What is the best secure messaging app?

The world's most popular messaging apps

While encryption and privacy play a vital role in selecting which messaging app to use, its also nessesary to use the messaging apps that our friends use. According to Statista (2019) WhatsApp, Facebook Messenger, and WeChat, remain the world's most popular messaging apps despite Facebook's questionable privacy practices.

• WhatsApp is used by almost 90% of people in most countries. In fact, there are only 25 out of 195 countries where WhatsApp isn't the most used messaging app.
• 88% of the US use Facebook Messenger, whereas over half of Latin Americans opt for WhatsApp.
• Most of the world is using a messaging app owned by Facebook. In fact, there are only 10 countries in the world where Facebook-owned messaging apps, are not the market leader.
• WeChat is used by the majority of people in China, since apps like WhatsApp and Facebook Messenger are banned. While Telegram, known for its tight privacy controls, has struggled to find the same mass appeal – with most of its users being based in the middle east.
• Security and privacy within messaging apps is becoming more important, with secure chat-apps like Wire, Threema, and Silence, being the latest additions to the market. If security is your first point of call over popularity, then read on.

How to choose a secure messaging app

There are many messaging apps on the market, but not all of them are as secure as they say. All of the apps on this list offer end-to-end encryption, which means that no one can see your ‘secret’ conversations unless they have a private key to decrypt your message. Most importantly, that means even the service provider can’t see your messages – not even abusive employees, hackers or government officials. However, their additional features – and shortcomings – are all different.

We reviewed the pros and cons of 7 encrypted messaging apps and ranked them from the least to the most secure.

#7 Whatsapp

• 

  Uses Signal’s encryption
• 

  Most of your friends are probably on it
• 

  User-friendly and offers extra features
• 

  Owned by Facebook
• 

  Has experienced major breach

With over 1 billion users, Whatsapp is one of the most widely used messaging apps. It’s easy to use and offers features such as location and file sharing, gifs, and even desktop support. It also uses the powerful encryption protocol developed for Signal by Open Whisper Systems, which is considered the industry standard. The encryption features Perfect Forward Secrecy (PFS). This means that even if someone manages to somehow steal the key to your secret conversation, they will only be able to see the last message you’ve sent. Everything else will remain private.

On the other hand, Whatsapp is owned by Facebook, which raises huge security concerns. Collecting users’ data is at the center of this social media giant’s business model and it failed to keep user data safe multiple times. Can we really trust Facebook, secure encryption notwithstanding?

Update on May 14, 2019:Hackers recently found a severe Whatsapp vulnerability and used it to install surveillance malware on a selected number of phones. This spyware was injected through Whatsapp audio calls (the targeted individual didn’t need to answer the call) and gave hackers access to victims’ text messages, emails, WhatsApp messages, contact details, calls record, location, microphone, and camera. The vulnerability has now been patched. We have moved Whatsapp from #4 to #7 as a result.

#6 Facebook Messenger

• 

  Most of your friends are probably using it
• 

  You can use it even if you deactivate your Facebook account
• 

  Encryption isn’t default
• 

  Doesn’t encrypt past conversations
• 

  Tracks your behavior

Billions of people use Facebook and its messaging services, but few know that their app offers end-to-end encryption. That’s because Facebook did a great job hiding the feature. (Find out how to start a secret Facebook conversation here.)

It’s admirable that Facebook introduced this feature, but there are still many reasons why it’s at the bottom of our list. The social media giant still gathers data like who you text or how often you use the app. And let’s not forget that, in 2018, Facebook became infamous for its multiple data breaches. They’ve become hard to trust with your privacy!

#5 iMessage

• 

  Encryption turned on by default
• 

  Collects user information based on their behavior
• 

  Fails to encrypt other sensitive data like mobile numbers, metadata or data stored on cloud

There’s no doubt that Apple products have a good reputation when it comes to cybersecurity. iPhone owners’ alternative to text messages – iMessage – has default end-to-end encryption. However, it still has a bunch of vulnerabilities and is far from the most secure messaging platform.

Information like mobile numbers and contact lists is stored in plain text rather than hashes, as are timestamps and IP addresses. The app also fails to encrypt your metadata and any data synced to iCloud. If anyone hacks into your cloud, they will have backdoor access to your device.

#4 Telegram

• 

  Offers disappearing messages and other extra features
• 

  Easy-to-use interface
• 

  It’s not an Open Source app
• 

  Encryption isn’t default
• 

  Uses a proprietary encryption protocol

Over 100 million people use Telegram. It’s true that the platform is easy to use, offers many extra features, and isn’t obligated to give out any user information to intelligence agencies (as far as we know). However, Telegram isn’t as secure as it wants us to believe.

First, it seems strange that such a security-oriented messaging app doesn’t have encryption turned on by default. Many people who use Telegram aren’t aware of this, which defeats the purpose of the app.

The Telegram encryption protocol is also flawed. It was developed by an in-house team with little experience in crypto, which isn’t advised by cybersecurity experts. The app isn’t open source either, so the code hasn’t been audited by any third parties. The company also doesn’t provide any transparency reports.

Read on to see our top three secure messaging apps, or check out this video explaining why we picked them.

#3 Wire

• 

  Open source
• 

  Complies with European Union data laws
• 

  Can be used on majority of internet browsers
• 

  Collects some data about their users

At first glance, Wire ticks all the boxes of a truly secure messaging app – it offers end-to-end encryption, complies with all European Union data and privacy laws, it’s open source, and it isn’t obligated to share its data with surveillance services. Plus, you can use it on most popular browsers like Firefox, Chrome, Safari and Opera. However, Wire does collect and store some user data.

The creators of the app admitted to keeping records of who users contacted and, unfortunately, it’s all saved in plain text. They also store users’ emails, phone numbers and usernames. According to Wire, this information makes device synchronization easier and is deleted once the account is deactivated.

#2 Wickr

• 

  You don’t need a phone number or an email to sign up
• 

  Open source
• 

  Offers ‘shredder’ feature
• 

  Doesn’t collect any user data or store metadata
• 

  Offers Pro version for businesses
• 

  Might be difficult to switch from other messaging platforms

This app is one of the best secure messaging apps on the market. It’s open source and doesn’t collect user data or metadata. It also offers a ‘shredder’ feature, which automatically deletes all conversations and files ever shared on the platform. You can set a timer for when to delete them. Most importantly, you don’t need a phone number or an email address to register, so it’s even easier to keep your life private.

The only downside is that Wickr isn’t as popular as Signal(#1) or Telegram(#5). It was initially designed for businesses and enterprises, so it wasn’t as widely advertised to everyday users. Wickr still offers a paid Pro version where you can have encrypted group video calls, something no other app currently offers. If you are not an entrepreneur and want to use Wickr, you’ll need to convince your friends to move as well.

#1 Signal

• 

  Handles group chats, SMS, voice, video, documents and picture messages
• 

  Offers disappearing messages (with a timer)
• 

  Signal protocol
• 

  Open source
• 

  Doesn’t store user data or metadata
• 

  Advocated by Edward Snowden
• 

  Needs a phone number to register

Signal is the overall winner for both iOS and Android users. Signal created an encryption protocol that is now recognized as the most secure messaging app protocol out there. It offers everything most users need – SMS, video and voice calls, group chats, file sharing, disappearing messages, etc – without stuffing the app with ads and collecting user data. It’s also an open source platform so anyone can check it for vulnerabilities. Speaking of which, a potential security flaw may have been found by an Israeli security firm, which is why its best to always use a VPN alongside your favourite secure messaging apps.

Why you should always use a VPN

End-to-end encryption isn’t foolproof. Backdoors within encrypted apps are being exploited all the time. In 2020, security firm, Cellebrite (used by the FBI, Myanmar police, and governments), announced that they were able to circumvent Signal’s end-to-end encryption. User metadata on Clubhouse was found to be insecure, WhatsApp was cautioned over its lack of end-to-end encrypted backups, and if you don’t make your Telegram chats ‘Secret’ they won’t be encrypted.

A VPN encrypts your app-traffic and online traffic, instantly, and powerfully. Paid VPNs like NordVPN, are better funded for R&D in encryption methods, so you’re guaranteed next-level security on and off the apps you use. All you have to do is turn on the NordVPN app, and everything you do online is encrypted, hiding it from snoopers who could be lurking in your network.