Secure Messengers in Comparison: WhatsApp and its Alternatives
Table of Contents
- The Signal Protocol
- Take caution with cloud backups
- Apps with End-to-End-Encryption by Default
- Services with Opt-in Encryption
- Our Conclusion
The Signal Protocol
Many of the messaging apps which we compare below use the Signal Protocol. Therefore, here is a short explanation on what exactly that is. Signal is an open-source encryption protocol developed by the renowned IT security experts Trevor Perrin and Moxie Marlinspike at Open Whisper Systems. In 2016, the Signal Protocol was analyzed by a team of international security specialists and has been considered very secure. Moreover, on their website it is recommended by Edward Snowden.
Take caution with cloud backups
Generating automatic backups in cloud storage is a convenient service that could be needed, for example, when replacing your old smartphone with a new one. It is reassuring to know that even if the device is stolen or damaged, you can still restore your data.
However, backups of smartphones are not automatically end-to-end encrypted by the operators. Therefore, it would theoretically still be possible to read out your stored data. As an example, chat logs of Apple ‘s messenger iMessage are uploaded into the cloud this way. We have made a step-by-step instruction on how to bypass this encryption gap for iCloud and iPhone: Saving iPhone backup encrypted in iCloud
Apps with End-to-End-Encryption by Default
At present, WhatsApp is used by more than two billion people, making it the most popular messaging app in the world. This is the reason why we look at this one first. There have been quite a few things going on at WhatsApp in recent years.
Security: As of 2016, WhatsApp is protecting all messages with end-to-end-encryption based on the Signal Protocol, by default. Thus, any unauthorized person is prevented of reading the chats, including the service provider WhatsApp, themselves. Every contact is assigned an individual security code, which makes it possible for you to verify the other person’s identity. However, this feature needs to be activated manually. The security code protects users against man-in-the-middle attacks.
Introducing end-to-end-encryption by default, WhatsApp achieved what the IT-security industry has been working towards for decades: encryption and privacy for every person without major compromises in terms of usability. Thus, marking a milestone in the history of encryption. There are two sides to every story, though. Here are two things to be born in mind.
A further problem is the backup feature. Originally, WhatsApp stored the chat logs unencrypted on servers. There have been some improvements with regard to this. Under certain circumstances, however, at least the unencrypted metadata can be viewed. Plus, if you or your conversation partner uses automatic backups to iCloud or a Google account, the chats will be in the cloud, unencrypted, as well. Data protectors are not yet satisfied with the new backup solution for iCloud.
Still, the app downloads all data from the smartphone directory during installation. According to the Terms and Conditions, the WhatsApp user is responsible for obtaining the consent of each contact. It is unnecessary to mention that this never happens and would be disproportionate.
There is a security flaw in messages that are sent but not delivered. WhatsApp sells this gap as a feature. The argument is that there is no data loss when changing the mobile number on the receiver side. Data protectors consider this circumstance at least questionable. We recommend this text in the Guardian for more information.
Deleting Messages: There is one special feature which is, despite having a crucial effect on data protection, often missing in instant messaging services: an option to revoke and delete already sent messages.
WhatsApp is essentially supporting this function, with some rather big limitation, though: only messages sent within a period of seven minutes may be deleted – but at least now an increase of up to 68 minutes has been made, giving users more time to delete already sent messages. Within this short time-frame it is possible to remove successfully transmitted and even already read messages.
But this feature does leave its traces: Addressees will see a “deleted message” information instead of the original content. And there are more reasons to handle the procedure with care: Messages cannot be made unread and WhatsApp is not able to delete potential screenshots from the receiving device. Additionally, there are two options to delete messages: For your eyes only or for all participants of the chat. Both options can be found in the same menu and may be confused with one another. And as you are not getting any kind of confirmation, if the deletion on your counterpart’s device was successful, it is hard to track.
In most instances it is too complicated or too late to correct such a mistake once it has been made.
Rumor has it that WhatsApp is currently working on a feature that will allow you to schedule a deletion at a specific time in the future (e.g. after 1 week), when sending group chat messages. This can be seen in an entry in the WhatsApp watchblog wabetainfo. from December 2019. Recently WhatsApp has published a Beta-Version to test this new feature, but it has not been announced yet when it will be integrated into the regular app.
Signal was developed by security specialist Moxie Marlinspike, amongst others, at the non-profit group Open Whisper Systems. Edward Snowden recommends Signal and Open Whisper Systems without reservation - for example on their website. Furthermore, crypto expert Bruce Schneier, author of standard reference “Applied Cryptography”, claims to be a huge fan of the app on this website, as well.
Signal offers group chats, text- and voice messaging, voice- and video calls, and the possibility to send images, videos, audios, emojis and stickers. This should be covering the needs of most regular users. The cherry on top of all would be the feature to add text and drawings on images before sending them. Additionally, it includes a self-destruction-timer for messages (timer can be set between 5 seconds and a week) and screenshots can be blocked, using a specific setting. This provides some protection against the dissemination of sensitive chat content. Since late 2020, Signal users with iOS or Android devices can now hold video calls with up to five people while maintaining the security standards they are accustomed to. Signal also plans to add more participants to video conferences in the future as a Zoom alternative.
Security: According to Open Whisper Systems, conversations are end-to-end encrypted by default using the open-source Signal Protocol. Contacts are verified by checking safety numbers or scanning QR codes. This implies one additional step, as you have to either compare safety numbers via a different channel or meet the other person to scan QR codes. This procedure however, protects you against man-in-the-middle attacks. In contrast to WhatsApp, Signal does not back up any messages in the cloud. Therefore, the backups are secured locally.
Disadvantages: Signal requires to be verified via SMS code. Hence, using Signal is only possible with a SIM card, which excludes some user groups and use cases.
A further issue might arise from the fact that the number of Signal users is comparatively small (around 10 million installations in Google Play, January 2020). Therefore, most people intending to change to Signal, will need to put effort into convincing their peer group first. Those, admittedly few friends, who are using Signal will be unveiled immediately during the installation of the app, due to the apps’ request of access to the contacts on the phone. Unlike other messengers, Signal has introduced the Private Contact Discovery function (https://signal.org/blog/private-contact-discovery/), a procedure that allows the server operator as little insight into the contact data as possible. Contact information on your device will be cryptographically hashed before the transmission to the server takes place.
Just like Signal, Threema is considered outstanding in terms of its security. The messaging app Made in Switzerland is being used by more than 8 million people (January 2020). Whereas Signal dominates the international market for WhatsApp alternatives, Threema is mainly popular in German speaking countries – more than 80% of the users are from Germany, Austria, and Switzerland. In September of 2020 it was announced, that with the help of new investors, Threema is now also trying to grow in popularity with people outside the German speaking regions of Europe and attract even more users. Threema Work is a special version of the app built for the separation of private and business communication.
Security: During the registration process, an anonymous Threema-ID and password are generated. Profile name and picture are optional. Also optional is a link to your phone number or email address. There is no need for the app to access your contacts if you do not want it to do so. Just be aware, that this feature is activated by default and has to be deactivated manually – which we highly recommend. Threema calls this minimum of data processing “metadata restraint”, following the premise that only known data can be attacked. Therefore, all data stored on Threema’s servers, which are used as relay for transmitting only, is deleted after messages have successfully been sent, too.
Furthermore, private chats can be hidden and secured by a PIN code. There are three different categories of contacts, depending on the level of mutual trust: red for unknown, yellow for verified users and green for contacts known in person. In order to mark contacts in green, you have to meet and verify them in person by scanning their QR codes. Thus, you are protected against man-in-the-middle attacks. Threema does encrypt all messages end-to-end, by default, using the NaCI library.
As of September 2017, Threema is also offering VoIP calls. If your contact is personally known, these calls may directly connect two devices (thus IP addresses being sent from one device to the other), without Threema’s servers being contacted. If the other person is not known personally, the servers work as the above-mentioned relay and IPs are not disclosed to the speaking parties. Prior to VoIP calls a secure web client was launched in January 2017. Since August 2020 users can finally make use of video calling their counterpart with the promise, that this feature falls under the regular Threema privacy standards. In September of 2020 Threema announced plans of becoming open source within the next couple of months. Previously codes have been reviewed externally, and experts could not find any critical security errors. Its code received a lot of praise for the basic structure as well as code quality of the Messenger service. Towards the end of 2020, Threema announced that it wants to launch a multi-device function. The existing security and privacy standards are to be maintained, which poses a challenge for the messenger. Threema plans to run the feature through a so-called "mediator server" using keys. It is not yet known when exactly the new function will be released. Upon request by the European Union in November of 2020 to gain access to messages with master keys or backdoor in cases such as counter-terrorism, Threema refused. Threema's CEO Martin Blatter justified the decision by saying privacy is a human right. It is also technologically impossible to bypass encryption, as it is not Threema, but the users themselves who hold the key on their end device.
Disadvantages: There are no problems known concerning data security. Auto-access to your contacts is activated by default, but can be manually deactivated.
Price: 3,99€ (Google Play Store), 3,99€ (App Store)
Starting its service in early 2019, Delta Chat is one of the newest messenger services operated by Merlinux limited in Freiburg, Germany. The Open Source is applicable for desktops, smartphones and tablets and has been downloaded over 50.000 times from the Google Play Store alone.
Security: What makes Delta stand out from all the other messenger providers, is that it neither owns its own server nor does it need a cellphone number to sign up. Messages can be sent via your e-mail address even if the counterpart does not even use Delta, as they will receive the message as a regular email.
After the first message has been sent, all communication afterwards will be automatically end-to-end encrypted as the required keys have to be exchanged beforehand. In comparison to other Messengers, Delta Chat also supports end-to-end encryption in group chats but your email address will be visible for everyone in this chat.
If your chat partner does not use Delta Chat, only transport encryption (TLS) applies to the message which means, that his email provider could still see what has been sent.
Disadvantages: As Delta Chat is basically an email messenger, audio- & videocalls are not possible. So far there is also no option to delete messages after they have been sent. If users are using the same email server, messages are indeed saved on a central server. There is no full end-to-end encryption if one does not use Delta Chat and messages can still be read by the respective email provider. Backups are possible but not end-to-end encrypted which can be risky when you upload it into your cloud.
Services with Opt-in Encryption
The messaging service Telegram is free and has more than 200 million users. It was developed in 2013 by the Durov brothers – the founders of the Russian social network VKontakte. Telegram is considered one of the first messenger services to offer end-to-end encryption. In addition to managing group chats with a size of up to 200,000 subscribers, it is possible with Telegram to operate the application on several devices at the same time (e.g. on the mobile phone and on the computer). The developers themselves are also characterized by delivering the messages sent faster than competing messenger services.
Security: Telegram offers opt-in end-to-end encryption and the message self-destruction option for an automatic destruction of a message after a certain time. Experts assume that most users are not using the optional end-to-end encryption of Telegram. You can tell if a chat with someone else is encrypted by the green lock icon in front of the recipient's name.
Deleting Messages: In March 2019, the company announced on its blog that from now on every user can delete any message without time limit. Thus, even those messages can be removed that you have not written yourself. It is also possible to delete an entire chat history. Exceptions to this new feature are group chats.
Disadvantages: Security experts criticise the fact that the company regularly changes its headquarters, which makes it difficult to assign it to a jurisdiction. In the FAQs, the company itself says that they are currently satisfied with Dubai as their headquarter but are prepared to move again if the country's regulations change.
Additionally, Telegram uses its own encryption algorithm MTProto Protocol, which represents an in-house development. This is incomprehensible, as there are good and well tested solutions available, such as the Signal Protocol. There have been many controversies over the protocol Telegram is using. Telegram requests access to the user's address book and stores it with the justification that notifications can be sent as soon as a contact also uses Telegram. Signal, on the other hand, relies on hashes so that people in contact lists are made unrecognizable to them. Furthermore, for years Iranian hackers with the support of the government were able to attack activists, minorities as well as oppositions via spearphishing documents. Using malware, attackers were able to fully use and monitor the victims' Telegram account on another device. This was due to security breaches in installation protocols of not only Telegram, but also WhatsApp. In recent years, conspiracy theorists and criminals have increasingly assembled on Telegram. The reason for this is that Telegram, in contrast to other messengers, reacts less consistently to such messages, some of which are hostile, and only deletes them in rare cases. Because of the dubious circumstances and the missing imprint on their website, Telegram is not recommended.
Update: In August 2018 a serious information leakage has become known. The messages, telegram users have been exchanging with one another, were directed, for approximately 2 hours through the servers of a state-owned Iranian telecommunications company. Recording of the messages by the government would have been possible, during this period. More information on the leak are available here
Facebook Messenger is Facebook's very own instant messenger app that (starting mid-2016) Facebook users have to use if they want to read their Facebook messages on mobile devices. For this reason alone the Messenger is the second most used messenger app in the world. We think, the pressure to use the app is a huge downside.
Security: Facebook Messenger is only mentioned in this list because it started offering end-to-end encryption using the Signal Protocol last year as well.
Deleting Messages: Within 10 minutes you can decide whether the message will be deleted for all recipients or just for yourself. If you miss that time frame you can hide the message only to yourself. The recipient still sees it unchanged in his chat window.
Disadvantages: End-to-end encryption is provided as an opt-in feature only, which means that you have to activate the encryption feature “Secret Conversation” manually. Therefore, many users will probably stick to the common unencrypted chats. Encrypted group chats are not possible.
Be aware that your unencrypted messages are being automatically scanned for keywords by Facebook. If you use Facebook Messenger, always activate “Secret Conversation”, although the consequence is that you can read your messages on one device only.
Another annoying flaw of the Facebook Messenger, despite not directly affecting message transfer security, are advertisements appearing in the chat list.
Wire offers its messenger service since 2014 for smartphones, tablets and even for desktop. It was developed by the Swiss software company Wire Swiss GmbH. The development team is located in Berlin, Germany.
Security: Wire uses end-to-end encryption with SRTP and DTLS to encrypt calls. Encrypting text messages and images uses Proteus end-to-end encryption. Communication that you have with friends or colleagues is encrypted on the sender's device and then decrypted again at the recipient’s. Registration is possible with both mobile phone number and email address. Access to the address book is also optional. Another advantage of Wire is that the use of the trade fair is guaranteed on up to eight different devices per user. End-to-end encrypted telephone and video conferences have been available on Wire since October 2020. Up to twelve participants can hold a video conference as, according to experts, more participants would lead to less productive conversations. Disadvantages: As a messenger service, Wire is primarily aimed at users in a business context. Therefore, the number of private contacts is likely to be rather low.
The open standard was developed by The Matrix.org Foundation in 2014. Being an interoperable network, it does not matter what Messenger you decide on using, as it is open to most communication systems. According to Matrix, around ten million accounts are visible with around 2.1 million rooms created.
Security: With Matrix users can create their own server or join other servers to communicate with one another. End-to-end encryption is currently in beta mode and not by default and it also depends on what client you are using. But when hosting your own server, Matrix gives the possibility of customizing it and enabling end-to-end encryption within.
There is no need to sign up with your cellphone number, as you can access Matrix directly via your browser. Users receive a Matrix-ID which can be used on multiple devices at the same time. Voice-only VoIP calls via WebRTC are supported between one-to-one rooms. The support of video- and group calls depends on your client.
The German Federal Armed Forces has announced plans of using Matrix as their new form of communication. Even confidential information is supposed to be shared via secure Matrix servers. But not only Germany, also the French government has been working on shifting all communication between authorities to Matrix servers.
Disadvantages: As users can decide what servers they would like to join and gives you the opportunity to encrypt messages via end-to-end encryption, no real disadvantages can be seen. Matrix is also Open Source and does not limit you to a specific messenger client.
Considering the above mentioned instant messaging services, WhatsApp clearly is the all-rounder, which also contributed considerably towards a wider use of encryption. Their solution apparently works well, regarding that they cannot view messages, as a dispute between WhatsApp and a judge in Brazil indicates. WhatsApp refused to hand over chat logs, pointing out that the company is no longer able to access the documents, even if they wanted to.
The big upside to WhatsApp is its usability and its popularity. A downside is that if not treated with caution, there could be unencrypted backups ending up in the cloud. Another disadvantage is the fact that WhatsApp is owned by Facebook and that these two companies would like to exchange data. If this looks suspicious to you, you might be better off choosing one of the alternatives Signal or Threema. Furthermore, there is nothing to be said against simply using several messengers for different purposes and contacts.
As for Facebook Messenger end-to-end encryption can only be used at the expense of usability. However, data protection and privacy are guaranteed only when encryption is activated. Due to the discussion mentioned above, Telegram should be treated with caution as well. You may choose your messenger according to what features you value the most.
From our point of view, the most important things are: end-to-end encryption, nobody should be able to spy on you or scan your messages and that what you write is private and just between you and your friends. All these points are offered by WhatsApp, Signal, Matrix and Threema.
Intéressé par ce que nous venons de vous dire ?
Dans ce cas, rejoignez plus de 80 000 abonnés et inscrivez-vous à notre lettre d'information gratuite. Recevez des renseignements sur la confidentialité des données, des anecdotes portant sur les nuages, des conseils en matière de sécurité et des analyses de nos experts en cryptographie.