Secure Messengers in Comparison: WhatsApp and its Alternatives
In the 21st century encryption has become a mean of self-defense. Who we defend ourselves against varies, as well as the different reasons why we do so. Some use encryption as a self-defense for ideological reasons, for example to claim the right to privacy without compromise, others because without it, their lives would be in danger.
All over the world, investigative journalists, human rights activists, whistleblowers, and also lawyers, doctors and privacy-conscious individuals rely on secure encryption. The former protect themselves, because the sensitive data they have is so explosive that it could threaten their safety. The latter protect others that entrusted them with their sensitive information.
Encryption with Backdoors
Obviously, encryption is essential for those who stand up for minorities and justice in totalitarian regimes and countries where free speech implies fear for one’s personal safety. But there are also some western democracies which continuously compromise the right to privacy and legitimate state surveillance. Those opposing such practices can only resort to encryption as self-defense.
Especially the authorities requesting data from companies situated in the United States should be a crucial reason to securely encrypt one's data. Time and again, authorities try to build backdoors into encryption, including end-to-end encryption of messenger services. As was reported in December 2021, a dedicated law for a right to encryption is to be introduced, at least in Germany, without backdoors. The article also provides an overview of the information authorities can request from the individual messenger services.
The Signal Protocol
Many of the messaging apps which we compare below use the Signal Protocol. Therefore, here is a short explanation on what exactly that is. Signal is an open-source encryption protocol developed by the renowned IT security experts Trevor Perrin and Moxie Marlinspike at Open Whisper Systems. In 2016, the Signal Protocol was analyzed by a team of international security specialists and has been considered very secure. Moreover, on their website it is recommended by Edward Snowden.
Take caution with cloud backups
Generating automatic backups in cloud storage is a convenient service that could be needed, for example, when replacing your old smartphone with a new one. It is reassuring to know that even if the device is stolen or damaged, you can still restore your data.
However, backups of smartphones are not automatically end-to-end encrypted by the operators. Therefore, it would theoretically still be possible to read out your stored data. As an example, chat logs of Apple ‘s messenger iMessage are uploaded into the cloud this way. We have made a step-by-step instruction on how to bypass this encryption gap for iCloud and iPhone: Saving iPhone backup encrypted in iCloud
Apps with End-to-End-Encryption by Default
At present, WhatsApp is used by more than two billion people, making it the most popular messaging app in the world. This is the reason why we look at this one first. There have been quite a few things going on at WhatsApp in recent years.
Security: As of 2016, WhatsApp is protecting all messages with end-to-end-encryption based on the Signal Protocol, by default. Thus, any unauthorized person is prevented of reading the chats, including the service provider WhatsApp, themselves. Every contact is assigned an individual security code, which makes it possible for you to verify the other person’s identity. However, this feature needs to be activated manually. The security code protects users against man-in-the-middle attacks.
Introducing end-to-end-encryption by default, WhatsApp achieved what the IT-security industry has been working towards for decades: encryption and privacy for every person without major compromises in terms of usability. Thus, marking a milestone in the history of encryption. There are two sides to every story, though. Here are two things to be born in mind.
A further problem is the backup feature. Originally, WhatsApp stored the chat logs unencrypted on servers. There have been some improvements with regard to this. The fundamental change here is that, while the backup is still stored on the servers of Apple and Google, they no longer have access to the data. Accordingly, the data can no longer be passed on to third parties, such as American authorities, thanks to the additional security measures. Facebook, or rather Meta, has developed a new system for this purpose to store the associated keys securely and to prevent users from losing access to their data in case of a defective device, for example.
Still, the app downloads all data from the smartphone directory during installation. According to the Terms and Conditions, the WhatsApp user is responsible for obtaining the consent of each contact. It is unnecessary to mention that this never happens and would be disproportionate.
There is a security flaw in messages that are sent but not delivered. WhatsApp sells this gap as a feature. The argument is that there is no data loss when changing the mobile number on the receiver side. Data protectors consider this circumstance at least questionable. We recommend this text in the Guardian for more information.
Deleting Messages: There is one special feature which is, despite having a crucial effect on data protection, often missing in instant messaging services: an option to revoke and delete already sent messages.
WhatsApp is essentially supporting this function, with some rather big limitation, though: only messages sent within a period of seven minutes may be deleted – but at least now an increase of up to 68 minutes has been made, giving users more time to delete already sent messages. Within this short time-frame it is possible to remove successfully transmitted and even already read messages.
But this feature does leave its traces: Addressees will see a “deleted message” information instead of the original content. And there are more reasons to handle the procedure with care: Messages cannot be made unread and WhatsApp is not able to delete potential screenshots from the receiving device. Additionally, there are two options to delete messages: For your eyes only or for all participants of the chat. Both options can be found in the same menu and may be confused with one another. And as you are not getting any kind of confirmation, if the deletion on your counterpart’s device was successful, it is hard to track.
In most instances it is too complicated or too late to correct such a mistake once it has been made.
WhatsApp has developed a feature that will allow you to schedule a deletion at a specific time in the future (e.g. after 1 week), when sending group chat messages. In addition, according to Tech Crunch, it will also be possible to make messages disappear after 24 hours or 90 days. For this, the contact has to activate the function for the respective chat or group and select the time of the deletion.
Update: In September of 2020, a study by the University of Würzburg and Technical University of Darmstadt revealed that user behavior, among other things, can be made accessible through so-called crawling attacks. Crawling is the random retrieval of phone numbers where personal information and metadata of user-profiles can be gathered. This way, behavior models can be created in the long run, and users could become victims of fraud. The survey was carried out randomly on 10% of the American WhatsApp and 100% of Signal users.
Signal was developed by security specialist Moxie Marlinspike, amongst others, at the non-profit group Open Whisper Systems. Edward Snowden recommends Signal and Open Whisper Systems without reservation - for example on their website. Furthermore, crypto expert Bruce Schneier, author of standard reference “Applied Cryptography”, claims to be a huge fan of the app on this website, as well.
Signal offers group chats, text- and voice messaging, voice- and video calls, and the possibility to send images, videos, audios, emojis and stickers. This should be covering the needs of most regular users. The cherry on top of all would be the feature to add text and drawings on images before sending them. Additionally, it includes a self-destruction-timer for messages (timer can be set between 5 seconds and a week) and screenshots can be blocked, using a specific setting. This provides some protection against the dissemination of sensitive chat content.
Since late 2020, Signal users with iOS or Android devices can now hold video calls with up to eight people while maintaining the security standards they are accustomed to. Group calls are not only possible on the mobile apps, but also from the desktop client.
Security: According to Open Whisper Systems, conversations are end-to-end encrypted by default using the open-source Signal Protocol. Contacts are verified by checking safety numbers or scanning QR codes. This implies one additional step, as you have to either compare safety numbers via a different channel or meet the other person to scan QR codes. This procedure however, protects you against man-in-the-middle attacks. In contrast to WhatsApp, Signal does not back up any messages in the cloud. Therefore, the backups are secured locally.
Disadvantages: Signal requires to be verified via SMS code. Hence, using Signal is only possible with a SIM card, which excludes some user groups and use cases.
A further issue might arise from the fact that the number of Signal users is comparatively small (around 50 million installations in Google Play, August 2021). Therefore, most people intending to change to Signal, will need to put effort into convincing their peer group first. Those, admittedly few friends, who are using Signal will be unveiled immediately during the installation of the app, due to the apps’ request of access to the contacts on the phone. Unlike other messengers, Signal has introduced the [Private Contact Discovery] function (https://signal.org/blog/private-contact-discovery/), a procedure that allows the server operator as little insight into the contact data as possible. Contact information on your device will be cryptographically hashed before the transmission to the server takes place.
Just like Signal, Threema is considered outstanding in terms of its security. The messaging app Made in Switzerland is being used by more than 10 million people (December 2021). Whereas Signal dominates the international market for WhatsApp alternatives, Threema is mainly popular in German speaking countries – more than 80% of the users are from Germany, Austria, and Switzerland. In September of 2020 it was announced, that with the help of new investors, Threema is now also trying to grow in popularity with people outside the German speaking regions of Europe and attract even more users. Threema Work is a special version of the app built for the separation of private and business communication.
Security: During the registration process, an anonymous Threema-ID and password are generated. Profile name and picture are optional. Also optional is a link to your phone number or email address. There is no need for the app to access your contacts if you do not want it to do so. Just be aware, that this feature is activated by default and has to be deactivated manually – which we highly recommend. Threema calls this minimum of data processing “metadata restraint”, following the premise that only known data can be attacked. Therefore, all data stored on Threema’s servers, which are used as relay for transmitting only, is deleted after messages have successfully been sent, too.
Furthermore, private chats can be hidden and secured by a PIN code. There are three different categories of contacts, depending on the level of mutual trust: red for unknown, yellow for verified users and green for contacts known in person. In order to mark contacts in green, you have to meet and verify them in person by scanning their QR codes. Thus, you are protected against man-in-the-middle attacks. Threema does encrypt all messages end-to-end, by default, using the NaCI library.
As of September 2017, Threema is also offering VoIP calls. If your contact is personally known, these calls may directly connect two devices (thus IP addresses being sent from one device to the other), without Threema’s servers being contacted. If the other person is not known personally, the servers work as the above-mentioned relay and IPs are not disclosed to the speaking parties. Prior to VoIP calls a secure web client was launched in January 2017.
Since August 2020 users can finally make use of video calling their counterpart with the promise, that this feature falls under the regular Threema privacy standards. In September of 2020 Threema announced plans of becoming open source within the next couple of months. Previously codes have been reviewed externally, and experts could not find any critical security errors. Its code received a lot of praise for the basic structure as well as code quality of the Messenger service. Meanwhile Threema has become Open Source and its code can be reviewed here.
Towards the end of 2020, Threema announced that it wants to launch a multi-device function. The existing security and privacy standards are to be maintained, which poses a challenge for the messenger. Threema plans to run the feature through a so-called "mediator server" using keys. It is not yet known when exactly the new function will be released, however, a technical overview has been published by Threema.
Upon request by the European Union in November of 2020 to gain access to messages with master keys or backdoor in cases such as counter-terrorism, Threema refused. Threema's CEO Martin Blatter justified the decision by saying privacy is a human right. It is also technologically impossible to bypass encryption, as it is not Threema, but the users themselves who hold the key on their end device.
Disadvantages: There are no problems known concerning data security. Auto-access to your contacts is activated by default, but can be manually deactivated.
Price: 3,99€ (Google Play Store), 3,99€ (App Store)
Starting its service in early 2019, Delta Chat is one of the newest messenger services operated by Merlinux limited in Freiburg, Germany. The Open Source is applicable for desktops, smartphones and tablets and has been downloaded over 50.000 times from the Google Play Store alone.
Security: What makes Delta stand out from all the other messenger providers, is that it neither owns its own server nor does it need a cellphone number to sign up. Messages can be sent via your e-mail address even if the counterpart does not even use Delta, as they will receive the message as a regular email.
After the first message has been sent, all communication afterwards will be automatically end-to-end encrypted as the required keys have to be exchanged beforehand. In comparison to other Messengers, Delta Chat also supports end-to-end encryption in group chats but your email address will be visible for everyone in this chat.
If your chat partner does not use Delta Chat, only transport encryption (TLS) applies to the message which means, that his email provider could still see what has been sent.
Disadvantages: As Delta Chat is basically an email messenger, audio- & videocalls are not possible. So far there is also no option to delete messages after they have been sent. If users are using the same email server, messages are indeed saved on a central server. There is no full end-to-end encryption if one does not use Delta Chat and messages can still be read by the respective email provider. Backups are possible but not end-to-end encrypted which can be risky when you upload it into your cloud.
Services with Opt-in Encryption
The messaging service Telegram is free and has more than 200 million users. It was developed in 2013 by the Durov brothers – the founders of the Russian social network VKontakte. Telegram is considered one of the first messenger services to offer end-to-end encryption. In addition to managing group chats with a size of up to 200,000 subscribers, it is possible with Telegram to operate the application on several devices at the same time (e.g. on the mobile phone and on the computer). The developers themselves are also characterized by delivering the messages sent faster than competing messenger services.
Security: Telegram offers opt-in end-to-end encryption and the message self-destruction option for an automatic destruction of a message after a certain time. Experts assume that most users are not using the optional end-to-end encryption of Telegram. You can tell if a chat with someone else is encrypted by the green lock icon in front of the recipient's name.
Deleting Messages: In March 2019, the company announced on its blog that from now on every user can delete any message without time limit. Thus, even those messages can be removed that you have not written yourself. It is also possible to delete an entire chat history. Exceptions to this new feature are group chats.
Disadvantages: Security experts criticise the fact that the company regularly changes its headquarters, which makes it difficult to assign it to a jurisdiction. In the [FAQs] (https://telegram.org/faq/de#f-wo-ist-der-standort-von-telegram), the company itself says that they are currently satisfied with Dubai as their headquarter but are prepared to move again if the country's regulations change.
Additionally, Telegram uses its own encryption algorithm MTProto Protocol, which represents an in-house development. This is incomprehensible, as there are good and well tested solutions available, such as the Signal Protocol. There have been many controversies over the protocol Telegram is using.
Telegram requests access to the user's address book and stores it with the justification that notifications can be sent as soon as a contact also uses Telegram. Signal, on the other hand, relies on hashes so that people in contact lists are made unrecognizable to them.
Furthermore, for years Iranian hackers with the support of the government were able to attack activists, minorities as well as oppositions via spearphishing documents. Using malware, attackers were able to fully use and monitor the victims' Telegram account on another device. This was due to security breaches in installation protocols of not only Telegram, but also WhatsApp.
In recent years, conspiracy theorists and criminals have increasingly assembled on Telegram. The reason for this is that Telegram, in contrast to other messengers, reacts less consistently to such messages, some of which are hostile, and only deletes them in rare cases.
Because of the dubious circumstances and the missing imprint on their website, Telegram is not recommended.
Update: In August 2018 a serious information leakage has become known. The messages, telegram users have been exchanging with one another, were directed, for approximately 2 hours through the servers of a state-owned Iranian telecommunications company. Recording of the messages by the government would have been possible, during this period. More information on the leak are available here
In July 2021, research of the Royal Holloway University of London and the ETH Zurich was published, where Telegram's encryption was examined. Four problems with the self-developed crypto protocol "MTProto" were discovered, which have been solved in the meantime. For example, attackers could change the order of messages so that the receiver got a different message than the one originally sent. A more detailed description of this, as well as other (and smaller) problems, can be found here.
Facebook Messenger is Facebook's very own instant messenger app that (starting mid-2016) Facebook users have to use if they want to read their Facebook messages on mobile devices. For this reason alone the Messenger is the second most used messenger app in the world. We think, the pressure to use the app is a huge downside.
Security: Facebook Messenger is only mentioned in this list because it started offering end-to-end encryption using the Signal Protocol last year as well.
Deleting Messages: Within 10 minutes you can decide whether the message will be deleted for all recipients or just for yourself. If you miss that time frame you can hide the message only to yourself. The recipient still sees it unchanged in his chat window.
Disadvantages: End-to-end encryption is provided as an opt-in feature only, which means that you have to activate the encryption feature “Secret Conversation” manually. Therefore, many users will probably stick to the common unencrypted chats. Encrypted group chats are not possible.
Be aware that your unencrypted messages are being automatically scanned for keywords by Facebook. If you use Facebook Messenger, always activate “Secret Conversation”, although the consequence is that you can read your messages on one device only.
Another annoying flaw of the Facebook Messenger, despite not directly affecting message transfer security, are advertisements appearing in the chat list.
Wire offers its messenger service since 2014 for smartphones, tablets and even for desktop. It was developed by the Swiss software company Wire Swiss GmbH. The development team is located in Berlin, Germany.
Security: Wire uses end-to-end encryption with SRTP and DTLS to encrypt calls. Encrypting text messages and images uses Proteus end-to-end encryption. Communication that you have with friends or colleagues is encrypted on the sender's device and then decrypted again at the recipient’s. Registration is possible with both mobile phone number and email address. Access to the address book is also optional. Another advantage of Wire is that the use of the trade fair is guaranteed on up to eight different devices per user.
End-to-end encrypted telephone and video conferences have been available on Wire since October 2020. Back then, twelve participants were able to hold a video conference as, according to experts, more participants would lead to less productive conversations. However, the number of participants was increased to 100 for audio and 50 for video calls.
Disadvantages: As a messenger service, Wire is primarily aimed at users in a business context. Therefore, the number of private contacts is likely to be rather low.
The open standard was developed by The Matrix.org Foundation in 2014. Being an interoperable network, it does not matter what Messenger you decide on using, as it is open to most communication systems. According to Matrix, around ten million accounts are visible with around 2.1 million rooms created.
Security: With Matrix users can create their own server or join other servers to communicate with one another. End-to-end encryption is currently not by default and it also depends on what client you are using. However, Matrix has published a guide on how to implement end-to-end-encryption. But when hosting your own server, Matrix gives the possibility of customizing it and enabling end-to-end encryption within.
There is no need to sign up with your cellphone number, as you can access Matrix directly via your browser. Users receive a Matrix-ID which can be used on multiple devices at the same time.
Voice-only VoIP calls via WebRTC are supported between one-to-one rooms. The support of video- and group calls depends on your client.
The German Federal Armed Forces has announced plans of using Matrix as their new form of communication. Even confidential information is supposed to be shared via secure Matrix servers. But not only Germany, also the French government has been working on shifting all communication between authorities to Matrix servers.
Disadvantages: As users can decide what servers they would like to join and gives you the opportunity to encrypt messages via end-to-end encryption, no real disadvantages can be seen. Matrix is also Open Source and does not limit you to a specific messenger client.
Security vulnerability:_ It was reported in September 2021, that keys for the end-to-end encryption of Matrix clients could be requested under certain circumstances and messages could be read by unauthorized parties. Affected is the Maxtrix client Element as web, desktop and Android version, as well as Fluffychat, Nheko, Cinny and Schildichat. However, the Element iOS version is not affected by the vulnerability.
Attackers could impersonate a device and try to request the key to read encrypted messages. However, this is only possible if the person has the credentials of the affected person or control over its matrix server. However, it is not known whether this vulnerability has been actively exploited. The vulnerability was discovered during an internal review and is due to an implementation error.
Considering the above mentioned instant messaging services, WhatsApp clearly is the all-rounder, which also contributed considerably towards a wider use of encryption. Their solution apparently works well, regarding that they cannot view messages, as a dispute between WhatsApp and a judge in Brazil indicates. WhatsApp refused to hand over chat logs, pointing out that the company is no longer able to access the documents, even if they wanted to.
The big upside to WhatsApp is its usability and its popularity. A downside is that if not treated with caution, there could be unencrypted backups ending up in the cloud. Another disadvantage is the fact that WhatsApp is owned by Facebook and that these two companies would like to exchange data. If this looks suspicious to you, you might be better off choosing one of the alternatives Signal or Threema. Furthermore, there is nothing to be said against simply using several messengers for different purposes and contacts.
As for Facebook Messenger end-to-end encryption can only be used at the expense of usability. However, data protection and privacy are guaranteed only when encryption is activated. Due to the discussion mentioned above, Telegram should be treated with caution as well. You may choose your messenger according to what features you value the most.
From our point of view, the most important things are: end-to-end encryption, nobody should be able to spy on you or scan your messages and that what you write is private and just between you and your friends. All these points are offered by WhatsApp, Signal, Matrix and Threema.