A cybersecurity firm’s report stated that end-to-end encryption is not a perfect solution to messaging apps’ security.
This was stated in a report titled, “What Is Secure,” published by experts from agencies Tech Policy Press and Convocation Research and Design.
The researchers interviewed user groups in Louisiana in the United States and Delhi, India, to determine the strongest and weakest points of current messaging apps. Here are the popular apps examined:
- Apple iMessage
- Meta (Facebook) Messenger
- Messages by Google
- Signal
- Telegram
End-to-end encryption
TechTarget defines end-to-end encryption is a system that allows senders’ messages to be encrypted until decrypted by the receivers.
“End-to-end encryption (E2EE) is a method of secure communication that prevents third parties from accessing data while it’s transferred from one end system or device to another. In E2EE, the data is encrypted on the sender’s system or device, and only the intended recipient can decrypt it,” it explained.
The researchers explained that encrypted information can be taken from either the sender or receiver.
“Encrypted messaging won’t solve every problem a threatened user is having. Therefore, one needs to think through a strategy against motivated adversaries,” the cybersecurity firm said.
“Is there a risk of your phone being seized? A risk of you being forced to unlock it? Are you afraid that someone may try to obtain your data from the company that owns the app using litigation or a legal order? Or infect your phone with spyware? Would it be easier for the bad guys to try and extract that data from the person you’re chatting with?” it added.
According to the report, a person or a group’s private information can be taken with alternate methods. It said that ensuring security goes beyond encryption methods, and other measures must be taken.
How to safely use messaging app
Kaspersky then shared the following tips on how messaging app users can keep their information secure from cybercriminals who could steal information aside from hacking:
- Don’t make decisions blindly – Users must read documents that accompany messaging apps: terms of use, or transparency and government data sharing reports. They must also research carefully what the messaging service actually stores and where
- Carefully review the app settings – Users must turn on all the securest options
- Avoid hybrid modes – The paper recommends using messaging apps based on full encryption: Signal or WhatsApp.
- Disable link previews, geolocation sharing, and GIFs – Users are advised to turn off features, such as stories, bots or links to social networking services
- Messaging apps that work without a phone number are helpful – Users must take some effort to use your internal username or e-mail as your identifier when chatting
- Use disappearing messages – The recommended shortest visibility is 24-hous and auto-deleting messages is deemed helpful
- Encrypt chat backups – Any local backups should be encrypted
- Compare encryption keys with the people you chat with – Encryption keys can be verified for each chat by comparing codes or meeting face-to-face.
- Protect yourself against account hijacking by turning on two-factor authentication – Logging in to the same account on a new device requires an extra verification step.
- Train the people you chat with – Users are asked to avoid forwarding of confidential information, doing screenshots or other copies of the information in the chat. They must also supporting a culture of privacy within the community and use the app settings wisely. They are also recommended to Disabling potentially risky chat features.
The report said that Signal is the leader in terms of the most secure messaging app. However, it said that the requirement to share the phone number makes it complicated.
— Intern, Jose Angelo Ycasiano