky, a free messaging app later decides to monetize via an affordable subscription. If you are unlucky, you will get ads, which will finally end your privacy and data protection. To better target ads, providers of messaging apps need as much information as possible about their users. If you write a message to a friend, that you want to go shopping for some shoes, wouldn’t it be great to get some ads displayed about some shoe shops in your neighborhood? Well, probably you wouldn’t like it. However, for the messaging app provider these would be highly paid ads.

Advertising requires analysis of a user’s content and data 

The question will be, where to draw the line between privacy and data protection of the users on the one hand, and the monetization interests and required user information for targeting of ads on the other hand. In doubt many providers of free messaging apps will go for the higher monetization and against the user’s privacy. Which means: They will analyze your messaging content and often even hand it over to third parties.

That’s why I suggest, that as a user you should try to understand the revenue model, privacy and data protection of the messaging app you are going to use right from the start. Changing the messaging app and moving all your friends to another service later, is no fun at all and would incur a high additional cost.

Some messaging apps have a clear commitment to privacy and data protection

The good news is: There are some messaging apps that make a clear commitment to privacy, data protection and against advertising, and monetize via in-app purchases or with an affordable yearly subscription. Good examples are Whatsapp (SMS alternative) and Grouptime (great for group messaging and sharing).

As of today many things described here, are not yet visible for users of messaging apps. Nevertheless, this is the future, because all free messaging apps have to make a profit somehow. You can decide, if it happens at the cost of your privacy.

Private Messaging and Sharing Apps

In general people seem to become more and more privacy aware. While a couple of years ago social media and its related public sharing were a major trend, nowadays a kind of reverse trend has emerged. On the one hand people seem less comfortable with sharing everything with their hundreds of followers and friends on social networks like Facebook and Twitter, but complicated privacy settings make more private sharing a nuisance. And on the other hand people seem more worried what happens with their content and data, and how it might be used by these networks without their consent. Thus in order to stay in control of their privacy, people increasingly turn to messaging apps which can make it quite easy to privately share. There are some good examples of how messaging apps can help people to protect their privacy, and also some issues to be aware of.

“Self-destructing” Content

I guess an extreme example of privacy protection with a messaging app is Snapchat, which is mainly used for photo sharing. The sender determines how long a photo is visible for the recipient (the maximum viewing time is 10 seconds), and afterwards the photo is not viewable anymore. The app is a big hit among teens, who use the app for sometimes doubtful use cases, which are also referred to “sexting”. Having said that, while sharing “self-destructing” images seems to do a job, for sharing everything else (text messages, locations, links, etc.) the app is useless. Besides the user interface is very basic, and people who look for beautiful design will be rather turned off. Facebook already cloned Snapchat with the app “Poke”. However, Facebook is probably not the right choice when it comes to privacy. We generally expect that “self-destructing” content will become a feature of messaging apps and social networks. So for those of you who don’t need this right away, simply wait a couple of months and your messaging app of choice will probably include such a feature.

Private Sharing and Group Messaging

Most messaging apps (e.g. Whatsapp, Line, WeChat, ChatOn, FB Messenger) have group chats by now, which more and more people also use for private sharing with groups. Well, group chats are pretty useful for coordinating, but for private sharing they are far from perfect. First, the chats with the bubble style are not clearly laid out and can be confusing, especially when it comes to sharing content like photos, links and locations. And second, setting up and inviting people to a group is still too complicated and not really adequate for personal sharing. Our preferred solution for private group sharing is an app called Grouptime, which is a private social network that combines group messaging and classical social network sharing. With its beautiful and simple to use interface, the app makes it actually really easy to personally share all kinds of content with the people you choose. Besides grouptime allows you to share multiple photos at once, and displays large images of contents like locations, links and photos. Due to a recent blog post it seems that privacy protection is very important to Grouptime. So if your looking for an app to privately share with family and close friends, and haven’t tried Grouptime, check it out.

No Advertising

This is more a side note, but an important one: Messaging apps that include advertisements, normally need to analyze and mine user data for better targeting of ads. So if your privacy is important to you, make sure to choose a messaging app with a business model that does not rely on advertising.

European Provider

We would choose an European messaging app (e.g. Grouptime, Moped, Threema, Yuilop, MySMS, etc.), simply because Europe has by far the best law enforcement and civil rights when it comes to privacy and data protection. Especially the US-based services were not always the best examples when it came to security and privacy protection in recent years….not to mention the lack of privacy laws in the US.

Encrypted Communication

While for many users encryption is not a must-have feature (who wants to spy on me anyway?), nowadays it is often a standard practice among messaging apps to encrypt the communication (e.g. via https) as well as a users data. If this is a must-have feature for private sharing for you, simply check with your messaging app of choice. The required information is normally available directly on a providers website.

Private and Secure Messaging Apps

Privacy, data protection and secure communication are always hot topics in the instant messaging and social networking world. Sometimes the issues at hand are greatly exaggerated by the media, however, quite often messaging apps have security and privacy flaws which users should be aware of. There aren’t many messaging apps which serve as a good example of how to protect as user’s privacy and personal data. That’s why today I want to take a closer look which messaging apps offer secure communication.

Market leader of messaging apps does not serve as a good example

One of the market leading messaging apps, Whatsapp, is definitely not a good example when it comes to protecting a users privacy. Whatsapp has had several security issues in the past. For years on most devices a user’s personal data, content and address book have been transmitted to the server unencrypted. Whatsapp has used HTTPS, but then has sent messages and content unencrypted, and even your ID visible in plain text. Thus in Wi-Fi networks it has been very easy for others to intercept a user’s data and to follow conversations. Actually there is even an Android app called “Whatsapp Sniffer” which allows to easily scan other people’s conversations in the same Wi-Fi. Only recently Whatsapp said to have closed these encryption issues. However, with millions of clients and different version out in the market, it will take a longer time till the existing security issues are really closed. And it remains to be seen if this encryption is a save one at all. Besides Whatsapp is an American company whose privacy and data protection enforcements are generally weak. From a market leading messaging app with millions of users I would have expected a better security and privacy concept.

European messaging apps better for privacy and data protection

Actually for better privacy and data protection it might be worth looking at European messaging apps, which have much stronger legal requirements in regard to protecting a user’s data. So far a good example is Grouptime from Germany. The Germans have some of the strongest data protection legislation in the world, and regular investigate and challenge the policies and practices of Facebook, Google and the like. Grouptime seems to completely anonymize your personal data and use secure encryption and transmission methods. In addition, the messaging app aims to provide an easy to use private messaging and sharing service by default, so the app has a simple privacy concept by design where no complicated settings are required. For further details read one of Grouptime‘s last blog posts how they protect your privacy and data.

Facebook Messenger and iMessage seem to have flaws 

One would think that Apple’s iMessage is generally safe. The recent SMS spoofing issues show that privacy flaws currently exist, and also there have been some other smaller security issues with iMessage in the past. I guess, since iMessage and iCloud are rather new services, these issues will be solved by Apple soon. And one of the good things of iMessage is, that data is transmitted encrypted. However, the question for me is, to what degree my messaging data is really anonymized in Apple’s iCloud? Probably it isn’t encrypted on iCloud.

The Facebook Messenger is also not a good reference for a secure and private messaging app. Well, Facebook alone has already enough flaws when it comes to privacy and data protection. Recently though, it became apparent that Facebook seems to regularly scan your messages for specific keywords.

There are lots of other messaging apps out there. In general, I would say that smaller messaging apps are more likely to have security flaws, that are yet undetected, and that European providers offer better data protection (like e.g. Grouptime). Anyway, SSL encryption (https) should be a standard for messaging apps to provide privacy and security for their users. I will do some more research, and will follow up with more news on that topic in the near term.