Tag Archives: security

Top 10 Questions To Select A Secure And Private Messaging App

Couple of weeks ago we came across important questions for selecting secure messaging apps for businesses. Many people have asked us, what consumers should take care of when selecting a private and secure messaging app? Ideally a provider of a messaging app should answer all the following questions with YES. Here we go:

1. Is the transmission of the messages and all communications between the app and the server protected with an SSL encryption?

2. Are the messages and content end-to-end encrypted? Meaning: Only the sender and the receiver of a message can read it (this is quite important)?

3. Are the messages stored in a completely encrypted form on the server?

4. Is the provider not able to read the messages on the server?

5. Does the provider completely anonymize user accounts, messaging logs and profiles, and thus fully protect the privacy of users?

6. Your address book data is only stored on your device, and not stored on the servers of the provider?

7. The messaging app provider has a strong privacy policy, and does not sell or trade user data?

8. Is there a regular backup of the data on the server?

9. Is all data stored on servers outside of the USA (where it cannot be easily accessed by US government agencies)?

10. Is the provider of the messaging app based outside of the USA (again: thus cannot be easily accessed by US government agencies)?

A lot of messaging apps claim to be completely safe and encrypted. However, there are huge differences between providers as you can tell by this questionnaire. Not a lot of apps can answer all questions with YES. You will have to judge by yourself, what questions and topics are most important for you, and thus select a private and secure messaging app for your needs.

New Messaging Apps and Current Trends

The first wave of messaging apps on smartphones had mainly one goal: To replace texting/SMS and offer better messaging at much lower cost. The instant messaging apps started with sending simple text messages, and then soon added the ability to exchange photos and other digital content, as well as nice features like delivered receipts. Nowadays, many messaging apps are far superior to texting/SMS, and several even offer group chats. To better understand, what the next wave of messaging apps will improve, it makes sense to have a closer look at current trends in the messaging space.

Stickers, Fun and Personal Messaging

Stickers have probably been the biggest trend among messaging apps for the last couple of months. In addition to the classical emoticons (emoji), stickers offer users an additional way to express themselves – referring to the questionable quote: “a sticker says more than a 1000 words”. Most major providers (e.g. Line, Viber, Kakao Talk, ChatON) have added stickers of all sorts: Comic figures, cartoons, art, popular brands, etc. These stickers are often available in packages, and in many cases they cost between $1 and $2. Stickers have become a substantial source of revenue for messaging apps – especially for the Asian providers, which generate millions of dollars with stickers.

Another way to make texting more fun and personal is the introduction of custom fonts. If a message can be sent in a custom font like a handwriting, marker, news or comic type, it enables the user to better express themselves and gives the message a personal note. Furthermore, with custom themes or backgrounds users can receive kind of a “mobile postcard”. The first messaging app that introduced custom fonts and themes for more personal messaging was Grouptime, but other providers seem to start to follow.

Single Purpose Messaging Apps

Snapchat was one of the first popular single purpose messaging apps. Snapchat allowed users to send photos only, and assured that they are deleted on the recipients device automatically. Recently, some other apps have tried to be successful with the single purpose approach as well: DingDong focuses on location sharing only and GIF Chat enables users to exchange animated GIFs only. The success of the single purpose messaging apps remains to be seen. If they offer differentiated functionality or a use case that cannot be easily replicated by the leading messaging apps, they have a chance to establish a niche for their product. However, e.g. a standard location sharing feature alone is probably not enough to make such a simple app attractive for a broader set of users.

GIF Chat

Better Group Messaging and Sharing

While group chats are a standard by now, the users are often not satisfied with standard group chat functionality anymore: For sharing of photos with friends, group chats are easy to set up, but are not visually nice and don’t provide quick feedback mechanisms. Even if group chats are easy to set up, if you regularly start group chats with the same people, there should be simpler ways to add recipients or save distribution lists. Or, if users start different topics within the same chat, the communication can get confusing. These are just some of many examples, where better group messaging functionality is required.

Thus, some providers are now offering sophisticated group messaging and sharing solutions for family and friends (e.g. Grouptime, Line Band).  Some of these apps really work like the combination of an instant messaging app and a private social network: There is real-time communication with push notifications, but the group messages are presented in a nice visual feed, even with the ability to like content. Once you have tried it, you will see how superior this is to traditional group chats.

Stronger Security and Privacy

Due to the latest PRISM and NSA affair, more and more users are worried about their privacy and demand stronger security features from messaging apps. As a result, several secure messaging apps have been announced (e.g. Hemlis, Whistle). However, since end-to-end security and complete privacy protection are complicated topics, it remains to be seen how secure and good these apps will be initially (UPDATE: At least Whistle seems not to be secure in its current version). In the meantime we expect the providers of established messaging services (at least the better ones) to improve their security and privacy features. From our point of view, security and strong data protection should be a standard for messaging apps, and not a feature.

Gaming and Public Chat Forums

Especially the Asian messaging providers have started to introduce games, third party services and public chat forums in their apps. This is basically the Facebook strategy: Building a platform for all apps and services, and trying to offer the user everything in one app. Users, who love games and public interest forums, will find a benefit from this approach. Still, for many users these apps will become to complex and cluttered with features, and they will prefer the more simple, focussed and let’s say traditional messaging apps.

Business Messaging Apps

For the business communication with colleagues and teams, messaging apps are becoming more and more important. Of course businesses could use traditional instant messaging apps like Skype, ICQ, etc. or the newer versions of Whatsapp, Viber, Line and Co., but often a dedicated messaging app for business communication has advantages.

Desktop and Mobile Apps Offered

Most business messaging apps not only offer mobile apps for iPhone and Android, but a desktop client to enable easy access to your messages. This is generally great, but requires a good synchronization mechanism between the various clients and the server. Besides push notifications for new messages need to be delivered reliably.

Since some of the business messaging apps have their origin on the desktop, reliable push notifications and synchronization are often not certain. So if you select a provider, make sure to test these features beforehand.

Video Communication and File Sharing

Business messaging apps enables users to have 1-to-1 and group chats. Several apps also feature persistent chat rooms for individual projects, teams or entire departments. In order to serve more of your business communication needs, some of these messaging apps offer the ability to share files, and some even enable video meetings for small teams.

Strong Security and Privacy Required

Nearly all business messaging apps use an SSL encryption for the transmission of the messages, and promote the security of their services as being as safe as a bank. However, be aware that there still can be strong differences in the security and privacy features of the various providers. Depending on the level of security you need, you might want to ask yourself the following questions:

  1. Is only the transmission of the messages encrypted, or are the messages themselves encrypted as well?
  2. Are the messages stored encrypted on the server? And can the provider read the messages?
  3. Do user accounts and profiles get anonymized, so their privacy is fully protected? And if not, what user data gets stored?
  4. How regularly does the provider backup data, and on the other hand delete delivered messages from the server?
  5. Is the data stored in the USA (where it can be easily accessed by government agencies), in Europe (where data protection is much stronger) or elsewhere?
  6. From what country is the provider of the business messaging app, and what are the underlying data protection laws?

Relatively Young Market

Yet, there are not many dedicated and capable business messaging apps available. Several providers have started out with desktop and web apps and then extended into mobile (e.g. the business messaging services YammerHallHipChat and OneTeam). In addition, some new providers with a focus on mobile are about to launch: GoComm will focus on messaging for mobile workforces, and Teamwire will offer secure enterprise group messaging for instant, personal and private messaging with teams and colleagues.

Overall, it is still a relatively young market and it will be interesting to see, how business messaging apps will simplify and improve the communication as well as help to grow the productivity of a workplace.

How PRISM Affects Messaging Apps

As a consequence of the PRISM scandal many users are worried about the protection of their privacy, and how safely service providers handle their data.

Probably most user data of messaging apps can be monitored

It seems that if you are not a USA citizen, the government and its agencies have less restrictions in regard to what data they can monitor. If you are a citizen of the USA, there seem to be more restrictions on how they can access your data.

Generally it is likely that the agencies get quicker access to companies based in the USA. In other countries legal hurdles will prevent a quick and direct access to a user’s data.

While reliable information is hardly available, not only big companies like Facebook, Sykpe, Google, Twitter, AOL, Microsoft, Apple, Yahoo, etc. are affected by PRISM, but probably as well many smaller service providers including the ones offering messaging apps and services.

Privacy and data protection unlikely with messaging app providers from the USA

Thus, most messaging app providers from the USA could well be affected by PRISM. And just to remember, some of them often haven’t had a history of being secure.

Overall, from a privacy perspective this can be worrying. It is not that the normal user has something to hide, but that her content and data might be monitored and stored somewhere without her knowledge.

Messaging services with end-to-end encryption from other countries beneficial 

Of course, people could turn to encrypt their messages, but many of the messaging apps offering encryption are not easy to use or not performant enough to be competitive. iMessage and Facetime are some of the exceptions which are said to be end-to-end encrypted. However, if Apple really has no master key to unlock your data, remains an open question.

If you are worried about your privacy, it is maybe worth taking a look at European messaging providers (for more info please read our secure and private sharing article). Some European countries like Germany have pretty strong law with regard to privacy and data protection. This could well be a safe harbor.

Why Instant Messaging Apps Are Replacing Classical Texting

With trillions of SMS messages sent every year, texting has been the standard way to exchange messages with friends and family on mobile phones for the last 20 years. However, currently “texting” as the messaging market leader is being disrupted and under strong attack by instant messaging apps. Many smartphone users are currently switching from classical text/SMS messages to newer instant messaging apps. The reasons for this replacement are pretty obvious:

Cheaper

Instant messaging apps use the data network of your smartphone to send messages cost-free via the internet. All you need is a data network for internet surfing, which most users have included already in their mobile network operator tariff or have available via public or private WiFi networks.

Thus sending messages with instant messaging apps is completely free of charge. For teenagers and young adults, who often send 100 messages per day, and previously had to pay $0,05-0,20 per message, this means huge savings.

Better

Instant messaging apps nowadays work the same way as texting (users receive a push notification on their smartphone for new messages), but offer users far more functionality.

While classical texting allows users to send simple text messages, exchanging photos is often not without difficulties. Instant messaging apps on the other hand allow users to easily exchange all kind of digital contents with friends: Photos, videos, links, locations and voice messages are pretty much the standard among some of the better services (e.g. Whatsapp, Kik Messenger, ChatOn, KakaoTalk, TextMe, MiTalk). Some even allow you to send dates from your calendar, simple drawings, locations from comprehensive data bases, multiple photos at once, etc.

Some instant messaging apps even have great group messaging capabilities. Users are able to easily set up group chats with family or friends. These can be used to plan and coordinate activities of groups or privately share digital content (e.g. Grouptime).

Besides instant messaging apps show users, if their messages were received and if recipients are online.

More innovative

Instant messaging apps innovate in very short cycles. The competition is hard, and thus service providers regularly improve their apps and launch new features. This is obviously a change from the texting world, where the lack of competition hardly forced the mobile network operators to innovate at all in 20 years time.

Private and Secure Messaging Apps

Privacy, data protection and secure communication are always hot topics in the instant messaging and social networking world. Sometimes the issues at hand are greatly exaggerated by the media, however, quite often messaging apps have security and privacy flaws which users should be aware of. There aren’t many messaging apps which serve as a good example of how to protect as user’s privacy and personal data. That’s why today I want to take a closer look which messaging apps offer secure communication.

Market leader of messaging apps does not serve as a good example

One of the market leading messaging apps, Whatsapp, is definitely not a good example when it comes to protecting a users privacy. Whatsapp has had several security issues in the past. For years on most devices a user’s personal data, content and address book have been transmitted to the server unencrypted. Whatsapp has used HTTPS, but then has sent messages and content unencrypted, and even your ID visible in plain text. Thus in Wi-Fi networks it has been very easy for others to intercept a user’s data and to follow conversations. Actually there is even an Android app called “Whatsapp Sniffer” which allows to easily scan other people’s conversations in the same Wi-Fi. Only recently Whatsapp said to have closed these encryption issues. However, with millions of clients and different version out in the market, it will take a longer time till the existing security issues are really closed. And it remains to be seen if this encryption is a save one at all. Besides Whatsapp is an American company whose privacy and data protection enforcements are generally weak. From a market leading messaging app with millions of users I would have expected a better security and privacy concept.

European messaging apps better for privacy and data protection

Actually for better privacy and data protection it might be worth looking at European messaging apps, which have much stronger legal requirements in regard to protecting a user’s data. So far a good example is Grouptime from Germany. The Germans have some of the strongest data protection legislation in the world, and regular investigate and challenge the policies and practices of Facebook, Google and the like. Grouptime seems to completely anonymize your personal data and use secure encryption and transmission methods. In addition, the messaging app aims to provide an easy to use private messaging and sharing service by default, so the app has a simple privacy concept by design where no complicated settings are required. For further details read one of Grouptime‘s last blog posts how they protect your privacy and data.

Facebook Messenger and iMessage seem to have flaws 

One would think that Apple’s iMessage is generally safe. The recent SMS spoofing issues show that privacy flaws currently exist, and also there have been some other smaller security issues with iMessage in the past. I guess, since iMessage and iCloud are rather new services, these issues will be solved by Apple soon. And one of the good things of iMessage is, that data is transmitted encrypted. However, the question for me is, to what degree my messaging data is really anonymized in Apple’s iCloud? Probably it isn’t encrypted on iCloud.

The Facebook Messenger is also not a good reference for a secure and private messaging app. Well, Facebook alone has already enough flaws when it comes to privacy and data protection. Recently though, it became apparent that Facebook seems to regularly scan your messages for specific keywords.

There are lots of other messaging apps out there. In general, I would say that smaller messaging apps are more likely to have security flaws, that are yet undetected, and that European providers offer better data protection (like e.g. Grouptime). Anyway, SSL encryption (https) should be a standard for messaging apps to provide privacy and security for their users. I will do some more research, and will follow up with more news on that topic in the near term.