It's not about something to hide, it's about something to lose.
— Edward Snowden (@Snowden) November 4, 2015
Unencrypted messages are like postcards, anyone can grab it and read it. Most people are confused & puzzled about privacy and the jargon around it. Feeling guilty? Don’t be, even Glenn Greewald (the journalist at The Guardian who published the NSA’s global surveillance articles) ignored the 12-minute instructional video created by Edward Snowden’s (posed as Cincinnatus) explaining encryption and how to set it up so that he could send some sensitive documents via an encrypted route.
Encryption at core is extremely complicated but over the years cryptographers have worked hard to make it work for anyone who wants to use it. That doesn’t mean it can easily be cracked or decoded. If done right, it is extremely difficult and almost impossible to decrypt and read the encrypted message.
new daily record: 10B+ msgs sent (inbound) and 17B+ msgs received (outbound) by our users = 27 Billion msgs handled in just 24 hours!
— WhatsApp Inc. (@WhatsApp) June 12, 2013
Messaging has become the integral part of our communication, WhatsApp alone clocks more 27 billion messages per day. So it has become very important that you secure your conversation and data with everyone. Most good messaging apps have now enabled end-to-end encryption, which means encrypted messages can’t be read by anyone other than the intended recipient. Any person trying to hijack the conversation and intercept the message could only get some gibberish text which won’t make sense at all.
There are various ways encryption is achieved for messages, the most common way is every person you start an encrypted conversation with is initiated with a handshake between the devices which cannot be replicated between other conversations. An encrypted message sent from you phone could only be decrypted by the intended recipient’s phone. Some apps even go a step beyond and adds an extra layer of protection, by letting to set the messages to self destruct after it has been read. Don’t worry everything happens in the background which makes it really easy for a user to use. All you have to do is send a message and the encrypted apps handle the rest.
Here are some of the best encrypted chat apps which let you securely message people without worrying about being snooped upon.
This list is more inclined towards providing information about its security and encryption, this won’t talk much about its feature list. In this age, the first priority for a messenger should be user privacy & security over stickers and animations.
iPhone exclusive, iMessage is end-to-end encrypted by default since the beginning. Known for fighting for user privacy, Apple’s propriety messaging service is very much secure. iPhones are encrypted by default and this makes accessing phone data too almost impossible with authentication, even Apple can’t access it if they wanted to. Even though there had been recent reports of Apple logging some information of every conversation you do via it. The logs are said just to be user information to check if the user has iMessage or not, if not then it will send an unencrypted SMS. After 30 days these logs are deleted. So if within 30 days the government legally forces Apple to give contact information of these messages, Apple will be forced to give. Sounds scary, but the relief is Apple would still be unable to give the actual conversation.
There have been reports or rather hopeful rumors that Apple might release iMessage for Android too but there seem to be really little-to-no hope of that happening with all the functionality of iMessage intact.
One of the most secure and widely applauded encryption protocol for most secure messaging apps is the one developed by Open Whisper Systems. Earlier known as RedPhone (for secure calling) and TextSecure (encrypted messaging), Whisper Systems was a startup founded by researcher Moxie Marlinspike who is considered to be one of the most influential cryptographers for creating this secure protocol. Later acquired by Twitter, made free & open-source and eventually shut down, Moxie left the company and founded Open Whisper Systems to continue developing RedPhone and TextSecure. After much more development and combining both apps together, Signal Protocol was released. Also known as “double ratchet” this protocol combines both app features in the Signal Messenger app for Android and iOS. For an Android user this also doubles up as default SMS app to send and receive (unencrypted) SMS messages but Signal conversations still stay encrypted.
Signal users are automatically end-to-end encrypted and the keys generated & used to encrypt users are generated & stored on user device and not by or on the servers, which makes it very secure. Signal Protocol being open source is funded through grants and donations. It lacks a lot of fancy features like stickers and video call but is being actively developed by Open Whisper Systems and features are being added every few months.
Signal app usually works great and has no issues sending or receiving messages but is known to have some issues while making a cross platform secured Signal call (Android to iOS or iOS to Android)
After being acquired by Facebook, WhatsApp recently enabled end-to-end encryption by using the Open Whisper Systems’s open source Signal protocol. Even though the sent and received messages are secured and unreadable without the encryption keys, the company keeps the chat logs which stay with them even after they’ve been deleted by you. A researcher even claims that these chat logs can be used to access a user device by restoring the messages. WhatsApp also shares individual user data with Facebook. Even if you have disabled it from doing so from the settings page, Facebook still has basic user data from WhatsApp. Despite all this, WhatsApp is one of the most widely used messaging app right now. So use it if you really need to use it as most do otherwise you have many other options to choose from this post.
A lot of WhatsApp features are still not secured and apart from chat everything else is being question by EFF as to how actually secure the rest of the components of the app are? But WhatsApp has enabled encryption for the most necessary and required part of the app, and for an app which is one of the most used messaging app this is an excellent.
Telegram Messenger claims to be the most secure messaging app boasting its own MTProto Protocol which is created by the founder (Pavel Durov) and they do not intent to make it open source. Most security researchers like to prod the security of these encryption protocols so instead of making it open source, Telegram has a $300,000 bounty for anyone who cracks their encryption. There has not been a single winner yet.
But Telegram is quite unique and doesn’t encrypt all the chats by default but a user can turn it ON in ‘secret chats’ to encrypt the conversations they want to. Just like WhatsApp, Telegram is filled with features from group chats to various stickers. Telegram recently introduced Telegraph, a quick way to view shared articles without leaving the conversation.
Facebook Messenger takes the page out of WhatsApp book and uses the same secure Signal Protocol for encryption.
Just like Telegram, chats aren’t end-to-end encrypted but a ‘secret conversations‘ needs to be started to make it secure. These encrypted messages are device specific so one cannot access on devices. The secret conversation can be limited by the amount of time they stay alive after which they disappear from the conversation.
By default Google obviously stores all the messages as it helps to teach the AI to help it cater your needs via the Google Assistant & Smart Reply but the messages get deleted as soon as you delete them from your device. Allo also has a Incognito Mode (just like Chrome browser does) in which the chats are end-to-end encrypted and they disappear as soon as you end the conversation. These messages are stored in their encrypted form on Google’s servers which Google cannot read but would need to provide to government if requested using a warrant. (Regular Google Product Policy).
EFF makes a strong case about Allo’s Encryption being not so secure but Allo is in its early days and Google is banking more on the Google Assistant side of the service to be the key feature so they seem to have put a lot of things at risk with the way they have implemented end-to-end encryption.
Viber 6.0 introduced end-to-end encryption: calls, messages and media is secured. Viber uses its own encryption protocol built from scratch specially for Viber. But this protocol is based on the same concept as Signal protocol but they do not share any of the Signal’s source code. Viber even stretches if encryption blanket to the secondary device you have paired with, so a secondary device like PC or Tablet is paired with your primary smartphone to share the same chat history. This is achieved by encrypting them separately but authentication is done by just once for the entire account.
Viber’s way of encryption is not the most secure yet and since they have their own spin over the famous “double ratchet” protocol there are many questions being raised by many security researchers. Viber hasn’t yet made it open source nor have they let anyone audit it. Some parts of Viber’s app are still not encrypted which they have already listed as “Limitations” which includes the any media shared via the iOS Share Extension into the Viber iOS app.
Famously used in the TV show Mr.Robot, Wickr has a cult following and most people who use it are security & privacy aware. People in the movement fighting against user privacy use Wickr for communication. Every message, image, video, audio or document sent on Wickr is set to self-destruct that can be set anywhere between one second to five days. Wickr has its own patented end-to-end encryption protocol which is part of their own patented security architecture which adds multiple players of encryption for much secure communication. Wickr does not store any messages, media or logs of users using their app.
Wickr has expanded from personal messaging apps to Wickr Professional which uses the same self-destructing encrypted messages style to help businesses communicate more securely with features catered towards working professionals.
ChatSecure is for people who use Facebook or Google account for communication and don’t want something more secure than their official apps. ChatSecure is a free and open source app that does that by using OTR encryption over XMPP. This lets your connect with your Facebook or Google account to any XMPP server (even via Tor) if you like. OTR (off-the-record) messaging allows users to have private conversations by sending encrypted messages which cannot be intercepted and read by anyone apart from the intended user. And the best part, if you lose your private keys, no previous conversation is ever comprised. But this only is secure if the opposite party is using a OTR encrypted messaging app so if you send a message via ChatSecue to a Facebook Messenger app user, they will receive the message which is not encrypted.
This app being open-source it is well audited and OTR encryption is well-known and widely used by many communication apps for various purposes to keep sessions private.
Just like ChatSecure, Conversations is a XMPP client with security on your fingertips. It lets you chat with your IM buddies and you can choose the type of encryption you like for the conversation. Conversations is a very feature rich XMPP app with TLS encrypted communication with the server, this denies any attacker access with meta data while communicating.
Conversations lets you choose sending Unencrypted messages or choose one of the three end-to-end encryption methods, OMEMO or OTR or OpenPGP encryption based on what your correspondent is using to communicate with you.
Threema is a paid app and lets you use the app without actually providing your name or number and thus keeping your identity totally private and secure. Instead of using your information for user identification, Threema ID is randomly generated for every user when you first use the app. The ID is unique and is attached with a key pair which enables the end-to-end encryption. This key is stored on the device and never goes to the server this keeping your conversations always local and secure. Threema’s has two layers of encryption one which enables end-to-end encryption for secure messaging and the second which ensure the captured network packets cannot be read by anyone. It’s encryption code is open to audit and the last external security audit they had confirms that they fully meet the requirements for secure and trustworthy messaging.
Threema also promises that it collects little-to-no data from users and only captures the necessary data the servers need to forward your messages in proper inboxes or groups. This data is not stored for long and as soon as its task is done, it should get deleted.
Threema Work is their business app to enable secure chat for organizations.
Silent Circle is a very unique company which not only provides secure messaging but is also on a mission to provide complete privacy and security. Their offering includes a secure smartphone, Android or iOS App and enterprise level communication management services.
The smartphone, Blackphone was the world’s first secure smartphone. Now, Blackphone 2 comes with a modified and much secure version of Android called the Silent OS which is built with security in mind. They promise security patches within 72 hours of release which includes a vulnerability management which release a patch within 72 hours of detection or reporting.
Part of their offering is the app Silent Phone, available for Android, iOS and Silent OS. Silent phone has end-to-end encryption and can only be used between Silent phone numbers, the app lets you burn messages after a scheduled period of time.
Silent Phone has a monthly subscription model of $9.95/month which lets your send unlimited messages, upto 100MB of files, full message burn, video calling, conference call and a technical support team to help you with anything you need with the app.
If none of that appeals you or you are one of the people who don’t like these messaging app then you must be preferring the good-old SMS/MMS for communication. But that isn’t secure, SMS/MMS are full accessible to your carrier and infact they have a record of your communication all the time which they are legally bound to provide to a court order.
For you, Silence app provides secure communication via SMS and MMS. Silence app encrypts your messages locally and send them as encrypted to other Silence users. Silence app is a fork of the Signal App so it uses the same encryption method Signal used to use for their encrypted SMS functionality. Since Signal removed the encrypted SMS feature, Silence app was created with that being the sole purpose of it in mind. It being open-source, and using Signal protocol. It is a very secure app and can withstand security audits. Silence is even a default messenger for the secure Copperhead OS.
Being a SMS/MMS app, this doesn’t require Internet connection so you don’t have to worry about the app connecting to any server to send your meta data or any information.
Despite the above list of the best secure messaging app unfortunately choosing the app you use daily will mainly be based on what your friends, family and colleagues use to communicate with you. You can try to convince everyone to use a certain app but its a tough sell and no one would leave their present messaging platform that easily. That is why this list highlights only the best of the most popular ones which are being vastly used by users. There are a lot of chat and messaging apps which claim to be secure of which many are but with low userbase it becomes pointless for anyone to switch over it to realise no one you know uses it.
Note : For now these seem to be quite open and secure with their encryption method but it really is something needs to be kept a check on every few weeks, Telegram for instance is notoriously famous for its own encryption protocol but security & privacy aficionados don’t like it because of their closed encryption protocol which cannot be audited. That is why most encrypted chat apps use the Signal Protocol which is highly recommended by most privacy advocates and security researchers.
EFF used to maintain a Secure Messaging Scorecard which ranked all the encrypted chat apps with their level of security but because of the ever-changing app features and other additions they too pulled down the scorecard to update it thoroughly.