How secure is your messenger app? Things you should know

Osmond Chia - May 19, 2019, 1:50 am CDT
4
How secure is your messenger app? Things you should know

A common misconception: “Internet security isn’t important, I’ve got nothing to hide anyway.” Your conversations may be trivial for now, but you never know when you and your friends or colleagues discuss matters that could be of value to someone else who shouldn’t be eavesdropping.

In today’s reality, our private conversations are of great value to many parties. From top-secret agendas like the Russian probe and Cambridge Analytica, to marketing uses that bring you targeted advertisements. These are all examples of corporations and authorities poking their noses where they shouldn’t be, not to mention cyber criminals.

The truth is, everyone has sensitive information we ought to be keeping safe. From rants about work to things we want to buy. And from a bigger perspective, shutting an eye to corporate stalking only encourages the practice, making that dystopian world where nothing is private closer to reality.

How encryption works

The importance of end-to-end encryption today can’t be understated, especially between contacts you frequently chat with. Here’s how it works to keep your messages secure:

Two keys are generated when you boot the messaging app: a private key and a public key. The private one is exclusive to your phone, while the public key is available to anyone you message. This is stored on a server, which is a program that manages access to that chat service.

When you text a friend, she will receive your public key, which is used to encrypt – or conceal – her message so that only your private key can decipher it. This encrypted file – her reply – is sent back to the server to you and received only by you with your private key.

This process is repeated for every message you send, in a matter of milli-seconds, ensuring that no other person gets to read your messages.

It is different from encryption keys that are stored locally by the Internet Service Provider, for example Facebook Messenger and Instagram chat. While difficult, it’s entirely possible data breaches can cause sensitive information to be stolen. End-to-end encryption is still our best bet.

Which apps are encrypted?

End-to-end encryption between both parties should be the standard consumers demand. Major chat apps like iMessage, Telegram, Whatsapp and Line offer this crucial feature.

While security flaws do exist, like strangers accidentally – or deliberately – slipping into your group chats, it’s still highly unlikely hackers will be able to read your personal chats.

On a side note, it’s important to note which apps do not offer end-to-end encryption. These include chatting on Instagram, Snapchat and GroupMe. SMS text messaging is protected only by the telco, carrying a big “hack me” sign.

Facebook Messenger is also not encrypted by default – probably for marketing purposes – but can be enabled via its settings. Refrain from discussing important matters on these apps.

What makes a secure messenger app?

A good messaging app goes beyond a solid encryption service. Besides hacking, our physical phones are also a target to criminals who could want our information. A secure chat app offers extensive options to make our apps safe from nosey intruders who chance upon our phones (or rude friends who want to read our messages).

Here’s what to look out for:

At the very least, security-focused apps should offer options to block users you don’t want to receive texts from and an optional passcode lock as an added gate to your conversations – or even better, two-step authentication.

More secure apps also offer self-deleting messages, which you can add a timer to that lasts from months to seconds. For transparency, they should also offer a safety number that you can verify between both parties. This is the public key that the both of you share.

Most of these functions are available on major applications today like Telegram and Whatsapp, although the latter does not offer a passcode lock option built in. It’s certainly worth looking into and consider which of these toggles you need to enable.

Perhaps the most secure messaging app right now is Signal, a role model of what altruistic security-focused networking should look like. Signal features all the above as well as end-to-end encryption, and an abundance of privacy functions.

On top of the features already mentioned, Signal offers settings like incognito keyboard, blocked screenshots, a fingerprint lock and most importantly, the ability to sync your SMS messages for end-to-end encryption via Signal.

We don’t all carry classified information, but we could do with more of these options.


Must Read Bits & Bytes