Messenger App Security & Privacy Guide- WhatsApp v iMessenger v Signal

Earlier this year, WhatsApp caused a stir when it announced that users would soon have to share data with Facebook as part of a new privacy agreement. In fact, one recent report in India’s Financial Express suggested that as many as 80% of current users were thinking of leaving. 

But is WhatsApp really any less secure than its rivals? And if you care about privacy, which mobile messenger should you be trying to convince your friends and family to move to? 

To help you decide, here’s a side-by-side comparison of the leading iOS and Android players, along with the nonprofit messenger everyone suddenly seems to be talking about…

WhatsApp

Owners: Facebook 

What is it? With an estimated 2 billion active users in January 2021, it’s the world’s most popular mobile messenger app. It tends to set the bar in terms of user features, including group chats for up to 256 participants, voice and video calls, in-app photos and videos, as well as a desktop app.

Security, Encryption and AuthenticationWhatsApp messages, calls, images and all items sent or shared are encrypted using the Signal end-to-end encryption protocol, which is an independently developed robust solution. WhatsApps app and implementation of the signal protocol is closed source so may be adapted. 

PrivacyWhatsApp says it cannot view the content of your encrypted messages. It does not have access to your private chats and calls, messages, contact information, shared location or WhatsApp group information. 

However, if you communicate with a business account on the platform, WhatsApp does have access to your phone number, device ID, location, details of transactions made over the app and details of products you’ve interacted with. It now wants to share this data with Facebook, presumably so you can be targeted with ads.

iMessage

Owners: Apple 

What is it? The onboard messenger app on iOS, it’s usually the go-to messenger if you and most of your friends are on Apple devices. Function-wise, other than some fun iMessage gimmicks (Animoji, for instance), the main difference between iMessage and WhatsApp is that Apple’s offering also supports SMS. 

Security, Encryption and AuthenticationiMessenger uses end-to-end encryption, so only you and the recipient can see your messages. Photos videos and attachments are similarly encrypted. However, Howtogeek recently highlighted a loophole in Apple’s system, linked to iCloud backup.

Most iPhone users tend to have iCloud Backups enabled by default. This means your messages are automatically backed up to iCloud and stored on Apple’s servers. The problem, though, is that the backups are not end-to-end encrypted. 

So in theory, Apple’s employees could see your messages, and so could someone who managed to obtain unlawful access to Apple’s servers. There’s also the theoretical possibility of Apple being forced to turn over a user’s message history by state authorities.  

So if you are uncomfortable about your messages being piled up somewhere in a readable state, the message is clear: disable iCloud Backups for iMessenger.

Privacy As Zak Doffman pointed out recently in Forbes, Apple’s privacy policy for iMessenger looks very different to the WhatsApp statement. This is especially true in light of the New Year WhatsApp policy change. 

On the WhatsApp list of data it collects (‘Data Linked To You’), there’s a long list of metadata, including your in-app purchase history, broad location, product interactions, user ID, payment info and more. 

By contrast, the only iMessage metadata Apple collects is the user’s email address, phone number, device ID and search history. None of the additional data iMessage collects can be linked to individuals; rather, it’s all about monitoring platform performance. This is a marked contrast to WhatsApp, which seems intent on carrying out pretty comprehensive metadata harvesting for the purpose of boosting advertising revenue.

Signal

Owners: The Signal Foundation, a California-based nonprofit whose stated aim is “Developing open source privacy technology that protects free expression and enables secure global communication.”

What is it? At the end of last year, Signal reportedly had 20 million users. Within just 12 hours of the WhatsApp privacy policy change, the user based had swelled by a further 2 million. Essentially, it’s a cross-platform app with all the basic functions you would expect from a messenger (one-to-one and group messaging, groups, voice and video calls, and file sharing), but with a strong focus on privacy and security. 

Examples include disappearing messages, a Screen Security feature, which prevents screenshots being taken of chats, and the Incognito Keyboard setting, which stops your keyboard from saving and remembering what you type. In the midst of last year’s BLM protests, it even added an in-app tool to automatically blur faces in photos, to help participants share images of demonstrators.

Security, Encryption and AuthenticationLike WhatsApp, it uses the Signal end-to-end encryption protocol which is robust, and in this case open source and subject to public inspection. 

PrivacyUnlike WhatsApp or iMessenger, Signal does not collect ANY data. In fact, the only information it has is your phone number.

The verdict

Twitter CEO, Jack Dorsey, Elon Musk and Edward Snowdon are just a few of the high-profile advocates of Signal. 

But perhaps most interesting, The Verge carried a recent article which voiced the concerns of past and present Signal employees. They were suggesting that if extremists started using the app as their messenger of choice, there would, at present, by virtually no way of policing it. In other words: Signal’s so effective at user privacy protection, it’s almost TOO good! For the ordinary, privacy-conscious user though, it’s a clear winner and my current recommendation for a messenger with a security and privacy focus.

CATEGORIES
  • Brian says:

    Hi Nathan, thanks for the comparison article.
    I recently read an article about a possible backdoor vulnerability in Signal. Here’s a link: https://www.zerohedge.com/political/court-docs-show-fbi-can-intercept-encrypted-messages-signal-app

    Also, how would telegram rank in your comparison?
    Thanks,
    Brian

  • blindside0x01 says:

    Great article

  • Obrightman Otabor says:

    Thanks for the update!

  • Marc says:

    Interesting overview, thanks!
    One serious contender that is missing form this comparison is threema (swiss made), which I have been using for years. Yes, it costs a few euros, but I think that is totally worth it. (one time purchase of 3.99 currently I think). From what I have read they always came away as a very strong contender, would really be interested in your professional opinion of their messanger app. And being swiss, they are neither subject to US or EU government agency interference either, if anybody cares about that.

  • Luke says:

    The last chart is from niebezpiecznik! You read Polish? 😀

  • >