As ads for secure messenger Signal go, this one is hard to beat. Trump’s senior officials using the encrypted app to discuss America’s attack on Yemen, whether or not war planes were actually shared, tells you that the platform is trusted by those that should know, notwithstanding mistakenly inviting a journalist along for the ride.
Signal is an end-to-end encrypted platform. It works excellently cross-device and does not harvest your metadata. But it’s still trickier to use than some other platforms —no iPhone backups for example, but it is quickly catching up. Signal’s main issue though is the size of its user base. Messaging apps are reliant on the network effect, the more people using it, the more people using it. Very few of your contacts will have the app.
That brings us to WhatsApp. The Meta-owned platform has done more to popularize end-to-end encryption than anyone, even if Apple was first to roll it out. WhatsApp trades on its security and privacy and its features are excellent. Yes, it’s part of Meta and so metadata is captured and used, but few seem to care and WhatsApp dismisses any differences to Signal. Its biggest benefit is its install base. With 3 billion users, almost everyone has it. Even in America, the last standout, WhatsApp is now surging.
America has always been iMessage’s home ground. It’s the one key market where Apple’s platform dominates, especially amongst key demographics. Unlike Signal and WhatsApp, iMessage uses a proprietary encryption protocol and not Signal’s, with the latter also used by platforms such as Google Messages and facebook Messenger. Apple’s security is excellent but only works within its own walled garden.
And so unless you only hang out with other Apple users, you need something else. That might change with RCS’s encryption upgrade which is coming soon. But we await details on timing and exactly how that will bridge iPhone and Android when it comes.
Facebook Messenger and Google Messages are also fully secured, but the former is too close to its mothership to be seen as a tier-1 secure platform and the latter only works Android-to-Android and is just a wrap around RCS. Telegram is the other non-Chinese billion-user-plus platform, but it’s not fully encrypted.
My advice is to use WhatApp as your daily secure messenger. For everyday use it’s broadly as secure as Signal when it comes to transmission, and broadly as vulnerable when it comes to inviting the wrong people into groups or endpoint compromises. That advice might change when RCS is fully encrypted. We need to wait and see. For any sensitive chats or groups, use Signal.
Meantime, some housekeeping. Set group chats so that only Admins can add (Signal) or need to approve (WhatsApp) new members. Do not enable groups links for anything serious or sensitive. And use disappearing messages for grown-up chats. All that said, there are no platforms that are bullet proof for sharing secrets. The weaknesses are human rather than technical. As ever in cyber, that’s the greatest threat.
