Best and Most Secure Messaging Apps: Facebook And WhatsApp Are the Least Safe
According to a new study, there are only six messaging apps that are actually secure for avid message users. Facebook, Google and WhatsApp are the least secure.
The electronic messaging study, conducted by the Electronic Frontier Foundation (EFF), carried extensive tests on popular tools such as Apple, Google, Yahoo, Blackberry and Facebook, just to name a few, and only found six applications that past the security test. With the new study, will people change their minds about messaging?
The criteria for the most secure messaging applications, according to the EFF's study, is the app had to pass seven possible questions: One, is the data encrypted in transit? Two, is it encrypted enough so that the provider cannot read it? Three, can the service verify the user's contacts' identities? Four, are the past communications secure enough if the keys are stolen? PC Magazine reported.
The remaining criteria to be met were: Five, are the codes open so that an independent review could be conducted? Six, is the security design properly documented? And seven, has the code been checked or audited? The EFF checked out 39 services that offered these messaging applications, PC Magazine reported. All 39 messaging apps could conceal messages during travel. However, few of them had satisfied all of the security requirements.
Out of the 39 apps, the EFF study found the secure six: ChatSecure + Orbot, Cryptocat, RedPhone, Silent Phone, Silent Text and TextSecure.
Popular companies such as Apple, Google Hangouts, SnapChat, Skype, WhatsApp and Facebook Chat only passed a few of the tests. One of the researchers from the EFF study says that users need more safety, especially when we live in an environment where everyone's digital information is out there, PC Magazine reported.
Apple fared well; they passed five out of the aforementioned seven requirements. It lost points, however, when it came to verifying the contacts' identities, and even opening its code for independent review. WhatsApp, Snapchat, Skype, Google Hangouts and Facebook chat only passed with two: They could encrypt the information in transit, and the code could be checked or audited, PC Magazine reported. AIM only passed with one: encryption in transit.
Not everyone is technologically savvy when it comes to securing their messaging on a day-to-day basis, the EFF study acknowledges.
"Messaging tools that are really secure often aren't easy to use; everyday users may have trouble installing the technology, verifying its authenticity, setting up an account, or may accidentally use it in ways that expose their communications," one researcher from the EFF study stated.
Similar to AIM, Blackberry Messenger, Viber and Secret only scored one point. They can only secure data from device to service, and, even so, the metadata that is associated with those messages might not be entirely scrambled, Engadget reported. But so far, Apple is protecting the users' messaging data.
One analyst finds the Electronic Frontier Foundation (EFF) study enlightening, but they do not think that the user will consider the security of messaging in the long-term. Rick Holland, the principal security and risk management analyst for Forrester, says that the information is more relevant to industry insiders and observers, rather than the average consumer, Newsfactor reported.
"Unfortunately, consumers have a short memory," Holland said, according to Newsfactor. "I think this will have a minimal impact to non-techie/tinfoil-hat consumers. Tech-savvy individuals will certainly change their behavior based on the performance."
Holland adds that users should do their own research in finding out what is message secure, rather than trust in those that heavily promote it. He also referenced the infamous iCloud celebrity hacking scandal.
"Consumers should be aware that the marketing of privacy is very different than the reality of privacy," Holland said. "The mainstream media coverage of the iCloud celebrity hacking raised general consumer awareness around security and privacy of messaging apps."
But there is hope, Google is doing something. The Android Security Team has built the new "nogotofail" tool; it provides a user friendly way to confirm that devices or apps are safe against known vulnerabilities, PC Magazine reported.
"Nogotofail" is compatible with Android, iOS, Linux, Windows, Chrome OS, OSX and any other device that connects to the Internet. Users can even configure the settings to receive notifications on Android and Linux.
"We've been using this tool ourselves for some time and have worked with many developers to improve the security of their apps," Chad Brubaker said in a blog, the Android security engineer. "But we want the use of TLS/SSL to advance as quickly as possible," PC Magazine reported.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!