Messenger Apps
Avast compares the messenger services
Long gone are the days when text messages dominated the communication with friends and family. The advantages of multimedia messaging apps have led us to move away from the simple text service. Instead, we use apps with which, in addition to chatting, we can also make calls, form groups and send photos, videos, music and much more.
WhatsApp and its new terms of use
In early January, WhatsApp made headlines with an update to its Terms of Use and Privacy Policy. The users were not enthusiastic about the changes, nor about how their data will be treated from now on. The main criticism is that WhatsApp can collect data such as contacts, commercial data, device IDs, IP addresses and other information that is directly connected to users in certain countries and pass them on to Facebook.
72 hours after WhatsApp’s new terms were released to its users, Telegram reported an increase of 25 million new users. The messenger now has a total of 500 million chatters worldwide. In addition, influential opinion leaders like Julian Assange and Elon Musk emphasize their recommendations on using Signal, an encrypted and cross-platform messaging service with an emphasis on privacy and security. Because of the concerns, WhatsApp says it will never read conversations, overhear calls, or reveal the locations of chats. No records of interactions should be saved within the app or shared with Facebook. Although the company plans to revise its Terms of Use by May 15, user churn continues.
What is Signal different?
Most messaging apps today use some form of encryption. This helps protect messages and ensures that no third party can read conversations. When a text messaging service uses end-to-end encryption, the information sent is encrypted from the moment the user taps Send until it is received on the other party’s target device. WhatsApp, Facebook Messenger, Skype and many other messengers use the so-called signal protocol. This cryptographic protocol enables end-to-end encryption for voice calls, video calls, and instant messaging conversations. However, some platforms like WhatsApp sacrifice some security in favor of certain features. This includes the integration of a GIF keyboard that is provided by external providers. As a result, the encryption is no longer completely end-to-end.
The development of the Signal protocol was started by the crypto engineer Trevor Perrin and Moxie Marlinspike, the inventor of Signal. The fact that the app creator helped develop what is now the most widely used protocol is what makes Signal popular in the cybersecurity community. There are also the following advantages:
- Signal is very easy to use and offers just as user-friendly functionality as the other platforms on the market.
- Bad lines of code in open source code can be identified and fixed immediately by the Signal developer community.
- Unlike other apps, Signal not only encrypts messages and calls, but also the metadata, which protects users’ personal data. The only data that is stored is the date the account was created and the date the user was last connected to the Signal server.
- The app is available free of charge for both Android and iOS and is free from the influence of commercial companies. Instead, the non-profit organization behind it is financed through donations. So in the current era of privacy concerns, it’s a perfect complement to the other messenger apps available.
Unexplained design decisions at Telegram?
Telegram also offers end-to-end encryption. However, this does not apply by default, but only in “secret chats”. The normal cloud chat messaging system stores messages and the address book on Telegram’s servers and backs them up in a cloud. Therefore, the company could potentially gain access to users’ messages and contacts.
The app also uses its own protocol called MTProto instead of the Signal protocol. Although no security warning is known for the protocol, there are some unusual choices in the design of the protocol. On the one hand, the app uses an encryption mode that has received little recommendation from the security industry due to a lack of tests. On the other hand, Telegram uses an encryption method that is not forgery-proof. Even if neither is ideal, MTProto itself can be considered sufficiently safe. Nevertheless, the security community therefore usually gives priority to signal with regard to security. Apart from that, the app is also free and funded by donations and users can add a user on Telegram without needing their phone number.
Tracking of Telegram users
The researcher Ahmend Hassan recently found out that Telegram users can be located very precisely without their knowledge. If the users activate “people nearby”, they will see other Telegram users in their vicinity. The function must be switched on consciously, but many users still use it. With the appropriate technical know-how, tracking down people using such apps could add a completely new dimension to Cyberstalking enable.
Conclusion and tips on choosing a messaging app
Both the Signal protocol used by Signal and the MTProto used by Telegram, in a secret chat, offer complete end-to-end encryption. This means that neither Telegram nor Signal, nor any telephone company or government agency, can read users’ messages. Only the sender and the recipient are able to decrypt what has been written on both sides. When choosing the right messaging app, security and data protection should also play a role in addition to personal preferences. The following recommendations can help you choose a safe messenger while protecting your privacy:
- The messaging service should use end-to-end encryption.
- Users should review the service’s privacy and security policies prior to installation.
- Both the settings of the applications and those of your own device must be checked.
- Permissions should only be granted very restrictively. For example, does your own location always have to be activated?
- Two-factor authentication is mandatory.
- The visibility of personal information should be limited to your own contacts.
- Updates should be installed as soon as possible to reduce the risk of a data breach.
- Some applications make it possible to verify the identity of your contact. For this, both users have to synchronize a code that their phones generate. This is cumbersome, but then guarantees the identity of the conversation partner.
–
