Advertisement

Encrypted Messenger Apps: Are Any Actually Safe?

By Devin Partida | Reviewed by Dr. Tehseen ZiaCheckmark | Last updated: April 8, 2021
Key Takeaways

The safety of encrypted messenger apps depends on several factors, including how the information is encrypted, how data is stored and if it uses open-source coding or not.

Source: iStock/Pogonici

Privacy can be challenging to achieve in today’s hyper-connected, always-online world. Encrypted messenger apps like WhatsApp provide users with relief and a sense of security amid this interconnectedness. At least, they’re supposed to.

Advertisement

When WhatsApp announced a controversial new privacy policy, that sense of security vanished for many users. To keep using the app, users have to agree to let WhatsApp share their data with other Facebook services. This move has left many questioning the safety of the messaging platform.

Encrypted messenger apps are mostly safe, but some may not be as secure as users want to believe. Here’s a closer look.

Advertisement

Why May Encrypted Messenger Apps Be Unsecure?

The safety appeal of encrypted messaging apps is in the name. Unlike many messenger services and social media platforms, these apps encrypt users’ messages, so any data intercepted by third parties is unreadable. Just because a service offers encryption doesn’t necessarily mean it’s secure, though.

In many apps, end-to-end encryption is an optional feature. Users have to opt for it intentionally, and they may not realize this. Encryption isn’t the only security concern with an app like this, either. For example, the WhatsApp controversy is about data sharing and monetization, not encryption.

WhatsApp isn’t sharing messages with the rest of the Facebook network, but it can share user data. That could include information about users’ online behavior, location, purchases, and some identifiers like phone numbers. That’s a lot of personal information going to other services for an app built on the guise of privacy.

Can Encrypted Messages Be Hacked?

End-to-end encryption works by scrambling a sender’s data and giving the key to unscramble it to the recipient. Since the recipient is the only one with that key, they’re the only one who can read the data. If a hacker or other third party intercepted a message, they couldn’t read it without the encryption key.

Advertisement

That doesn’t mean encrypted messages are hack-proof. Hackers infiltrated WhatsApp in 2019 and installed spyware on users’ devices. Since this spied on users’ screens instead of intercepting data, it let hackers view messages before they were encrypted or after they were unencrypted.

Spyware works around encryption instead of trying to break it. If hackers can read messages before or after they’re sent, it doesn’t matter if they were encrypted in between. Consequently, any app that doesn’t also provide other security measures isn’t secure.

End-to-end encryption doesn’t always stop man-in-the-middle (MitM) attacks, either. In these attacks, a hacker controls a conversation between two parties without their knowledge, sometimes stripping the traffic of encryption. Attackers can steal the authentication token that holds the encryption data, letting them read any messages that come through.

Despite these vulnerabilities, end-to-end encryption provides some of the best data protection out there. Users should be aware that it isn’t a perfect solution, though.

Is Signal Safe?

Many users flocked to Signal after Elon Musk promoted it as an alternative to WhatsApp after the controversy arose. Even before the WhatsApp update, privacy advocates have praised Signal. So what makes it different from other encrypted messenger apps?

Unlike WhatsApp, Signal is explicitly not-for-profit. As such, a big tech company like Facebook won’t likely acquire it, and it doesn’t sell ads. Since it doesn’t sell ads, it doesn’t have as much reason to collect and share user data. It only gathers metadata essential to app functionality.

Singal’s source code is also open-source, enabling other security experts to audit it, which allows for better security updates. At the same time, this means that hackers can also examine its code to find vulnerabilities. So while being open-source can promote better security, it comes with some risks as well.

The app also features other security tools like face blurring and optional passwords, providing an extra layer of safety. Thanks to all of these features, Signal is likely the most secure encrypted messaging app out there.

What Are the Safest Encrypted Messenger Apps?

There are other secure messaging apps apart from Signal, too. Some of the best available options today are:

  • Wickr: This platform features plenty of security tools, from self-destructing messages to screenshot blocking. The lack of users may turn some people away, though.

  • Jabber/OTR: These aren’t messaging apps, but protocols that enable secure messaging. The setup process doesn’t require any personal information and the code is open-source, but it doesn’t run as smoothly as other options.

  • Viber: Viber has an easy-to-understand guide to encryption and can self-destruct messages. It doesn’t encrypt group messages, but one-on-one conversations are secure.

  • Dust: The Dust app has no permanent storage and deletes messages within 100 seconds of opening. While Dust’s code isn’t open-source, its robust security features, like screenshot warnings, provide plenty of security.

What Should You Look for in Encrypted Messenger Apps?


When judging the security of messenger apps, there are a few key points to consider. The most important thing is end-to-end encryption, which apps like Signal use. Some apps use encryption-in-transit, which is better than nothing but doesn’t secure messages through their entire journey, leaving them more vulnerable to MitM attacks.

Open-source code is another thing to consider. It enables faster, more secure patches and affirms an app’s integrity, but remember that it can also introduce risks. Along those same lines, look at a service’s data collection and sharing policy. The more data an app collects, especially if it shares it, the less secure it is.

One security consideration that often goes overlooked is backups. Some apps encrypt messages but don’t encrypt their cloud backups. Message backups, in general, aren’t a good idea if privacy is the primary concern.

How Can Encrypted Messaging Security Improve?

As a whole, encrypted messenger apps could stand to improve their security. As edge computing becomes more common, it could prove a valuable cybersecurity solution. Edge computing leverages distributed micro data-centers instead of a centralized server, making it more challenging to hack and cripple an entire database.

Edge networks could also encrypt data as it passes further in. This extra layer of encryption would help make all traffic on a network more secure.

Continuous monitoring and frequent security audits help protect against threats like spyware. Some encrypted messenger apps do a better job of this than others, but the sector as a whole could improve. Encryption gives users a sense of security, so these apps need to do all they can to live up to that.

Several states have recently enacted data privacy laws, which could make messaging apps more secure. Many of these restrict how companies can collect and share user data, which is a leading concern with messenger apps. As more regions pass these laws, some services will have no choice but to improve security.

Even the Most Secure Software Isn’t Perfect

No matter how secure an app is, it will never be impenetrable. Cybersecurity is a dynamic field. Cybercriminals are always developing new ways around defenses, and developers must find new ways to stop them.

While no software is perfect, some apps have more room for improvement than others. Users must consider various security factors and do their research before using a potentially unsafe platform. The best step towards privacy a person can take is staying informed.

Advertisement

Share This Article

  • Facebook
  • LinkedIn
  • Twitter
Advertisement

Written by Devin Partida | Editor-in-Chief for ReHack.com

Profile Picture of Devin Partida

Devin Partida is the Editor-in-Chief for ReHack.com, and has had her freelance work featured in the official CES magazine, as well as various other tech publications. When she isn't writing about the latest tech, gadgets or cybersecurity trends, you can find her biking around the Golden Gate Bridge. To view Devin's full professional portfolio, please visit this page.

Related Articles

Go back to top