Secure Messengers in Comparison: WhatsApp and its Alternatives
In the 21st century encryption has become a means of self-defense. Who we defend ourselves against varies, as well as the different reasons why we do so. Some use encryption as a self-defense for ideological reasons, for example to claim the right to privacy without compromise, others because without it, their lives would be in danger.
All over the world, investigative journalists, human rights activists, whistleblowers, and also lawyers, doctors and privacy-conscious individuals rely on secure encryption. The former protect themselves, because the sensitive data they have is that explosive that it could threaten their safety. The latter protect others that entrusted them with their sensitive information.
Obviously, encryption is essential for those who stand up for minorities and justice in totalitarian regimes and countries where free speech implies fear for one’s personal safety. But there are also some western democracies which continuously compromise the right to privacy and legitimate state surveillance. Those opposing such practices can only resort to encryption as self-defense.
The Signal Protocol
Many of the messaging apps which we compare below use the Signal Protocol. Therefore, here is a short explanation on what exactly that is. Signal is an open-source encryption protocol developed by the renowned IT security experts Trevor Perrin and Moxie Marlinspike at Open Whisper Systems. In 2016, the Signal Protocol was analyzed by a team of international security specialists and has been considered very secure. Moreover, on their website it is recommended by Edward Snowden.
Apps with End-to-End-Encryption by Default
At present, WhatsApp is used by more than 1.5 billion people, making it the most popular messaging app in the world. This is the reason why we look at this one first. There have been quite a few things going on at WhatsApp in recent years.
Security As of 2016, WhatsApp is protecting all messages with end-to-end-encryption based on the Signal Protocol, by default. Thus, any unauthorized person is prevented of reading the chats, including the service provider WhatsApp, themselves. Every contact is assigned an individual security code, which makes it possible for you to verify the other person’s identity. However, this feature needs to be activated manually. The security code protects users against man-in-the-middle attacks.
Introducing end-to-end-encryption by default, WhatsApp achieved what the IT-security industry has been working towards for decades: encryption and privacy for every person without major compromises in terms of usability. Thus, marking a milestone in the history of encryption. There are two sides to every story, though. Here are two things to be born in mind.
A further problem is the backup feature. Originally, WhatsApp stored the chat logs unencrypted on servers. There has been some improvements with regard to this. Under certain circumstances, however, at least the unencrypted metadata can be viewed. Plus, if you or your conversation partner uses automatic backups to iCloud or a Google account, the chats will be in the cloud, unencrypted, as well. Data protectors are not yet satisfied with the new backup solution for iCloud.
Still, the app downloads all data from the smartphone directory during installation. According to the Terms and Conditions, the Whatsapp user is responsible for obtaining the consent of each contact. It is unnecessary to mention that this never happens and would be disproportionate.
There is a security flaw in messages that are sent but not delivered. WhatsApp sells this gap as a feature. The argument is that there is no data loss when changing the mobile number on the receiver side. Data protectors consider this circumstance at least questionable. We recommend this text in the Guardian for more information.
In order to ensure future financing, WhatsApp will enroll advertising in a 2019 update. According to rumours, the ads will appear in the status area. However, we assume that the current end-to-end encryption has to be softened, to crawl the content of the messages in order to play suitable ads for the individual user. It remains to be seen how this change will affect privacy.
Deleting Messages There is one special feature which is, despite having a crucial effect on data protection, often missing in instant messaging services: an option to revoke and delete already sent messages.
WhatsApp is essentially supporting this function, with some rather big limitation, though: only messages sent within a period of seven minutes may be deleted – but at least an increase up to 68 minutes is expected in May 2018. Within this short time-frame it is possible to remove successfully transmitted and even already read messages.
But this feature does leave its traces: Addressees will see a “deleted message” information instead of the original content. And there are more reasons to handle the procedure with care: Messages cannot be made unread and WhatsApp is not able to delete potential screenshots from the receiving device. Additionally, there are two options to delete messages: For your eyes only or for all participants of the chat. Both options can be found in the same menu and may be confused with one another. And as you are not getting any kind of confirmation, if the deletion on your counterpart’s device was successful, it is hard to track.
In most instances it is too complicated or too late (remember the seven-minute-window) to correct such a mistake once it has been made.
Price: free by now, may be financed by advertising in the future
Signal was developed by security specialist Moxie Marlinspike, amongst others, at the non-profit group Open Whisper Systems. Edward Snowden recommends Signal and Open Whisper Systems without reservation - for example on their website. Furthermore, crypto expert Bruce Schneier, author of standard reference “Applied Cryptography”, claims to be a huge fan of the app on this website, as well.
Signal offers group chats, text- and voice messaging, voice- and video calls, and the possibility to send images, videos, audios, emojis and stickers. This should be covering the needs of most regular users. The cherry on top of all would be the feature to add text and drawings on images before sending them. Additionally, it includes a self-destruction-timer for messages (timer can be set between 5 seconds and a week) and screenshots can be blocked, using a specific setting. This provides some protection against the dissemination of sensitive chat content.
Security According to Open Whisper Systems, conversations are end-to-end encrypted by default using the open-source Signal Protocol. Contacts are verified by checking safety numbers or scanning QR codes. This implies one additional step, as you have to either compare safety numbers via a different channel or meet the other person to scan QR codes. This procedure however, protects you against man-in-the-middle attacks. In contrast to WhatsApp, Signal does not back up any messages in the cloud. Therefore, the backups are secured locally.
Disadvantages Signal requires to be verified via SMS code. Hence, using Signal is only possible with a SIM card being used, which is excluding some user groups and use cases. A further issue might arise from the fact that the number of Signal users is comparatively small. Therefore, most people intending to change to Signal, will need to put effort into convincing their peer group first. Those, admittedly few friends, who are using Signal will be unveiled immediately during the installation of the app, due to the apps’ request of access to the contacts on the phone. This may also be one of the main criticisms, though other messengers exhibit the same problem.
Just like Signal, Threema is considered outstanding in terms of its security. The messaging app Made in Switzerland is being used by more than 5 million people (March 2019). Whereas Signal dominates the international market for WhatsApp alternatives, Threema is mainly popular in German speaking countries – more than 80% of the users are from Germany, Austria, and Switzerland.
Security During the registration process, an anonymous Threema-ID and password are generated. Profile name and picture are optional. Also optional is a link to your phone number or email address. There is no need for the app to access your contacts if you do not want it to do so. Just be aware, that this feature is activated by default and has to be deactivated manually – which we highly recommend. Threema calls this minimum of data processing “metadata restraint”, following the premise that only known data can be attacked. Therefore, all data stored on Threema’s servers, which are used as relay for transmitting only, is deleted after messages have successfully been sent, too.
Furthermore, private chats can be hidden and secured by a PIN code. There are three different categories of contacts, depending on the level of mutual trust: red for unknown, yellow for verified users and green for contacts known in person. In order to mark contacts in green, you have to meet and verify them in person by scanning their QR codes. Thus, you are protected against man-in-the-middle attacks. Threema does encrypt all messages end-to-end, by default, using the NaCI library.
As of September 2017 Threema is also offering VoIP calls. If your contact is personally known, these calls may directly connect two devices (thus IP addresses being sent from one device to the other), without Threema’s servers being contacted. If the other person is not known personally, the servers work as the above-mentioned relay and IPs are not disclosed to the speaking parties. Prior to VoIP calls a secure web client was launched in January 2017.
Disadvantages There are no problems known concerning data security. Auto-access to your contacts is activated by default, but can be manually deactivated. Video calls are still not possible,yet (March 2018). Price: 2,99€ (Google Play Store), 3,49€ (App Store)
Services with Opt-in Encryption
The messaging service Telegram is free and has more than 200 million users. It was developed in 2013 by the Durov brothers – the founders of the Russian social network VKontakte. Telegram is considered one of the first messenger services to offer end-to-end encryption. In addition to managing chat groups with a size of up to 100,000 subscribers, it is possible with Telegram to operate the application on several devices at the same time (eg on the mobile phone and on the computer). The developers themselves are also characterized by delivering the messages sent faster than competing messenger services.
Security Telegram offers opt-in end-to-end encryption and the message self-destruction option for a automatic destruction of a message after a certain time. Group chats cannot be encrypted (as of August 2018). Experts assume that most users are not using the optional end-to-end encryption of Telegram.
Deleting Messages In March 2019, the company announced on its blog that from now on every user can delete any message without time limit. Thus, even those messages can be removed that you have not written yourself. It is also possible to delete an entire chat history. Exceptions to this new feature are group chats.
Disadvantages Security experts criticize that nobody knows for sure, where the company behind Telegram is located. Additionally, Telegram uses its own encryption algorithm MTProto Protocol, which represents an in-house development. This is incomprehensible, as there are good and well tested solutions available, such as the Signal Protocol. There have been many controversies over the protocol Telegram is using.
Because of the dubious circumstances and the missing imprint on their website, Telegram is not recommended.
Update In August 2018 a serious information leakage has become known. The messages, telegram users have been exchanging with one another, were directed, for approximately 2 hours through the servers of a state-owned Iranian telecommunications company. Recording of the messages by the government would have been possible, during this period. More information on the leak are available here
Facebook Messenger is Facebook's very own instant messenger app that (starting mid-2016) Facebook users have to use if they want to read their Facebook messages on mobile devices. For this reason alone the Messenger is the second most used messenger app in the world. We think, the pressure to use the app is a huge downside.
Facebook Messenger is only mentioned in this list because it started offering end-to-end encryption using the Signal Protocol last year as well.
Deleting Messages If WhatsApp lets us delete messages that have been sent for only seven minutes, the Facebook Messenger allows us three more minutes. Within 10 minutes you can decide whether the message will be deleted for all recipients or just for yourself. If you miss that time frame you can hide the message only to yourself. The recipient still sees it unchanged in his chat window.
Disadvantages End-to-end encryption is provided as an opt-in feature only, which means that you have to activate the encryption feature “Secret Conversation” manually. Therefore, many users will probably stick to the common unencrypted chats. Encrypted group chats are not possible.
Be aware that your unencrypted messages are being automatically scanned for keywords by Facebook. If you use Facebook Messenger, always activate “Secret Conversation”, although the consequence is that you can read your messages on one device only.
Another annoying flaw of the Facebook Messenger, despite not directly affecting message transfer security, are advertisements appearing in the chat list.
Wire offers its messenger service since 2014 for smartphones, tablets and even for desktop. It was developed by the Swiss software company Wire Swiss GmbH. The development team is located in Berlin, Germany.
Security Wire uses end-to-end encryption with SRTP and DTLS to encrypt calls. Encrypting text messages and images uses Proteus end-to-end encryption. Communication that you have with friends or colleagues is encrypted on the sender's device and then decrypted again at the recipient's. Another advantage of Wire is that the use of the trade fair is guaranteed on up to eight different devices per user.
Disadvantage Even with Wire, it is necessary to enter his phone number when registering via the smartphone. You can deactivate the use of contact data by Wire in the settings. However, it is not clear what happens with the data already matched up to this deactivation.
Considering the above mentioned instant messaging services, WhatsApp clearly is the all-rounder, which also contributed considerably towards a wider use of encryption. Their solution apparently works well, regarding that they actually cannot view messages, as a dispute between WhatsApp and a judge in Brazil indicates. WhatsApp refused to hand over chat logs, pointing out that the company is no longer able to access the documents, even if they wanted to.
The big upside to WhatsApp is its usability and its popularity. A downside is that if not treated with caution, there could be unencrypted backups ending up in the cloud. Another disadvantage is the fact that WhatsApp is owned by Facebook and that these two companies would like to exchange data. If this looks suspicious to you, you might be better off choosing one of the alternatives Signal or Threema.
As for Facebook Messenger and Google Allo, end-to-end encryption can only be used at the expense of usability. However, data protection and privacy are guaranteed only when encryption is activated. Due to the discussion mentioned above, Telegram should be treated with caution as well. You may choose your messenger according to what features you value the most.
From our point of view, the most important things are: end-to-end encryption, nobody should be able to spy on you or scan your messages and that what you write is private and just between you and your friends. All these points are offered by WhatsApp, Signal and Threema.
Did you like what you read?
Then join our 60.000 subscribers and sign up for our free newsletter. Get a monthly update on IT security and cloud, as well as insights from our crypto experts.