Convenience & security: rating of the most secure popular messengers
11.05.2016
Today messengers rightfully occupy a worthy place among the most used office software and tools for business communication. Every company determines what software should be used by staff to keep in touch with colleagues, partners and customers, and sometimes allows employees to make these choices on their own. In addition to user-friendliness, today, when video cameras, wireless mice, fitness trackers, smart cars and even toilets can be easily hacked, the security of communication tools comes to the fore.
Analytics Center of Falcongaze, a vendor of software solutions in the field of data leak prevention via various channels (email, social networks, instant messengers, USB devices, etc.), has made a rating of the most popular instant messengers, grounding on their level of security.
The rating was based on two criteria: the popularity of messengers among users and their security. Security, in turn, was evaluated by two main factors: if the protocol open or closed and whether end-to-end encryption is implemented (when encrypted data are transmitted from one device to another directly, without intermediaries). In addition, information about vulnerabilities in instant messengers, obtained from public sources, was taken into account as well.
Yahoo! Messenger with all the bells and whistles of popular instant messengers closes the top ten. The protocol, as well as the code of Messenger, is not open, users do not have an opportunity to verify contacts' identities, there is no end-to-end encryption. However, the experts of Falcongaze Analytics Center give credit to the Yahoo! Messenger developers for fixing security vulnerabilities and assign the tenth position to the messenger.
A popular application (100 Million daily active users), which is more known for its photo and video messages than standard text chats – Snapchat – occupies the ninth position in the Falcongaze’s rating. It is an instant messaging application that allows users to send self-deleting messages to one another. Snapchat’s code is closed. As for encryption, all the messages are encrypted in transit. To encrypt the information exchanged between users Snapchat uses the same key for every message, which does not provide full security. In addition, Snapchat has gone through major cybersecurity challenges since 2011, for example in 2014 personal credentials of 4.6 million U.S. Snapchat users, such as phone numbers and usernames, were made public on a website.
However, the vendor of Snapchat took measures to eliminate security vulnerabilities, introduced two-factor authentication and initiated reporting about its transparency. Moreover, Snapchat initiated a bug bounty program that encourages researchers to find and report security vulnerabilities in the application. In addition, it has recently been reported that Snapchat is currently working on stronger encryption technology, so it has a good chance of occupying a higher position in the rating of Falcongaze in the future.
Messenger of social network, which is among the five most visited web sites in the world – Facebook Messenger – is located just above. This messenger does not provide end-to-end encryption when only the people communicating can read the messages. In addition, Facebook Messenger previously appeared in the center of the scandal since during the installation it requested permission to use the microphone on a user’s device to record audio at any time and without their confirmation. If a user inadvertently gave permission to do so, the messenger had the opportunity to not only record audio, but also take photos and videos at any time and without confirmation from a user. This mobile messenger ranks eighth in the list.
Simple enough to use Google Hangouts encrypts all the information, including video conferences. However, as in the case of the messenger, which took the eighth place in the list, the data are encrypted only when transmitted from a device to the developer's server and from the server to the user's interlocutors. That means that when they get to the server, there are no security guarantees. This encryption is called in transit and does not protect conversations of Hangouts followers from falling into the hands of third parties. The seventh position gets the messenger of Google company.
BlackBerry Messenger (BBM) is an instant messaging app that allows users to exchange text messages, make voice calls, photo, file and location sharing. It has no end-to-end encryption, users have no opportunity to verify contacts' identities and the code is not open-source.
Nevertheless, it must be mentioned that in the beginning of April 2016, BlackBerry announced that some key BBM privacy features would become free for all users. After the update users will be able to use Retract, which allows them to delete a message from both the sender and recipient, and Timer, which set limits on how long a message or photo can be viewed, for free. What is more, the message editing and Private Chat, a feature that removes names and avatars from the chat window, will become available at all platforms. BlackBerry Messenger occupies the sixth position in the rating of Falcongaze’s experts.
Good old Skype, which has been used for years by both individual and corporate users due to its convenience and vast possibilities, actually turns out to be not so good. The protocol of this messenger is closed, so it is difficult to assess security measures laid down by developers, and encryption used in Skype does not provide adequate protection. Once in 2011 Skype was bought by Microsoft, the fact that the security services have access to the correspondence of users, is not especially withheld. For high user loyalty and the presence of encryption Skype is awarded with the fifth place.
At "LINE Conference Tokyo 2016" the developers of LINE, which is one of the most popular messengers, especially in Asia, announced the app had grown into a global service surpassing 1 billion users and achieving an MAU (Monthly Average Users) of 215 million. Security is not an empty word for LINE: in 2015 end-to-end encryption was deployed, which is turned on in the settings page called "Letter Sealing". LINE plans to switch it on by default for all users, initially it is only default for those with one Android device registered to their account. There are also plans to add encrypted sealing to Line for desktop and other operating systems over time. LINE treads on the heels of the top three and is ranked fourth.
Fast favorite with users Viber took the third spot of the charts. Within a short period the development of Viber Media company was able to win glory of the immense number of people: now the number of users has exceeded half a million and is moving steadily to around a billion. The messenger’s protocol is closed. However, it has recently become known that end-to-end encryption of communications, voice calls, photos and videos, will be deployed into the new version of Viber. What is more, there also will appear private chats in Viber, like those that have already been implemented in Telegram, to which we will address later. Access to the hidden correspondence of these chats will be available after entering the PIN-code, and iOS users will be able to get authorization by fingerprint. So far, end-to-end encryption, according to the developer, is available in a limited number of countries, and after successful testing in the nearest future it will become available for all users. Therefore, Viber takes the third place on the pedestal of the most secure popular instant messengers.
Silver medal in the rating of messengers by Falcongaze gets WhatsApp. This messenger gained popularity long ago – the number of WhatsApp users stepped over one billion. Protocol of the IM is open, and since 2014 WhatsApp supports end-to-end encryption for Android devices. However, in early April 2016 the company Open Whisper Systems announced the introduction of complete end-to-end encryption in WhatsApp for all platforms. Now the messenger encrypts absolutely all data transmitted by users, and even WhatsApp employees wouldn’t be able to decrypt them. The second place goes to WhatsApp.
The rating of the most secure popular messengers is headed by rapidly gaining users Telegram. As of February 2016 the number of active users of relatively recently appeared messenger was more than 100 million people. Source code, protocol and API in Telegram are open, and to provide security of user correspondence strong encryption is implemented. Both regular and secret chats are available. In regular chats client-server encryption is used, while secret chats use end-to-end encryption. Secret chats also support self-destructing messages, and Self-Destruct Timer can be set to the desired time limit. As soon as the time runs out, the message disappears from both devices. A secret chat with a particular user can only be accessed on the device of origin, and messages from secret chats cannot be forwarded. In addition, each user can set a password to log into their account or set up authentication by fingerprint. Telegram promised to pay a reward of $ 300,000 for hacking the correspondence of the two bots and extracting a secret email address from a secret chat between the bots. The experts of Falcongaze reward Telegram with the first place in the rating of the most secure popular messengers.