Back in 2013, privacy and encryption was thrust into the forefront of mainstream news when NSA whistleblower, Edward Snowden, leaked a huge repository of classified materials to the press, revealing a lot of very unnerving information about the NSA’s global surveillance programs. Among what was revealed included the NSA’s capability to monitor the online activities of US citizens which include everything from browsing activity to phone calls to e-mails to text messages and much, much more.
While government spying may be worrisome, what should be even more worrisome is the fact that unencrypted transmissions can literally be deciphered by anyone “listening” at the moment. This could include your ISP or that creepy person sitting across the parking lot who’s connected to the same Wi-Fi hotspot you’re connected to.
As such, today we’ll be sharing a five of the best free encrypted text messaging apps that will help ensure your private communications stay private.
Signal is Open Whisper Systems’ own secure chat app. It’s probably the most well known of the free secure messaging apps and it also happens to be the most secure as well. It’s also the only app to be endorsed by Snowden and is approved by the United States Senate as a means of secure communication.
Utilizing the Signal Protocol, messages are encrypted using a combination of the Curve25519, AES-256, and HMAC-SHA256 encryption algorithms. All messages sent via Signal are end-to-end encrypted ensuring that the message sent can only be seen by the intended recipient. Further, both the decryption keys and the encrypted messages are stored on your device rather than on a centralized server ensuring that Open Whisper Systems couldn’t decipher your messages even if it tried.
The best part about Signal is that it simply works just like your typical text messaging app right out of the box. If the recipient of the message has Signal, any communications between that user will automatically default to encrypted which is denoted by a locked lock symbol as the transmit button. If the user does not have Signal installed or you’ve chosen to turn off encryption, a normal SMS or MMS is sent which is denoted by a unlocked lock symbol on the transmit button. In addition to encrypted text messages, Signal also provides the ability to make encrypted video and phone calls ensuring nobody will ever figure out who you’ve been talking to at 3AM in the morning.
WhatsApp is a popular messenger famously acquired by Facebook back in 2014. It’s one of the most popular messaging apps on the market as it was one of the first to allow users to message each other using data rather than the cellphone carrier’s SMS.
Back in 2016, WhatsApp announced that they completed a partnership with Open Whisper Systems to use the Signal Protocol to make WhatsApp more secure. As a result, all communications in WhatsApp are now end-to-end encrypted by default using the same encryption algorithms as Signal.
While WhatsApp is relatively secure if you’re simply trying to improve basic privacy, there are a few security caveats with WhatsApp. First is that it allows you to make unencrypted backups to the cloud. For obvious reasons, this is a bad idea. Second, WhatsApp not only leaves key change notifications off by default, but even if it’s enabled, it notifies the sender that a key change occurred only after the message has been sent. As a result, your initial message may be sent to a third party faking its identity. Third is WhatsApp’s information collection and sharing policy. Not only does WhatsApp collect quite a bit of information in order to use the service such as your IP address, mobile network, browser information, phone model, operating system, and more, WhatsApp also shares it with its parent company, Facebook.
Ultimately despite its security caveats, WhatsApp still offers a relatively safe way to communicate with strong end to end encryption that’s sufficient for most users.
Facebook Messenger is an app that most of us are probably very familiar with, but many of us probably didn’t know that it too has the capability of sending end-to-end encrypted messages.
Revealed back in late 2016, Facebook Messenger rolled out a feature called “Secret Conversations” which enables end-to-end encryption based on the Signal Protocol. However, unlike WhatsApp or Signal, Facebook Messenger’s Secret Conversations isn’t enabled by default and needs to be enabled separately for each conversation.
As such, if the recipient of your message only uses regular SMS and Facebook Messenger, and you really have to send some confidential information over, Secret Conversations in Facebook Messenger is a safe way to do it.
Obviously, from a security standpoint, I probably don’t have to point out all the information that Facebook collects from you, so we’ll just leave it at that.
Telegram is touted not only as the world’s fastest messenger, but also one that’s secure as well. Unlike all the other apps in this list, Telegram uses its own MTProto encryption protocol, which utilizes AES256, 2048-bit RSA, and Diffie-Hellman secure key exchange encryption algorithms.
Like Facebook Messenger and Google Allo however, Telegram does not have end-to-end encryption enabled by default and the Secret Chat option must be activated in order to activate end-to-end encryption. This is already a massive oversight by Telegram as users may not realize that a messenger touted as a secure one would need to use a special secure mode in order to utilize the true end-to-end encryption functionality. Further, although Telegram’s MTProto encryption is theoretically secure in that it hasn’t been broken, it has come under fire from numerous security researchers who aren’t so confident in its security.
Google Allo (Shutdown)
Google Allo is Google’s new smart messaging app which features integration with Google Assistant. Among its features is what’s called Incognito Mode, which activates end-to-end encryption using the Signal Protocol. Like Facebook Messenger’s Secret Conversations, Allo’s Incognito Mode isn’t enabled by default, but new chats or group chats can be initiated with encryption turned on.
In terms of security caveats, Google Allo is well up there with Facebook. With the exception of Incognito Mode, Google Allo actively reads all of your messages and stores them in order for its Google Assistant smart functionality to work. Like Facebook Messenger’s Secure Conversations, if Allo is the only app you’ve got, it’s better than nothing.
Update March 19, 2019
As of March 19, 2019, Google Allo has been shutdown. According to allo.google.com
"Allo has signed off. We said good–bye to Allo on March 12, 2019. During our time together, we brought you a smarter way to chat, with features like the Google Assistant, Allo for web and selfie stickers. We’re working to bring your favorite features to the Messages app so you can have richer conversations with all your friends. If you have an Android phone, we hope you’ll try Messages!"