Secure messaging apps comparison
Compare encrypted messaging apps for Android and iOS including WhatsApp, Signal and more.
We’re reader-supported and may be paid when you visit links to partner sites. We don’t compare all products in the market, but we’re working on it!
Choosing the right encrypted app can be tricky. There are pros and cons to each software and security is likely to be a key consideration. However, it's not the only factor in picking the right application for your needs. Let's take a look.
Compare secure messaging apps
What's the difference between encrypted and unencrypted messaging?
Use of encryption technology in a messaging app means that data is secure and unreadable. This is one of the best methods to protect messages, documents and files from unauthorised access within an organisation or from the outside world.
Public key encryption, which helps to secure the information by translating it into ciphertext, is one of the most common methods of encrypting data. For example, WhatsApp uses AES-256 bit encryption and the messages are scrambled. After the messages are scrambled, they are combined with an HMAC-SHA256 secured authentication process for the key verification and the messages are exchanged.
Unencrypted data has a higher probability of getting hacked, as it is easier when compared to encrypted data. When data is unencrypted, someone can theoretically gather information on your router, laptop, mobile and more, and get access to your data.
Key features to look for in a secure messaging app
Secure messaging apps should have the following features:
- End-to-end encryption
End-to-end encryption ensures that private chat messages are mixed up, and the keys required for decoding are only available to the sender and recipient of the messages. This means that the messages can be deciphered by no-one but you and the person you are talking to. After Edward Snowden leaked sensitive information about the National Security Agency (NSA) global surveillance program, tech giants including Apple, Facebook and Google invested in and now use heavy encryption techniques.
- Open source code
Open source code is accessible to anyone to modify or inspect. Any security vulnerabilities in open source software are publicly visible, as opposed to proprietary software which is kept secret by the business that owns it. If a vulnerability is found in software, hackers can potentially breach it and data can be seen without the knowledge of the user. If software is open source, it can mean that vulnerabilities are found and fixed quicker than in proprietary applications as the public has access to the software code.
The best example of a closed source vulnerability is EternalBlue, which was a Microsoft Windows vulnerability. EternalBlue was developed by the NSA using the Server Message Block (SMB) protocol to get into machines and spy on them. In 2017, the hacking group known as Shadow Brokers leaked this vulnerability and made it public. After the disclosure, Microsoft provided a patch for the Eternal Blue vulnerability.
- Data collection
While several messaging applications have started to use end-to-end encryption, many applications gather information, or metadata, about the user. Metadata can be described as the e-fingerprint which contains all the information your device holds, including the user's contact list, how long the user is on the application, the media access control (MAC) address of the application, IP address and location.
You may wish to select a secure messaging app that doesn't collect much or any user data.
- Data usage
Data usage is one of the major factors when choosing a secure messaging application. Zangi, for example, is an application that uses end-to-end encryption like WhatsApp, but only consumes roughly 216KB (versus the 310KB used by WhatsApp) for a one minute voice call. In low data usage mode, it consumes 134KB per minute, as opposed to 204KB on WhatsApp.
How to compare secure messaging apps
There are many factors to compare when selecting a secure messaging app:
- Encryption technology/protocols used
There are many encryption technologies such as symmetric encryption techniques like MTProto, Diffie–Hellman key exchange, Rivest-Shamir-Adleman (RSA) and Advanced Encryption Standard (AES). WhatsApp uses AES, Telegram uses MTproto and Signal uses Signal protocol which was previously called TextSecure Protocol. It depends upon the user which protocol suits them. To make a decision from a technical perspective, it is important to know how many bits are being used by each and every protocol.
- Open source or closed source?
People concerned about cybersecurity tend to prefer open source technology because it's more transparent and the code is publicly available. An example of open source software is Signal. A closed source application's code is not available, so nobody can analyse it and nobody knows what the application code may be doing behind the user's back. There are many closed source secure messaging applications, such as WhatsApp and Telegram.
- Application features
Features may differ from application to application. For example, WhatsApp, Telegram and Signal allow users to send self-destructing messages. This allows the user to control the visibility of the message, and after some time the message will disappear. Some applications offer group chat features and anonymous sign-ups, which may be more or less important to you.
- Metadata encryption
Metadata encryption can be important as your metadata contains data such as your device location and the MAC address. Metadata encryption is provided by very few apps in the market such as Signal, Threema and Wickr. Other applications such as WhatsApp, Google Messages and Apple iMessages don't encrypt metadata.
Pros and cons of using a secure messaging application
- End-to-end encryption. All the encrypted messaging application uses end-to-end encryption which means the data cannot be read by anyone except the sender or the receiver. All the sensitive information can be shared without hesitation as the data is encrypted and cannot be hacked, such as by a man-in-the-middle attack.
- Open source. Most of the time the secure messaging application is fully open source, and ethical hackers are making it more secure by identifying the vulnerabilities.
- Security-focused features. Secure messaging apps will usually include features like self-destructing messages which may be useful to you.
- Not 100% secure. Now and then, vulnerabilities are still found in secure application codes. In May 2020, the cybersecurity company Tenable found a vulnerability in the secure messaging messenger Signal which could allow hackers to potentially track the location of a user.
How secure is texting and non-encrypted messaging?
Secure texting is essentially text which is being transmitted as an encrypted message. An encrypted message is generally called ciphertext. Encryption is the process of converting plaintext to ciphertext using encryption algorithms which can only be seen by the parties who have the decryption key, so the data cannot be tampered with.
When a message is transmitted without any encryption, the data can be seen by anyone as the data is unprotected. The verification and the authenticity of the user is difficult to determine in non-encrypted messages.
Secure messaging applications are generally safer to use and provide more user privacy than non-encrypted applications. When you use a non-encrypted application, any attacker can eavesdrop on the conversation by performing a man-in-the-middle attack.
Non-encrypted data is also susceptible to session hijacking, which is when a hacker takes over a user session and can gain access to whatever the user was authorised to do during that session.
The details of the user can also easily be hacked and can be sold on the dark web. If the transmission of the data or message is completed, then the data of the user is at high risk as the information can be read by the vendor, as it is not encrypted.
It's crucial to stay updated about cybersecurity and how it relates to the apps you use, as the information technology and the cybersecurity world is ever-evolving. Choosing a messaging application is a big decision, but by knowing how to compare apps, you can protect your data and privacy.
Frequently asked questions
Which is more secure: email or a messaging app?
Email and messaging are equally secure forms of communication. The issue lies in the application used for email or messaging and how secure it is. For emails, secure applications like ProtonMail exist which are open source, use end-to-end encryption and are protected under Swiss law. Secure messaging applications include Signal, Telegram and Wickr.
Can encrypted messages be decrypted?
No, encrypted messages cannot be decrypted as they are scrambled when they leave the sender's device. The scrambled message can only be decrypted by the receiver device. It's next to impossible to decrypt an encrypted message, as the attacker cannot gather the private key or the shared key necessary to decrypt it.
More guides on Finder
Cryptocurrency staking guide: How to stake coins for rewards
Staking is one of the most popular ways to earn an income with cryptocurrency – learn how to get started with this guide.
Identity theft cost Aussies $3.1 billion in one year
Identity theft is costing Australians billions of dollars a year according to a recent analysis by Finder, Australia’s most visited comparison site.
Find out your credit score using Credit Simple
How to find out your credit score using this free tool.
Best password managers for Mac 2021
With so many password managers available, find out how to select the best one for your Mac.
Best free password managers for 2021
Protect your online identity and get peace of mind with these free password managers.
Best enterprise password managers for 2021
Enterprise password managers are an essential cybersecurity tool. We compare the top 5 so you don’t have to.
We review LastPass' features and compare it to competitors.
How to compare gold storage options and find a secure solution that works for you.
Best ultrabooks in Australia
These are the best ultrabooks currently on the market here in Australia.
Robinhood vs eToro
Both eToro and Robinhood offer $0 brokerage stock trading, but eToro has more options for active traders. We compare.
Ask an Expert