Secure messaging apps are becoming an increasingly necessary tool to protect your privacy online. Almost everything you do online can be tracked in some way — including your seemingly “private” conversations.
That’s where our recommended secure messaging app, WhatsApp, comes into play. Its end-to-end encryption guarantees all your conversations remain private from prying eyes, and its global popularity and broad feature-set make it the best choice for most users.
Why is secure messaging important?
The internet is an everyday part of billions of lives across the world. The world’s collective knowledge is at our fingertips, and we are more connected digitally than ever before.
But that comes at a cost.
Our digital lives leak details about our browsing habits, purchasing preferences, and other information that can be used by companies, internet service providers, hackers, law enforcement, and governments.
It’s also becoming clear that governments (both domestic and international) are actively pursuing intelligence gathering and surveillance methods. United States National Security Agency (NSA) documents leaked by Edward Snowden reveal government-sponsored surveillance programs, such as PRISM, which collect emails, chats, photos, and other online communication from companies like Microsoft, Yahoo, and Google.
This level of data gathering, whether benign or sinister, should give internet users pause. Whether we like it or not, our digital interactions are not as private as we’d like to think.
Thankfully, as the internet has evolved, so have messaging apps and other privacy tools.
Messages that were once sent in plain text now use end-to-end encryption. If done correctly, end-to-end encryption protects any conversations from being viewed by third parties, including law enforcement, governments, hackers, and even the company providing the messaging service.
In short, secure messaging apps provide a way to protect your privacy online.
Here’s how we chose our recommended app.
- Design and Ease of Use: Does the design enhance or hinder the user experience? How easy is it to create an account, connect with other users, and send messages?
- Identification System: How do other users identify you? What information is required to create an account?
- Popularity: Are people in your network already using the app? How hard will it be to get others to install it?
- Security Features: What type of encryption is used? Are there any other security features?
- Price and Business Model: How much does the app cost? If free, how does the company sustain itself?
- Standout Features: What features make it stand out compared to the other apps tested?
WhatsApp: Our Recommended Secure Messaging App
WhatsApp is our recommended pick because of its overwhelming popularity and a feature-set that make it an ideal messaging app for most users.
Design and Ease of Use
The design of WhatsApp is straightforward and functional. It looks and feels like a native app, which appears to be an intentional design decision.
You’ll notice the chat and settings screens are almost identical to their iOS equivalents. Anyone familiar with the stock Messages app will be right at home in WhatsApp.
There are a variety of methods secure messaging apps use for logging into an app and identifying other users.
- Phone number
- Unique username or other ID
- Email address
WhatsApp supports the most common method of using a phone number. When first creating an account, you’re prompted to enter yours. Because WhatsApp uses a phone number as a unique identifier, it can then quickly show you which users in your contacts are also WhatsApp users.
If you require chatting with other users without sharing your phone number or need an app with other login methods, we recommend Wire — one of our runner up picks.
Not many apps can claim one billion users.
Fortunately for all of us, WhatsApp can. This makes WhatsApp one of the world’s most popular messaging apps — a fact that shouldn’t be taken for granted.
Secure chats only work if everyone involved uses the same app. With that large of a user base, it’s much easier to achieve critical mass among friends and family with WhatsApp.
Chances are high WhatsApp will be the most popular messaging app among your contacts. This makes having secured, encrypted chats much easier when you don’t have to ask people to install a new app. And in situations where you do, WhatsApp’s popularity and feature-set are strong selling points.
The most critical piece of secure messaging apps is the underlying technology used for encryption. Strong encryption ensures your conversations can only be seen by the intended people and no one else.
One of the best security features of WhatsApp is that it implements end-to-end encryption using the highly respected Signal protocol from Open Whisper Systems.
We have found no major flaws in the design, and hope that our presentation and results can serve as a starting point for other analyses of this widely adopted protocol.
Assuming all recipients are using supported versions, your chats will have end-to-end encryption enabled automatically. You can confirm this by looking for the notification at the beginning of a chat or by looking at the chat’s info screen.
For additional security, you can verify the identity of another user by comparing security codes. This ensures the person you’re messaging is who they say they are and not someone pretending.
WhatsApp is also one of the few apps reviewed that supports two-factor authentication. So when re-installing the app, you’ll be required to enter a six-digit passcode in addition to verifying your phone number.
Price and Business Model
In a January 2016 blog post, WhatsApp announced the app would be free and would no longer charge an annual subscription.
That announcement also shared some details about their monetization strategy.
Starting this year, we will test tools that allow you to use WhatsApp to communicate with businesses and organizations that you want to hear from. That could mean communicating with your bank about whether a recent transaction was fraudulent, or with an airline about a delayed flight.
Facebook bought WhatsApp in 2014 and appears to be following a similar monetization strategy as Facebook Messenger and Instagram. Their focus is on monetizing businesses as opposed to consumers and are in the early stages of piloting WhatsApp for Business.
One thing that sets WhatsApp apart from other secure messaging apps is how robust the app is.
Not only does it include features and settings for the security conscious, but also for the everyday user. Features like read receipts, a typing indicator, the ability to archive or mute conversations, block contacts, and star messages for quick viewing later.
There’s also a comprehensive number of settings that let you fine tune the experience:
- Privacy: Who can see when you were last online, your profile picture, about info, or status.
- Notifications: Choose a different sound for both message and group notifications and whether a preview is displayed or not.
- Auto-Download: Set if photos, audio, videos, and documents are automatically downloaded via Wi-Fi and cellular data, Wi-Fi only, or never. This is a great feature for those on limited data plans.
In addition to the typical individual and group messages (up to 256 contacts), WhatsApp has a unique feature called Broadcast Lists. No other app tested had a similar feature.
From the sender’s perspective, a broadcast message is like sending a group message. The difference is that the recipients see the message as if sent to them directly. So replies go directly to the sender instead of the entire group. It’s a lot like sending emails using the BCC field and is handy when you need to share information with a group, but don’t need a group conversation around it…or if you don’t want everyone being bombarded with replies (sadly, we’ve all been there).
However, it’s worth noting the web and desktop clients only work if your phone has an active internet connection. If your phone is in airplane mode or turned off, you won’t be able to use WhatsApp on your computer.
While this shouldn’t be an issue for most users, those requiring a desktop client without a phone restriction should look at our runner up picks for an alternative.
Inevitably, you’ll find yourself switching phones, reinstalling the app, restoring from a backup, or wanting to add a second device.
WhatsApp supports optional backups (including images and videos) using two different methods:
- Export specific conversations as a plain text file with or without media. This is done through iOS’ share sheet.
- Back up everything using your iCloud account either manually or automatically at a set interval (daily, weekly, monthly).
Keep in mind, both options store your chat data unencrypted. Anybody with access to your exported chats on your computer or in iCloud can view them (including Apple or law enforcement).
Sensitive conversations should never be backed up using this feature.
Signal and Wire: Our Runners-Up
Both of these apps have several features in common:
Messages can be set to delete themselves from chat history after being read. Signal supports delays from five seconds to one week. Wire’s max delay is one day.
Untethered Desktop Apps
Where WhatsApp requires an active phone internet connection to use their web and desktop apps, Signal and Wire don’t. Even if your phone is offline, messages sent from the web or desktop apps will still be synced to your phone once an internet connection is re-established.
This includes their encryption protocols and mobile/desktop apps. Signal even open-sources their server code. This gives others an inside look at the underlying security implementation. Any issues found can then be immediately fixed for further review.
No Chat Backups
Unlike WhatsApp, there’s no ability to export or backup chat conversations. To some, this is a worthwhile feature. Each time you install the app or restore from an iTunes backup, your conversation history is reset.
If you are looking for the utmost security and privacy, Signal is your best bet.
Developed by Open Whisper Systems, Signal is arguably the most well-known, trusted, and talked about secure messaging app thanks to a vocal user base among the security and privacy conscious.
Signal strives to collect as little user information as possible. It only collects what’s needed to securely send messages and deletes any data as soon as it’s no longer needed.
Should Signal be required to share information with law enforcement or the government, there’s literally nothing relevant to share. Your identity is safe since there’s no record of who you’ve messaged, what was said, where you’re located, or anything else personally identifiable.
Wire is a fantastic alternative for users requiring anonymity and sits between Signal and WhatsApp in terms of features.
Here are some things that stand out about Wire:
Phone Number Not Required
Where both WhatsApp and Signal require a phone number, Wire doesn’t. Wire supports account creation using either a phone number or an email address.
You connect with other users by searching for their display name, username, or let Wire find them from your phone’s contacts. Both the display name and username are set when you first create an account. They can be changed at any time.
The ability to set a unique username increases your anonymity. You can chat with other users without having to share your phone number — either with Wire or other users.
Synced Message Edits and Deletes
A unique feature of Wire is the ability to sync edited and deleted messages across all participants. So spelling mistakes can be edited before you’re judged by your grammar friends. To access this feature, long press a specific message.
Edited and deleted messages are marked in the chat history with a pencil and trash can icon, respectively.
A Pleasant User Experience
Wire is the most design-focused app we tested compared to the utilitarian style used by most secure messaging apps. The subtle use of color, typography, icons, and background blurring lead to a pleasant user experience.
The design, features shared above, and additional support for sending hand-drawn doodles, integrated Giphy search, and voice memos with optional effects (alien, robot, etc.) also make Wire one of the more well-rounded messaging apps tested.
Lastly, there is iMessage, Apple’s own messaging service for iOS and macOS users. If you and everyone in your life are an iPhone users, it’s a great option, as it features secure, end-to-end encryption, as well as lots of creature comforts like stickers and apps.
However, as Apple baked this into its operating system, messages fall back to SMS for non-iPhone users of if Apple’s iMessage servers are unavailable. This means less secure messages can be inner-mixed with secure ones, which is less than ideal. There’s no way to encrypt these messages, and in the case where the iMessage service fails for some reason and defaults to SMS, Apple just sends the message, without a warning or chance to stop the message being sent without the encryption the iMessage service offers.
It’s impressive how well Apple has quietly taken over texting on the iPhone with iMessage, but the ability to send an SMS on purpose or even accidentally makes the whole thing feel less secure than something dedicated like Whatsapp or Signal.
The choice of secure messaging app comes down to your priorities.
WhatsApp, our recommended app, is the best option for most users. It’s a full-featured messaging app with strong encryption and widespread popularity, making it the easiest to adopt.
Wire is the best option for those requiring anonymity. You can chat with other users and create an account without sharing a phone number.
With how mainstream secure messaging apps have become, there’s no reason why all your conversations can’t be end-to-end encrypted.