Secure Messaging Apps Comparison

Posted on

In this modern era, messaging apps are really important to communicate with others. They are more like foods that are consumed daily. There is no day without using messaging apps. Being aware how important messaging apps are, there are a lot of developers who offer messaging apps. All of them are different. As there are a lot of them, as a customer, you might be confused about what to use. One of the things that you surely want is that the app is secure. Before using one of them, check out the secure messaging apps comparison below:

Overview:

  1. Is the app recommended to secure my messages and attachments?
  • Google Messages: No
  • Apple iMessage: No
  • Facebook Messenger: No
  • Element/Riot: No
  • Signal: Yes
  • Microsoft Skype: No
  • Telegram: No
  • Theema: Yes
  • Viber: No
  • Facebook Whatsapp: No
  • Amazon Wickr Me: No
  • Wire: Yes
  • Session: Yes
  1. Main reasons why the app isn’t recommended and improvements to apps that are recommended:
  • Google Messages: Named as NSA partner in Snowden revelations; makes money from personal data; data not protected, not all data protected; no independent & recent code audit and security analysis; closed source
  • Apple iMessage: Named as NSA partner in Snowden revelations; data not protected, not all data protected; no independent & recent code audit and security analysis; closed source
  • Facebook Messenger: Named as NSA partner in Snowden revelations; encryption not enabled by default; makes money from personal data; data not protected, not all data protected; no independent & recent code audit and security analysis; closed source
  • Element/Riot: No independent & recent code audit and security analysis
  • Signal: Remove the mandatory requirement for users to sign up with a mobile number; provide more comprehensive independent assessments of security/privacy
  • Microsoft Skype: Named as NSA partner in Snowden revelations; encryption not enabled by default; makes money from personal data; data not protected, not all data protected; closed source
  • Telegram: Bespoke cryptography; encryption not enabled by default; data not protected; not all data protected
  • Theema: Make APIs and server code open source; implement perfect forward secrecy at thye end-to-end encryption layer; provide more comprehensive independent assessments of security/privacy
  • Viber: Data not protected, not all data protected; no independent & recent code audit and security analysis; closed source
  • Facebook Whatsapp: Named as NSA partner in Snowden revelations; messages can be read by Facebook if marked as “abusive”; makes money from personal data; data not protected, not all data protected; no independent & recent code audit and security analysis; closed source
  • Amazon Wickr Me: Former NSA chief Keith Alexander is on Amazon’s board of directors; funded by the CIA; recent security audits are not public; closed source
  • Wire: Further limit metadata and storage and logging; provide more comprehensive independent assessments of security/privacy
  • Session: Implement perfect forward secrecy at the end-to-end encryption layer; provide more comprehensive independent assessments of security/privacy

Details:

  1. Company jurisdiction
  • Google Messages: USA
  • Apple iMessage: USA
  • Facebook Messenger: USA
  • Element/Riot: USA
  • Signal: USA
  • Microsoft Skype: USA
  • Telegram: USA / UK / Belize / UAE
  • Theema:  Switzerland
  • Viber: Luxembourg / Japan
  • Facebook Whatsapp: USA
  • Amazon Wickr Me: USA
  • Wire: USA / Switzerland
  • Session: Australia
  1. Infrastructure jurisdiction
  • Google Messages: Worldwide (rollout on-going, not really sure about the exact locations, but it seems like the Google Cloud regions)
  • Apple iMessage: USA (Ireland and Denmark planned); iMessage runs on AWS and Google Cloud
  • Facebook Messenger: USA, Sweden (Ireland planned)
  • Element/Riot: UK (and potentially every jurisdiction, given it’s a decentralized messaging platform)
  • Signal: USA
  • Microsoft Skype: USA, Netherlands, Australia, Brazil, China, Ireland, Hong Kong, and Japan
  • Telegram: UK, Singapore, USA, and Finland
  • Theema: Switzerland
  • Viber: USA
  • Facebook Whatsapp: USA (not sure about the other locations)
  • Amazon Wickr Me: USA (not sure about the other locations)
  • Wire: EU
  • Session: Messages: Worldwide (uses de-centralised servers)
  1. Implicated in giving customers’ data to intelligence agencies:
  • Google Messages: Yes
  • Apple iMessage: Yes
  • Facebook Messenger: Yes
  • Element/Riot: No
  • Signal: No
  • Microsoft Skype: Yes
  • Telegram: No
  • Theema: No
  • Viber: No
  • Facebook Whatsapp: Yes
  • Amazon Wickr Me: No
  • Wire: No
  • Session: No
  1. Surveillance capability built into the app?
  • Google Messages: No
  • Apple iMessage: No
  • Facebook Messenger: No
  • Element/Riot: No
  • Signal: No
  • Microsoft Skype: Yes
  • Telegram: No
  • Theema: No
  • Viber: No
  • Facebook Whatsapp: No
  • Amazon Wickr Me: No
  • Wire: No
  • Session: No
  1. Does the company provide a transparency report?
  • Google Messages: Yes
  • Apple iMessage: Yes
  • Facebook Messenger: Yes
  • Element/Riot: No
  • Signal: Yes
  • Microsoft Skype: Yes
  • Telegram: No
  • Theema: Yes
  • Viber: No
  • Facebook Whatsapp: Yes
  • Amazon Wickr Me: Yes
  • Wire: Yes
  • Session: Yes
  1. Company’s general stance on customers’ privacy
  • Google Messages: Poor
  • Apple iMessage: Poor
  • Facebook Messenger: Poor
  • Element/Riot: Good
  • Signal: Good
  • Microsoft Skype: Poor
  • Telegram: Poor
  • Theema: Good
  • Viber: Poor
  • Facebook Whatsapp: Poor
  • Amazon Wickr Me: Poor
  • Wire: Good
  • Session: Good
  1. Funding
  • Google Messages: Google
  • Apple iMessage: Apple
  • Facebook Messenger: Facebook
  • Element/Riot: New Vector Limited
  • Signal: Freedom of the Press Foundation / the Knight Foundation / the Shuttleworth Foundation / the Open Technology Fund / Signal Foundation (Brian Acton)
  • Microsoft Skype: Microsoft
  • Telegram: Pavel Durov
  • Theema: User pays / Afinum Management AG
  • Viber: Rakuten / friends and family of Talmon Marco (it is not that clear)
  • Facebook Whatsapp: Facebook
  • Amazon Wickr Me: Amazon / CIA
  • Wire: Janus Friss / iconical / Zeta Holdings Luxembourg / Morpheus Ventures
  • Session: LAG Foundation Ltd
  1. Company collects customers’ data?
  • Google Messages: Yes
  • Apple iMessage: Yes
  • Facebook Messenger: Yes
  • Element/Riot: No
  • Signal: No
  • Microsoft Skype: Yes
  • Telegram: Yes
  • Theema: No
  • Viber: Yes
  • Facebook Whatsapp: Yes
  • Amazon Wickr Me: Yes
  • Wire: No
  • Session: No
  1. App collects customers’ data?
  • Google Messages: Yes (It’s hard to access given the app is integrated into Google’s greater ecosystem)
  • Apple iMessage: Yes (It’s hard to access given the app is integrated into Google’s greater ecosystem)
  • Facebook Messenger: Health & fitness / purchases / financial info /location / contact info / contacts / user content / search history / browsing history / identifiers / usage data / sensitive info / diagnostics / other data
  • Element/Riot: Contact info / contact identifiers / diagnostics / user content (contact info not sent when using anonymously)
  • Signal: Contact info
  • Microsoft Skype: Yes (Information not submitted to Apple Store)
  • Telegram: Contact info / contacts / identifiers
  • Theema: Contact info /identifiers / diagnostics (contact info not sent when using anonymously)
  • Viber: Location / identifiers / purchases / location / contact info / contacts / identifiers / usage data / user content / usage data / diagnostics
  • Facebook Whatsapp: Purchases / financial info / location / contact info / contacts / user content / identifiers / usage data / diagnostics
  • Amazon Wickr Me: Contact info / usage data / diagnostics (Contact info not sent when using anonymously)
  • Wire: Contact info / identifiers / usage data / diagnostics
  • Session: No

Leave a Reply

Your email address will not be published.