About the Author: Stephanie Britt is a UCLA alum and CIPP/US-certified privacy rights advocate.
Modern consumers live in their phones. But how do you balance the ease of messaging technology with its known risks to personal privacy?
In response to security risks and privacy concerns, many messaging apps have implemented end-to-end encryption to promote trust among their users. However, the degree of privacy users get still varies from app-to-app depending on what information is encrypted and the app’s general design.
End-to-end encryption (E2EE) helps to keep prying eyes away from your messages. When you send a message to someone, you use a public key to encrypt the message. Then, the recipient uses a private key to decrypt the message so they can read it.
Here are five messaging apps that use end-to-end encryption:
1. Facebook Messenger
“Secret Conversations” is the latest E2EE feature by Facebook Messenger that allows users to allot their messages a specific time (from 30 seconds to a day) before they disappear. This privacy mode is designed to keep the personal conversations of Facebook’s over 900 million users “secret.” However, the encrypted mode is limited in its utility. While it is available to users, it provides few incentives for users to make the switch. The encrypted mode only covers the devices where the conversation started and cannot be transferred across different devices. In addition, Secret Conversations cannot support other messenger features like GIFs, videos, and payments across devices. As a result, the default-unencrypted setting continues to dominate Facebook Messenger.
WhatsApp implemented E2EE for its one billion users, but with a catch. Although WhatsApp cannot read the content of messages, they still keep a record of who messages are sent to, at what time, and when recipients read messages.
The extent of encryption is also limited to your personal device and does not extend to Cloud services. If you allow WhatsApp to perform online backups to the Cloud, then the content of your messages is released. To prevent this, go to your WhatsApp Settings, click on “Chats,” then press “Chat Backup,” and make sure to turn off “Auto Backups".
Finally, there’s the issue of WhatsApp sharing user data with Facebook (Facebook owns WhatsApp). You can prevent this by going to “Settings” and opting out of sharing your data with Facebook for targeted ads. Though keep in mind that, regardless of user opt-out, Facebook will still have access to WhatsApp’s data for the following purposes:
- Improve infrastructure and delivery systems
- Understand how these services are being used
- Secure systems and fight spam, abuse or infringement activities
Apple’s iMessage encryption was the subject of significant controversy in the case of Apple v. FBI. This high-profile case was a stand off between the government and tech companies to protect users' data from unconstitutional access. The final result was that iMessage will continue to provide E2EE for its 250 million users and keep all their user data private. However, their data may not remain private if users back up their messages to iCloud, where the messages may be at risk of being accessed.
Like Facebook Messenger, Google Allo does not have E2EE by default. Allo utilizes artificial intelligence through a feature called Google Assistant that reads users’ messages to develop personalized suggestions. Allo does provide E2EE encryption if you switch to Incognito Mode, but doing so disables Google Assistant. Therefore, users have little incentive to change Allo’s privacy settings because the features that make it unique will be disabled.
Signal was built as a private messenger, so privacy is at its core. Signal has E2EE on all messages, and does not store your contacts or any metadata. In addition, if you backup your messages (with iCloud for instance), none of the content is shared. Finally, the app’s code is open source meaning the public can inspect it for security flaws. Signal’s primary drawback is that it is not as commonly used as some other messaging apps.
Please note that none of the information above can be considered an endorsement of a company or product.