SECURITY EVANGELIST

If you want to see all the best encrypted messaging apps in one place, then this is the guide you’re looking for.

We did a roundup of these encrypted apps because the battle for our data is fiercer than ever. Governments crave for it, companies seek access to it, and cyber criminals probably want it the most.

But what’s so special about my data?

The fact that it’s yours and it can be monetized one way or another, by any of the entities listed above.

Wake-up call: the data you share in your IMs


Today I’m going to focus on a big chunk of your data that I bet you disregard as unimportant: the information stored and share in instant messages and text messages.

Messaging, either via the Internet or through good, ol’ SMSs, is today’s go-to communication method. No doubt about it.

Younger generations – from Y to Z – would rather text than call someone at any time of day and night (myself included). And not only them. Employees in companies of all types and sizes are heavily using instant messaging apps as well.

This means that a huge amount of data is stored, transmitted and shared through these messages.

Data like:

data stored in instant messages

And this doesn’t happen only on mobile devices. Now instant messaging apps are cross-platform, so you can sync your conversation across your smartphone, tablet and desktop. Messaging apps also offer the option to be used for both online IMs and SMSs.

Everything is just a click or a tap away. But not only for you.

You may think you’re sharing data confidentially when using Facebook Messenger, Skype or Snapchat, but sometimes it’s just an illusion.

Without end-to-end encryption, your conversations are right in the crosshairs of cyber criminals, government meddling and amoral marketers.

Here’s a recent example of how security holes in these apps can expose your data to malware and other cyber threats:

The Check Point security research team discovered a vulnerability in Facebook’s Messenger (both the online version and the mobile app) that would allow an attacker to modify the contents of someone’s chat history as well as give them the ability to spread malware through the chat service. […] This vulnerability existed because messages are normally stored on Facebook’s servers, and Facebook could also modify the messages itself if it so desired. The attackers are simply using a capability that Facebook already has.

Source: Tom’s Hardware

Do I have your attention now?

Good. Because you’re going to want to find out about this.

Why end-to-end encryption matters


In a nutshell:
End-to-end encryption means encrypting communications in order to make information unavailable to third parties. So when two or more devices communicate via an app that features this level of encryption, the information will be transmitted using a secret code rather than insecure plain text.

As a result, only the people communicating can read the messages and no other person. Not even Internet service providers, the app maker, the government or anyone else.

The data is protected against tampering, surveillance, cyber criminals while it’s transmitted and stored. The encryption key is stored locally, for improved protection.

Martin Kleppmann, former Rapportive co-founder and LinkedIn engineer, sums up the value of end-to-end encryption in a great blogpost:

Although encryption in transit is widely used, it has serious security problems.

For example, the service provider could be hacked by an adversary, or compromised by an insider, causing sensitive information to be leaked. A fault in the service provider could cause data to be corrupted.

For these reasons, security experts are pushing towards widespread use of end-to-end encryption, which reduces the exposure to such attacks.

His comparison between different types of data encryption is also useful to explain the difference between the widely used encryption in transit and the more secure end-to-end encryption process:

end-to-end encryption comparison

Source: Martin Kleppmann’s personal blog

Key takeaway: a truly secure messaging app will feature end-to-end encryption as part of its features.

So are you ready to explore some of the most secure instant messaging apps out there?

Let’s do this!

The most secure messaging apps


1. WhatsApp

whatsapp logo

It’s a good sign that the most used messaging app in the world has finished implementing end-to-end encryption. This took around 6 months to implement, but it sends a clear message that this type of encryption should be the norm.

Security-wise, if cyber criminals were to breach WhatsApp today, they couldn’t decrypt your conversations. That’s due to the encryption and to the fact that WhatsApp doesn’t store your messages on its servers.

App cost: FREE
Users: over 1 billion

2. Viber

viber logo

When it launched its 6.0 version, Viber also rolled out end-to-end encryption, making its users safer. The app maker even created a Viber Encryption Overview which serves as a great guide for those who want more details on this security enhancement.

The guide mentions one exception which this encryption level doesn’t cover: attachments shared via the iOS Share Extension. Here is the official statement:

Attachments sent using this method are still encrypted in transit (using HTTPS), but are not end-to-end encrypted. To ensure that your images and videos are fully end-to-end encrypted, send them from your Viber application directly and not from the iOS pictures library. This limitation applies only to iOS and will be addressed in a future release.

As long as you make sure to use the sharing method pointed out by Viber, your data will remain encrypted from your end all the way up the recipient.

App cost: FREE
Users: around 754 million

3. LINE

LINE logo

This app has quite an unusual story. It was originally built by a team of Japanese engineers as a solution to communicate after the devastating Tōhoku earthquake which happened in 2011. The calamity damaged the telecommunications infrastructure all over the country, so the only way to communicate was based on Internet-connected platforms.

Once LINE was released to the public, it grew incredibly fast. By the end of 2015, it had already passed the 700 million users mark. Yes, one could say they’re big in Japan!

The same year, LINE added end-to-end encryption to its platform. This featured is called “Letter Sealing” and it’s available to all its users. They just have to turn it on to benefit from it.

App cost: FREE
Users: over 700 million

4. Telegram

telegram logo

In their own words: “Telegram is a messaging app with a focus on speed and security.”

When WhatsApp was temporarily banned in Brazil, users flocked to Telegram by the millions. The messaging app now has over 100 million active users every month and growing constantly.

Telegram offers end-to-end encryption as well, being considered one of the most secure messaging platforms. All users have to do is go in the app’s advanced settings and turn on “Secret Chats.” Here’s more about this feature:

And when you delete messages on your side of the conversation, the app on the other side of the secret chat will be ordered to delete them as well.

You can order your messages, photos, videos and files to self-destruct in a set amount of time after they have been read or opened by the recipient. The message will then disappear from both your and your friend’s devices.

All secret chats in Telegram are device-specific and are not part of the Telegram cloud. This means you can only access messages in a secret chat from their device of origin. They are safe for as long as your device is safe in your pocket.

App cost: FREE
Users: over 100 million

5. KakaoTalk

kakaotalk logo

Similar to the messaging apps listed above, KakaoTalk also fully encrypts our conversations. It started doing so back in 2014! All you need to do is use the “Secret Chat” option.

The app makers boast that KakaoTalk is used by over 90% of smartphone users in South Korea, for which privacy and data security are main concerns.

App cost: FREE
Users: over 170 million


6. Signal – Private Messenger

signal messenger app

This secure messaging app has quite a rich history, which I’ll try to sum up for you.

Whisper Systems created Signal as a successor to two separate apps dedicated to encrypted voice calling and encrypted texting.

Encryption was always at the core for the company’s products. When Twitter acquired it in 2011, the goal was to improve the security in the microblogging platform.

The company continued its efforts by launching Open Whisper Systems, an open source, collaborative project. Signal was created in this context, and it’s open source itself.

Signal is used by leading figures in cyber security and data privacy, such as Edward Snowden and Bruce Schneier! That’s because in Signal all communication is encrypted end-to-end by default.

App cost: FREE
Users: no relevant data

7. Cyber Dust

cyber dust logo

This messaging app is a bit different, but still uses end-to-end encryption as a main security and privacy feature. You may think of Snapchat when you’ll read about its features, as they’re listed on the website:

Cyber Dust allows you to communicate freely and honestly. Send and receive text messages, stickers, links, photos, videos and more.

Your messages are protected from screenshots and disappear after they are read.

They are heavily encrypted and never touch a hard drive- not even our own.

Once your messages are gone, they are truly gone forever, never to be recovered.

FYI: users do have the option to keep the messages from disappearing if they want to.

What Cyber Dust is trying to create is a social communication platform with enhanced security and privacy. Forbes, the Financial Times, Business Insider and Inc.com are all famous users in the platform.

Will it be as successful as they plan? We’ll just have to wait and see.

App cost: FREE
Users: no relevant data

8. ChatSecure

chatsecure logo

This is an app for those who have a knack for the tech stuff. ChatSecure is an open source encrypted chat app available for both Android and iPhone.

ChatSecure was created by the Guardian Project, “a global collective of software developers, designers, advocates, activists and trainers who develop open source mobile security software and operating system enhancements.” (Source.)

The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. These are meant to ensure complete privacy and are mainly used by journalists in their investigations, when having to talk to their sources. But it doesn’t mean you can’t use it if you’re not a journalist.

ChatSecure is very open about the encryption protocols it uses to show users that their communication is truly safe while using the app.

App cost: FREE
Users: no relevant data

9. Threema

threema logo

These guys put it in the name:

Threema started life as an abbreviation: “EEEMA”, for “End-to-End Encrypted Messaging Application”. The three “E”s were a bit unwieldy, so it became “Threema”.

Everything you communicate while using Threema is encrypted end-to-end: not only messages, but also group chats, media files and even status messages.

The app makers also boast that they delete the messages you send from their servers once they’ve been delivered.

Made in Switzerland by an independent company, Threema claims to be one of the most secure messaging apps on the market. It also tries to offer all the details necessary to back this statement.

App cost: 2,99 EUR
Users: 3,5 million in 2015

10. Wickr – Secure Messenger

wickr logo

The company that makers Wickr – Secure Messenger was created in 2012 by a group of security experts and privacy advocates. Consequently, the app features end-to-end encryption as a standard for all communications.

What’s more, the users can also send encrypted files which can expire after a certain date. This also works for files, and users can select when the content will self-destruct.

This page dedicated to the encryption standard used in Wickr is extremely useful for those who want to understand how end-to-end encryption works. Here’s a taste of it:

wickr encryption layers

App cost: FREE
Users: no relevant data

11. Cyphr

cyphr logo

Thought the list was over? There are actually a few more apps to explore!

Cyphr is one of them, and it claims to have two main benefits: ease of use and encrypted communication. End-to-end, of course!

The company’s Chief Technical Officer explains how Cyphr works in a very relatable way, so we recommend you read the page before you install the app.

Golden Frog, the company which makes Cyphr, also makes a VPN product, so they certainly know a bit about privacy and security.

Although it doesn’t have desktop and web apps yet, Cyphr is worth a try.

App cost: FREE
Users: no relevant data

12. CoverMe

coverme logo

CoverMe is another app that you can use for its encryption of your messages and files sent using the app. By using it, you can also make encrypted voice calls.

And there’s a private vault you can use to store your files in! Sounds pretty good, doesn’t it?

App cost: FREE
Users: 500.000 users in 2013


13. iMessage and FaceTime


imessage logo

If you use an iPhone and a Mac, your data is as safe as with any of the solution mentioned until now.

There’s been a lot of controversy surrounding the case of the San Bernardino attacker’s phone, which led to the encryption dispute between Apple and the FBI. As a result of this argument, Apple restated its commitment to privacy and security, showing that they’re ready to go to court to defend this aspect of their business.

Apple’s approach to privacy emphasizes encryption as a key benefit:

Your iMessages and FaceTime calls are your business, not ours.

Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime, and with iOS and watchOS, your iMessages are also encrypted on your device in such a way that they can’t be accessed without your passcode.

Apple has no way to decrypt iMessage and FaceTime data when it’s in transit between devices.

And they even explained how secure iMessage really is, so you can feel confident about using it to keep your communication safe.

App cost: FREE
Users: “300 billion messages [sent] using iMessage, and the service currently delivers an average of 28,000 messages per second” (2016 statistics)


More to come


The list ends here for now, but I have a feeling I’ll have to update it soon.

For example, Google announced, in May, that Allo will soon be launched (pre-register here). Allo is a messaging app that promises to include end-to-end encryption. What’s more, Open Whisper Systems, the makers of Signal, will provide the encryption through an already established partnership.

There are also a lot of smaller apps, such as Surespot or Cryptocat, which are not fully developed yet, but could evolve in the coming months/year. I didn’t include them here, but I’ll keep an eye out and update the list whenever a big change takes place.

The Electronic Frontier Foundation is also preparing a new guide that will evaluate and compare secure messaging apps, as the old comparison chart has become outdated. And it’s really not an easy task to analyze these apps, so be patient – the guide will be published soon enough.

Until then, just keep in mind that apps such as Kik, Google Hangouts, Facebook Messenger, Instagram, Snapchat, Twitter and Skype are not encrypted end-to-end, so your conversations and files sent over these platforms can still be compromised.

Although rumors say that Facebook is planning an encrypted version of its Messenger bot, we’ll have to wait and see what progress they’re making in this direction.


How you can make end-to-end encryption useless in one fell swoop



It’s great that the Snowden NSA leaks have led to the advancement of encryption up to the point that it’s become almost a standard! But users can still make end-to-end encryption futile by:

  • Choosing weak passwords for their online accounts
  • Reusing passwords across online accounts
  • Not ensuring the physical security of their device.

If you choose a weak password, it will be easily compromised through a brute-force attack. (Learn how to get better at password management.)

If that weak password is reused on multiple accounts, the encryption level won’t even matter. A cyber criminal will be able to get in your account and read all the information in it.

If you don’t protect your phone/tablet/laptop with a password or fingerprint, anyone will be able to browse at will through your apps and messages.

The point is that, once the message has reached you, it’s up to you to keep it safe through all means possible. And encryption can’t help you in this case. That’s your responsibility, as a user.

If you want to explore more data encryption methods, we have a dedicated guide you’ll find helpul.


End-to-end encryption is not bulletproof



To keep things grounded, it should be clear to you that no software or hardware can provide bulletproof security.

Don’t buy into the “we’ll solve all your problems with 1 click” sales proposal. Software and hardware makers who are serious about their products will be transparent about how their product works. They’ll also help you make the most of it.

Remember that security and privacy are not linear. Changes may happen, which is why software updates are crucial! They modify the way an app works to improve its safety and stability.

Conclusion



We’re slowly crossing over into a new era of security and privacy-oriented products – and I’m really confident about this. As always, the change is driven by a relatively small group of people. But the transformation is beginning to be more and more visible.

Just take encryption, for example: it used to be the speciality of a few experts, but now millions of users have it on their phones. I look forward to what the future will bring and I’m glad you’ve made a choice to do the same.

How do I know?

You’ve already read this entire guide!


Improve your Online Privacy
2016.11.28 INTERMEDIATE READ

11 Steps to Dramatically Improve your Online Privacy in Less than 1 Hour [Updated]

Free Encryption Software Tools
2016.06.02 SLOW READ

9 Free Encryption Software Tools To Protect Your Data [Updated]

Security Privacy Combo
2015.01.21 QUICK READ

Heimdal Security + VPN/Proxy = The Ultimate Security & Privacy Combo

Comments

completely moronic. Does not say what the hell the apps run on… desktop, iOS, android,
fish poop… on to a site with forethought…

A comprehensive list, however, Telegram, WhatsApp and Viber can hardly be called completely secure. Great to see Threema here, but I would add Symphony https://symphony.com/, which is more corporate-oriented for finance companies, and VIPole https://www.vipole.com/ got both a free privacy app and team solutions.

Wire has messaging, voice calling, and video calling, all end-to-end encrypted.
Wire is cross-platform, and you can use it on multiple devices. Available on Android, iOS, Windows Mobile, Windows 10, macOS, and the web (works on Chrome OS). http://www.wire.com

Which of these can be used across multiple platforms? I’m trying to find a free application that can be downloaded to a computer primarily and work across a switched network. If there is a phone app to accompany it, that may be a bonus. We were using Squiggle (secure because nothing leaves the network of it’s own accord), but now we’re looking to be able to chat between networks.

You can find details about each app on their website. Most of them are cross-platform, so you should have no issues using them across multiple devices.

Wire is cross-platform, and you can use it on multiple devices.
Available on Android, iOS, Windows Mobile, Windows 10, macOS, and the web (works on Chrome OS).
http://www.wire.com

Hi Dinos! Thank you for the suggestion. We don’t do reviews, but we’ll consider adding this app. Have a great week!

After reading this post, I realized that- Whatsapp is the world’s most secure app for my privacy. But sometimes I use Facebook Messenger for my private calls. Is it secure for me? or, Facebook Messenger is how much secure?

Hi John! Whatsapp is a good option indeed. Facebook Messenger has an option called Secret Conversations, but it has some limitations. Here are more details: http://www.hongkiat.com/blog/facebook-messenger-secret-conversion/ (We’ll update this article soon to include the details.)

SaltDNA should be here. You should review it and it’s use for the enterprise.

Thanks for the recommendation, John! Our list was destined for home users, that’s why we didn’t list any corporate products. But it’s good to have in mind in any case.

Ahhh, no problem thanks for the reply Andrea. I’d really recommend looking into SaltDNA in the future. Is the perfect solution for businesses.

For online chatting firstly i choose the Whatsapp always. But recently i download imo chat software on my android device. After reading you post; i know that whatsapp is safe for private calls or chat. But i want to know about the imo. Is imo safe for private calls?

Hi Jaqueline! I think this link will help you get the information you need: https://www.quora.com/Is-it-safe-to-use-IMO-for-video-call

[…] end-to-end encryption, your conversations are right in the crosshairs of cyber criminals. In fact, a recently discovered […]

What about man in the middle prevention?
About zom.im, conversation and SecureChat?

I could not dwonload from the url. Can I get it from a ftp server?

Really? Whatsapp? Secure? My foot!
Never heard of something called BBM? Do a little research before u publish something rubbish!

this is really bad that you didn’t mentioned most secure, Kryptochat app
whatsapp has worst encryption standard, Telegram and signal and cyphr are most secure ,after KryptoChat
KryptoChat is a secure messaging application based on military-grade encryption and other security features.

KryptoChat uses a military-grade encryption of the level RSA 8192-bit for asymmetric encryption, AES 256-bit algorithm for symmetric encryption and SHA-512 for signature algorithm. Custom encryption can be developed even at higher grade with multi-layers of symmetric encryption (up 99 layers using different algorithms).

KryptoChat also uses protocols like Transport Layer Security (TLS), Off The Record (OTR) Protocol for chat, ZRTP for VOICE, and other security features like certificate pinning on dedicated Certification Authority.

source:http://www.kryptochat.com/

Hello there,
are you working for Facebook ?? How do you trust them ? did you execute a penetration test over the whole facebook network/servers? How you can say that WhatUP is secure ?
Also today the pigs fly ..

[…] While there are many secure messaging applications out there, this one is open source and really protected. The main issue is that the […]

is facebook actually safe to use ? thanks in advance

[…] Private messaging apps like Messenger and Whatsapp now outperform the major social media networks in terms of active users, both boasting more than 1bn people using them regularly. Many businesses are already engaging with customers and target audiences with these apps and most people now expect to be able to communicate direct through these channels. […]

is telegram really encripted ? because i have t make some personal and confidentional chats

You can read the details on their website. And yes, it is really encrypted.

Can you please also review Safeswiss secure communication?

We’ll check it out, Tim! Thanks for the suggestion.

Can you review Ceerus?

Hi John! Thanks for your suggestion. We’ll see what it’s all about and if it’s worth including when we update this guide.

“The app features two encryption protocols called Off-the-Record Messaging and Extensible Messaging and Presence Protocol. ”

Since when XMPP is an encryption protocols ? Even in the wikipedia page the lake of end-to-end encryption is list as a weakness of xmpp (https://www.wikiwand.com/en/XMPP#/Weaknesses ).

It’s good to provide sources, it’s even better to proof read them 🙂 Especially when we deal with encryption, encryption is a serious business.

Thank you for the feedback! We’ll make sure to make this even clearer on the next update on the guide. I completely agree that encryption is very serious business, so your input is more than welcome. Thanks for making the time for it!

how does Whatsapp work concerning the phone bill? Will it show calls or video on the bill?

Hi Debi! No, those are conducted via your mobile data, so only the cost of the mobile data will be mentioned on the bill.

Thank you for sharing!

I have been looking for secure communication solutions for a while now.
Another part of secure and private communication, is whether or not the meta data is encrypted.

The seemingly most secure Signal, claims to not store information on their servers, but technically, they (or FBI, NSA, …) could read/store a lot of information about users, e.g.
– Who called who at what time.
– How long the call lasted
– Their phone numbers
– Their IP address (thereby a fairly safe way of locating the user)
– There’s probably even more meta data

This doesn’t make it insecure, but it does create a trail of valuable data.

Very good point, Dan! Thank you for sharing your perspective on this. Choosing the most secure app for messaging is a lot more challenging than it seems, but we hope we’ll all learn how to get better at this.

Good Point.All the point are logical.

[…] Encrypted messaging apps – to ensure that your communication is secure, both in terms of messages and files shared […]

Can you review Textnow?

Hi Kristy! Textnow is not encrypted, so it can’t be part of the list. If that changes, we’ll consider adding it.

[…] are other options, but since we already have each other’s number we can transition seamlessly.  The choice to […]

Claude S Poliakoff on November 9, 2016 at 4:05 am

Dandy review. The only thing I had to go to individual websites to find, was the availability of device specific apps. I voted for Telegram, It will be nice to see if they perform as expressed. Thanks

Thank you, Claude! We’ll make sure to update the article to include these details as well. It would definitely make things easier for other readers as well. Thanks for reading and for providing feedback on it!

Hi We have been using safeswiss encryption. These guys are a new Swiss based startup thier UI and end to end encryption including voice is very good.
Thank
Shannon

Good list. A few of us use Squealock (squealock.com). It is way up there in terms of security. Surespot should be on here too.

squealock is not openscource it is closed so there is no way of checking the code to see if it is secure

[…] In the past few months alone I’ve seen tons of end-to-end encryption chat apps and whatnot, so at the very least there’s a growing market there. Developers and […]

200% agree with you.
Yes that toms hardware article decent alarm for cyber security.

[…] you want to check out some alternatives, we published a list of the best encrypted messaging apps a while […]

[…] you’re interested in the available options, I put together a list of the best encrypted messaging apps available at the […]

[…] In our mission to help you with cyber security, in this past week we published an article about the best encrypted messaging apps. […]

Wickr has all the features I need but it is too buggy and they deny any problems.

Download Connect! Messenger the world’s most safe and secure messaging app from google play store.
Link-https://play.google.com/store/apps/details?id=com.wCONNECTMESSENGER8&hl=en
website-http://www.connectmessenger.ml/

Download Connect! Messenger the world’s most secure messaging app from google play store.

Link-https://play.google.com/store/apps/details?id=com.wCONNECTMESSENGER8&hl=en

website-http://www.connectmessenger.ml/

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP
177 queries in 0.470 seconds