The 5 most secure and user-friendly private messaging apps for iPhone and Android
According to the Electronics Frontier Foundation (EFF) - one of the most prominent digital rights groups - some secure messaging apps offer more privacy against Big Brother intrusions and general surveillance than others. The organization has even rated them in a scorecard by various internal criteria, with only a few covering all requirements, including ones like "Is the code open to independent review?" or "Are past comms secure if your keys are stolen?"
Out of the handful of secret messaging platforms that fulfill most requirements, an even lesser amount are what can be called user-friendly, meaning that they don't require an overly complex setup, and function largely like your everyday chat app of choice. Needless to say, the most popular ones like WhatsApp, Facebook Messenger, Viber, or Skype, are way down the list in terms of security, but there is a new generation of private messaging apps that offer both protection, and are suitable for daily drivers.
Check five of the best in the list below, as rated by the EFF scorecard in terms of security, and handpicked by us according to their user-friendliness:
There is hardly a better affirmation for a secure communications app than one from Edward Snowden himself, and Signal is the one that scored the whistleblower's endorsement here. The devs from Open Whispers recently rolled their secure messaging and encrypted voice call platforms in one Signal app.
They also redesigned the interface, making Signal a one-stop-shop for all your private communications needs, be it private chat, secure file exchange, or encrypted calls. The beauty of Signal is that it looks and feels just like your everyday Materially Design-ed chat app, yet offers end-to-end encryption and TOR functionality, the works.
Look, Mom, no NSA! Telegram recently became infamous in the news, as it turned out that it was used by ISIS for secure messaging between its followers, which, on the flip side, is one more testimony for its virtues. Ever since the NSA snooping on our every line of communication became known, a new breed of apps has emerged, focused on security and encryption. The Telegram instant messaging application is one such cross-platform undertaking, and the devs claim that it has the fastest IM network out there on account of the decentralized infrastructure. It has data centers all over the globe, routing you through the closest possible server. We suspect this will also make it harder for the authorities to subpoena any particular provider, but the security features don't end here. Naturally, there is end-to-end encryption for messages, leaving no trace on the servers, too, and you can also set them to self-destruct after a given period from the mobile devices themselves, so you can rest assured all footprints of your communication will be gone after the chat session is over.
Pretty neat for privacy freaks, but should you decide you need your messages stored for future access, they will be securely encrypted in the cloud, so you can access them any time from any Android or iOS gear. In addition, there are no messages size and length restrictions, and you can forward media and files with your messages, including videos up to 1 GB of size. Group chats can include up to a hundred people at once, so quite a large team can take advantage of the app, too.
Threema, by the German developing house with the same title, not only features a polished, easy to use interface, but it also offers end-to-end encryption for all of your communication venues, like messages, group chat sessions, file exchange (including media), and statuses, as it also functions like a mini social network of sorts.
This is Threema's added value, as it allows you to set secret polling groups, send texts and voice messages on the hush-hush, verify contacts by scanning their private QR code, and many more. On top of that, you can exchange any kind of files, media and links, with handy previews when you send them, just like on your run-of-the-mill chat app.
As a brainchild of renowned activist hacker Nico Sell, Wickr has been born out of long Def Con sessions, and the desire to provide whistleblowers with a secure line of communication that the government can't subpoena. Well, it can, but the military grade encryption means that the messaging is scrambled, and there is nothing on Wickr's servers that can identify the account holders, too. You might have noticed Wickr being featured in Iggy Azalea's "Black Widow" vid, or heard about Australian politicians using it to hide the content of their communication, adding further to the app's street cred.
You can chat and exchange files or media in a self-destructing style, ranging from six days to a few seconds, and the period can be adjusted individually for each message. Being a Nico Sell creation, she has also tried to make Wickr as user-friendly as possible, with a fast and polished interface, plus an extremely zippy setup process, compared to most other secure communication apps with the same level of encryption, so it can easily replace all your Whatsapp, Viber, Facebook Messenger or Skype sessions with not that much to be missed from those, save for web link previews.
We are placing ChatSecure here as, despite the highest EFF scorecard ranking, it is not the prettiest and most user-friendly. It is still comfortable enough to use, and at the same time fulfills all the requirements of the EFF, down to the "Is security design properly documented?" checkmark, which can be said for only two such apps.
In its essence, ChatSecure is an open source secret chat app, sporting OTR encryption over XMPP. The beauty of that setup is that you can probe your current Facebook or Google accounts securely, make new ones on various XMPP servers, even via Tor, or, alternatively, make your own server for added defense.
Being free and open source, ChatSecure can work with any other platform that supports OTR and XMPP, like Adium, Jitsi, and others. The downside - well, it's a bit techy and clunky to set up and operate, compared to the others, but is undoubtedly one of the most secure to use out of the whole list.
Bonus: iMessage (6/7 EFF criteria)
Yep, your humble default iPhone messenger has end-to-end encryption now, unlike Google's Hangouts, so the NSA and FBI have been murmuring lately that Apple doesn't turn iMessage chat sessions over to them. Even if it wanted, Apple couldn't do it, as the messages are now encrypted for the provider, too, and the few times Apple was able to comply are when message backups were stored unencrypted to iCloud, for instance. Authorities keep pushing Apple to provide them with a backdoor access but it seems to be of no avail for now, which bodes well for all iPhone users that are accustomed to iMessage.
Unfortunately, the fly in that honey is that you can't verify the encryption keys that Apple sends you, like in Signal, for instance, due to the walled garden nature of Apple. It's not that many people would be verifying their encryption keys offline, but the sheer ability to do so, bodes well for the centralized encryption service, and would ensure that backdoor access is almost impossible to grant on the sly at some point.
source: EFF Secure Messaging Scorecard