Compare secure messaging apps 2021 | Signal, WhatsApp & more | Finder

Secure messaging apps comparison

Compare encrypted messaging apps for Android and iOS including WhatsApp, Signal and more.

We’re reader-supported and may be paid when you visit links to partner sites. We don’t compare all products in the market, but we’re working on it!

Choosing the right encrypted app can be tricky. There are pros and cons to each software and security is likely to be a key consideration. However, it's not the only factor in picking the right application for your needs. Let's take a look.

Compare secure messaging apps

Data updated regularly
Name Product End-to-end encryption Encrypted by default Can the company read your messages? Self-destructing message Open source app & server Does the app collect user data?
WhatsApp
WhatsApp
Yes
Yes
Yes
Yes
No
Yes
Signal
Signal
Yes
Yes
No
Yes
Yes
Yes
iMessage
iMessage
Yes
Yes
No
No (self descruct is only for video and audio files)
No
Yes
Telegram
Telegram
Yes
Yes
Yes
Yes
No
Yes
Wire
Wire
Yes
Yes
No
Yes
Yes
Yes
Threema
Threema
Yes
Yes
No
No
Yes
No
Wickr
Wickr
Yes
Yes
Yes
Yes
No
No
Viber
Viber
Yes
Yes
No
Yes
No
Yes
loading

Compare up to 4 providers

What's the difference between encrypted and unencrypted messaging?

Use of encryption technology in a messaging app means that data is secure and unreadable. This is one of the best methods to protect messages, documents and files from unauthorised access within an organisation or from the outside world.

Public key encryption, which helps to secure the information by translating it into ciphertext, is one of the most common methods of encrypting data. For example, WhatsApp uses AES-256 bit encryption and the messages are scrambled. After the messages are scrambled, they are combined with an HMAC-SHA256 secured authentication process for the key verification and the messages are exchanged.

Unencrypted data has a higher probability of getting hacked, as it is easier when compared to encrypted data. When data is unencrypted, someone can theoretically gather information on your router, laptop, mobile and more, and get access to your data.

Key features to look for in a secure messaging app

Secure messaging apps should have the following features:

  • End-to-end encryption

End-to-end encryption ensures that private chat messages are mixed up, and the keys required for decoding are only available to the sender and recipient of the messages. This means that the messages can be deciphered by no-one but you and the person you are talking to. After Edward Snowden leaked sensitive information about the National Security Agency (NSA) global surveillance program, tech giants including Apple, Facebook and Google invested in and now use heavy encryption techniques.

  • Open source code

Open source code is accessible to anyone to modify or inspect. Any security vulnerabilities in open source software are publicly visible, as opposed to proprietary software which is kept secret by the business that owns it. If a vulnerability is found in software, hackers can potentially breach it and data can be seen without the knowledge of the user. If software is open source, it can mean that vulnerabilities are found and fixed quicker than in proprietary applications as the public has access to the software code.

The best example of a closed source vulnerability is EternalBlue, which was a Microsoft Windows vulnerability. EternalBlue was developed by the NSA using the Server Message Block (SMB) protocol to get into machines and spy on them. In 2017, the hacking group known as Shadow Brokers leaked this vulnerability and made it public. After the disclosure, Microsoft provided a patch for the Eternal Blue vulnerability.

  • Data collection

While several messaging applications have started to use end-to-end encryption, many applications gather information, or metadata, about the user. Metadata can be described as the e-fingerprint which contains all the information your device holds, including the user's contact list, how long the user is on the application, the media access control (MAC) address of the application, IP address and location.

You may wish to select a secure messaging app that doesn't collect much or any user data.

  • Data usage

Data usage is one of the major factors when choosing a secure messaging application. Zangi, for example, is an application that uses end-to-end encryption like WhatsApp, but only consumes roughly 216KB (versus the 310KB used by WhatsApp) for a one minute voice call. In low data usage mode, it consumes 134KB per minute, as opposed to 204KB on WhatsApp.

How to compare secure messaging apps

There are many factors to compare when selecting a secure messaging app:

  • Encryption technology/protocols used

There are many encryption technologies such as symmetric encryption techniques like MTProto, Diffie–Hellman key exchange, Rivest-Shamir-Adleman (RSA) and Advanced Encryption Standard (AES). WhatsApp uses AES, Telegram uses MTproto and Signal uses Signal protocol which was previously called TextSecure Protocol. It depends upon the user which protocol suits them. To make a decision from a technical perspective, it is important to know how many bits are being used by each and every protocol.

  • Open source or closed source?

People concerned about cybersecurity tend to prefer open source technology because it's more transparent and the code is publicly available. An example of open source software is Signal. A closed source application's code is not available, so nobody can analyse it and nobody knows what the application code may be doing behind the user's back. There are many closed source secure messaging applications, such as WhatsApp and Telegram.

  • Application features

Features may differ from application to application. For example, WhatsApp, Telegram and Signal allow users to send self-destructing messages. This allows the user to control the visibility of the message, and after some time the message will disappear. Some applications offer group chat features and anonymous sign-ups, which may be more or less important to you.

  • Metadata encryption

Metadata encryption can be important as your metadata contains data such as your device location and the MAC address. Metadata encryption is provided by very few apps in the market such as Signal, Threema and Wickr. Other applications such as WhatsApp, Google Messages and Apple iMessages don't encrypt metadata.

Pros and cons of using a secure messaging application

Pros

  • End-to-end encryption. All the encrypted messaging application uses end-to-end encryption which means the data cannot be read by anyone except the sender or the receiver. All the sensitive information can be shared without hesitation as the data is encrypted and cannot be hacked, such as by a man-in-the-middle attack.
  • Open source. Most of the time the secure messaging application is fully open source, and ethical hackers are making it more secure by identifying the vulnerabilities.
  • Security-focused features. Secure messaging apps will usually include features like self-destructing messages which may be useful to you.

Cons

  • Not 100% secure. Now and then, vulnerabilities are still found in secure application codes. In May 2020, the cybersecurity company Tenable found a vulnerability in the secure messaging messenger Signal which could allow hackers to potentially track the location of a user.

How secure is texting and non-encrypted messaging?

Secure texting is essentially text which is being transmitted as an encrypted message. An encrypted message is generally called ciphertext. Encryption is the process of converting plaintext to ciphertext using encryption algorithms which can only be seen by the parties who have the decryption key, so the data cannot be tampered with.

When a message is transmitted without any encryption, the data can be seen by anyone as the data is unprotected. The verification and the authenticity of the user is difficult to determine in non-encrypted messages.

Secure messaging applications are generally safer to use and provide more user privacy than non-encrypted applications. When you use a non-encrypted application, any attacker can eavesdrop on the conversation by performing a man-in-the-middle attack.

Non-encrypted data is also susceptible to session hijacking, which is when a hacker takes over a user session and can gain access to whatever the user was authorised to do during that session.

The details of the user can also easily be hacked and can be sold on the dark web. If the transmission of the data or message is completed, then the data of the user is at high risk as the information can be read by the vendor, as it is not encrypted.

Bottom line

It's crucial to stay updated about cybersecurity and how it relates to the apps you use, as the information technology and the cybersecurity world is ever-evolving. Choosing a messaging application is a big decision, but by knowing how to compare apps, you can protect your data and privacy.

Frequently asked questions

Which is more secure: email or a messaging app?

Email and messaging are equally secure forms of communication. The issue lies in the application used for email or messaging and how secure it is. For emails, secure applications like ProtonMail exist which are open source, use end-to-end encryption and are protected under Swiss law. Secure messaging applications include Signal, Telegram and Wickr.

Can encrypted messages be decrypted?

No, encrypted messages cannot be decrypted as they are scrambled when they leave the sender's device. The scrambled message can only be decrypted by the receiver device. It's next to impossible to decrypt an encrypted message, as the attacker cannot gather the private key or the shared key necessary to decrypt it.

More guides on Finder

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms of Use, Disclaimer & Privacy Policy and Privacy & Cookies Policy.
Go to site