Friday, January 6, 2017

How Secure are Messaging Apps?


The EFF Explores Messaging App Security

Most of us can hardly remember the time when a telegram was the quickest way to send a short message. Many don’t even know what a telegram is (or was). We now not only have mobile devices to send instant messages anywhere in the world, we also have a massive range of messaging apps to choose from. Understandably, popular apps like BBM, Hangouts, WhatsApp, Snapchat, and iMessage have millions of users around the globe with no idea whether these are secure methods of communicating or not. The Electronic Frontier Foundation (EFF) decided to find out just how secure these apps actually are and launched a campaign to achieve this.

A Secure Messaging Scorecard

The EFF developed a scorecard with which messaging apps can be rated. It uses criteria like whether messages are encrypted in transit and whether the encryption is to such an extent that the provider can’t access the content. It also looks at whether the code is available for independent review, if it has been audited, and if the security design is well documented. The scorecard is the first phase of what is known as the ‘EFF Campaign for Secure & Usable Crypto’ and the findings were quite interesting. 

Security vs. Popularity

The apps that scored the highest in terms of security included: Signal, ChatSecure, CryptoCat, and TextSecure. Have you even ever heard of any of these?st at all. On the other hand, the better-known apps like Skype, WhatsApp, Viber, Facebook chat, Google Hangouts, and BBM did not score well at all. The only mainstream app that did relatively well is Apple’s iMessage. Will this research serve as encouragement to trendy app vendors to beef up their security? Otherwise people who are conscious of security will only have the option to message likeminded people on the more secure apps, or start sending telegrams again.