How Secure Is Your Messaging App?
PC Magazine|February 2019

Which messaging app would you choose for absolute security? Every developer will say they responsibly consider the security and privacy of their users. But with so many different choices, it can be hard to tell which messaging platforms you can trust.

Ben Dickson
How Secure Is Your Messaging App?

This set of criteria can help you evaluate the security of your messaging apps and decide how far you can trust them.

ENCRYPTION

Virtually no messaging app sends your messages in clear text format; all platforms use some form of encryption to scramble messages and prevent unauthorized parties from reading them. But not all forms of encryption are equally secure.

Some apps encrypt your messages in transition and storage, but also hold a copy of the encryption keys. This means they can decrypt and read the content of your messages. Companies that use this form of encryption usually do so to mine user data for advertising purposes. Examples include the soon-to-bephased-out Google Hangouts, Skype, and WeChat.

But if the servers of these companies fall victim to a data breach, malicious actors will gain access to the keys and can also decrypt your messages. The companies that host these services are then open to warrants from government agencies that want to investigate users’ private communications.

The most secure platforms employ end-to-end encryption (E2EE). These apps use public key cryptography to encrypt messages: For each user, the platform issues a pair of public and private encryption keys. It stores the public keys on its servers, but private keys are stored on user devices only.

Users can retrieve one another’s public keys from the servers to encrypt their messages. Each message encrypted with a public key can only be decrypted with its corresponding private key, which is in the exclusive ownership of the recipient. End-to-end encryption ensures that not even the company that hosts the application can access a message’s content. Even if hackers break into their servers or three-letter agencies force them to hand over user data, they won’t be able to decrypt the content of messages.

This story is from the {{IssueName}} edition of {{MagazineName}}.

Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 9,000+ magazines and newspapers.

This story is from the {{IssueName}} edition of {{MagazineName}}.

Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 9,000+ magazines and newspapers.