Encrypted Messaging

What Is It, Why Should You Use It and What Are the Best Apps?

Encrypted Messaging

In today’s world of revelations that the National Security Agency (NSA) is spying on citizens in the United States, and the United Kingdom requires Internet Service Providers to record their customer’s online activities, secure, encrypted messaging is more important than ever.

If you’re using standard, unencrypted SMS texting, such as that offered by your wireless carrier, you’re leaving yourself open to monitoring by your carrier and your government, as well as hackers and criminals.

Encrypted messaging (also known as secure messaging) provides end-to-end encryption for user-to-user text messaging. Encrypted messaging prevents anyone from monitoring your text conversations. Many encrypted messaging apps also offer end-to-end encryption for phone calls made using the apps, as well as for files that are sent using the apps.

Not all encrypted messaging apps are created equal. In this article, I’ll explain how encrypted messaging works, which devices this type of messaging is available on, and which apps provide the best encrypted messaging protection and experience.

What Is Encrypted Messaging, and How Does It Work?

Encryption is the process of encoding information to prevent anyone other than its intended recipient from viewing it. The concept of encryption is millennia old, as Roman Emperor Julius Caesar reportedly used a simple form of encryption to send messages to his generals.

You might have used a basic form of encryption to send “secret” messages to your school chums when you were in grade school. Perhaps you used an “encryption” code similar to “A = 18, B = 23, C = 5” and so on.

While the encryption used in today’s secure messaging apps is much more complicated and secure than any secret code you used in grade school, the theory is still the same at its basic roots.

Modern data encryption makes use of an algorithm known as a cipher to convert information into what appears to be random characters or symbols. The encrypted information is unreadable to anyone who does not have access to a special key used to decrypt the information so that it’s readable.

Two modern methods of encryption are the Public Key (Asymmetric) and the Private Key (Symmetric) methods.

While these two methods of encryption are similar in that they both allow users to encrypt data to hide it from the prying eyes of outsiders and then decrypt it for viewing by an authorized party, they differ in how they perform the steps involved in the process.

1

Public Key Encryption

Public Key (Asymmetric) Encryption makes use of a recipient’s public key, along with a private key that mathematically matches the public key. A user can then send a message encrypted with the public key, which is then decrypted by the recipient, using their matching private key.

How Public Key Encryption Works

When using this encryption method, a sender can “unlock” a mailbox to place a message into it, but they would not be able to look at any of the other messages that may be in the mailbox, since the message can only be decrypted by using the recipient’s private key.

2

Private Key Encryption

The Private Key (Symmetric) Encryption method is similar to the Public Key method, as two keys are still required to encode and decode the information.

However, when using the Private Key Encryption method, both keys are basically the same. This means that both parties are allowed to encrypt and/or decrypt the information.

How Private Key Encryption Works

Both methods make for efficient ways to protect messages and other information from viewing by those that have no business viewing your sensitive personal and business information.

In the following section, I’ll discuss why you should be using an encrypted messaging app. You may be surprised to find out that you’re already using one.

If you’re not currently using one, be sure to read the section after next, where I’ll list the best apps for encrypted messaging available today. Most of them are available on multiple desktop and mobile platforms, so your messages can be protected no matter which device you’re using.

Why Should I Use an Encrypted Messaging App?

At this point in the discussion, you may be thinking that encrypted messaging sounds a bit complicated. There’s good news, though - it really isn’t so complicated.

All that’s needed on your end is for you to download and install the right app on your computer or mobile device and start using it.

As a matter of fact, you may already be using an encrypted messaging app, and you’re not even aware of it.

If you’re an iOS or macOS user, you most likely use the Messages app that’s included with both operating systems. The Messages app uses end-to-end encryption to protect users’ messages from prying eyes. The app is a perfect example of how simple using an encrypted messaging app can be.

Android, iOS, macOS and Windows users may also already be using WhatsApp to send and receive messages with their friends and family. The feature that may have been most attractive to many of you (parents can’t monitor your conversations) uses end-to-end encryption to prevent monitoring.

Encrypted messaging apps protect your personal conversations from the prying eyes of those who would monitor your activities. I’ll be taking a look at 4 popular encrypted messaging apps and how those apps protect your privacy.

What Are the Best Encrypted Messaging Apps?

In this section, I’ll take a look at a group of messaging apps that provide end-to-end encrypted protection for your messages.

You’re likely familiar with a few of them and may already be using them. But, I also bet that you’ll learn a few things about each app as we take a look at them.

1

Apple Messages (iOS, watchOS and macOS)

While I wouldn’t normally include this app, as it’s only available on iOS, watchOS and macOS devices, the sheer number of these devices in use justify its inclusion in this roundup.

Besides, many iPhone, iPad, Apple Watch and Mac users may not realize how well Messages protects their messaging sessions.

Apple Messages iOS macOS

The Apple Messages app uses iMessage, Apple’s secure messaging service, which provides end-to-end encryption for users’ messages sent via the Messages app.

The app makes use of Apple users’ Apple ID, which is also used for the App Store, email, iCloud and more. The service makes use of the end-to-end encryption built into iCloud to keep iMessage users’ messages secure.

Both messages and attachments that are sent and received via the Messages app are protected by end-to-end encryption, and no one but the sender and the recipient can access them.

Not even Apple can decrypt the data. (This has caused legal conflicts with federal law enforcement agencies that have attempted to force Apple to “unlock” messages on devices used by criminals and terrorists.)

The screenshot below is a simplified representation of how Apple’s system protects iMessage sessions. For a more detailed look at how it all works, I highly suggest downloading the latest version of Apple’s iOS Security Guide (PDF).

Apple iOS Security

Please note that the end-to-end encryption only goes as far as messages that stay within Apple iMessage’s walled garden.

While Message app users can easily and transparently send SMS text messages to users of other devices, such as Android devices, the messages are not protected by end-to-end encryption, as SMS messaging does not offer the same encrypted security as iMessage.

The Apple Messages app comes pre-installed on all iOS, watchOS and macOS devices.

2

Signal (Android, iOS, macOS, Windows and Linux)

Signal is an encrypted messaging app that is available for the Android, iOS, Windows, macOS and Linux platforms.

Users can use the app to send messages to individuals and groups. They can also send files, voice notes, images and videos, as well as place voice and video calls via the app. All communications are secured via end-to-end encryption.

Signal Encrypted Massaging App

Signal uses an independent end-to-end platform, transporting information across its own infrastructure. The app’s encryption is based on the OTR protocol and uses AES-256, Curve25519 and HMAC-SHA256.

The app is free and is Open Source, allowing any party to audit and verify the app’s code to ensure the code doesn’t offer any backdoor access to anyone, such as “terrorists will win without access” law enforcement types.

The app uses an app password and a blocker that prevents screen scraping. Users can control which types of data are allowed to be sent and received via Wi-Fi or cellular connections. All parties are required to have the app installed on their device to participate in any one-to-one or group conversations.

For more information about Signal, or to download the Signal app for your device, visit the Signal website.

3

​WhatsApp (Most Popular Platforms)

WhatsApp is a free, secure messaging app that is available for Android, iOS, Windows Phone and Nokia S40 devices.

While there are WhatsApp clients available for the Windows and macOS platforms, as well as a web browser-based version, they require a device running the mobile app to be present to sync with the desktop client. Audio or video calling is not allowed from the desktop or web clients.

WhatsApp Secure Messaging App

Those users who are suspicious of Facebook and their privacy protections - or lack thereof - should take note that WhatsApp was acquired by the social network in February 2014.

Facebook mines the data of its users for advertising purposes, so you might expect some sort of similar mining operation for WhatsApp, although no such mining has ever been confirmed.

WhatsApp messaging is protected by end-to-end encryption across all platforms, incorporating the same encryption protocol used in Signal, which we took a look at in the previous subsection. Users can verify each other’s keys and can be notified if another user’s key changes.

In addition to text messaging, the WhatsApp platform also allows placing and receiving voice and video calls, images and other documents. Users can also send their current location if they wish. All data is wrapped in end-to-end encryption.

While WhatsApp is available internationally, the service is currently blocked in China, and has, at one time or another, been temporarily banned in other countries, including Iran, Turkey and Brazil.

For more information about WhatsApp, or to download the WhatsApp app for your device, visit the WhatsApp website.

4

Wickr Me - Private Messenger (Most Popular Platforms)

The Wickr Me instant messaging app offers end-to-end encryption for their users’ messages, which can include content-expiring messages, photos, videos and other types of file attachments. The app is available for Android, iOS, Mac, Windows and Linux devices.

Wickr Me Private Messenger

The Wickr Me app allows users to set an expiration time for their encrypted messages, which can be synced across multiple devices, such as their mobile phone, tablet or desktop computer.

All communications are encrypted locally on each device, using a new key that is generated for each new message. This means that no one besides the Wickr users in the conversation have the keys needed to decipher the conversation.

Wickr Me conversations can be conducted one-to-one or in groups. No phone number or email address is required to register for Wickr Me, and the user’s address book remains private and is not stored on the Wickr servers. Wickr says it doesn’t store any metadata associated with their users’ communications.

Wickr uses multiple layers of encryption to secure data and messages. Usernames, Application IDs and Device IDs are hashed with multiple rounds of salted SHA256, and data is encrypted with AES256. In other words, your information is safe.

Each message has a new encryption key, which is deleted as soon as a message is decrypted. All passwords and password hashes stay on the device, and all user content is completely wiped from the device after it expires.

The Wickr source code is available on GitHub and is documented on the Wickr website.

For more information about Wickr Me, or to download the Wickr Me app for your device, visit the Wickr website.

What Have We Learned?

In today’s always-on world of the internet, security for your personal communications is more important than ever.

Users are increasingly finding that outsiders, such as hackers, their Internet Service Provider and even their own government are increasingly interested in the contents of their messages and their accompanying attachments.

Standard SMS texting is unencrypted, leaving them open to folks who would seek to monitor the conversations for their own gain or to glean information regarding legal or law enforcement-related reasons.

Apps like Apple’s messages, Signal, WhatsApp and Wickr Me provide a way for users to easily keep their one-to-one and group communications under wraps by applying a layer of end-to-end encryption to their to their users’ messages, keeping the information safe from prying eyes. This prevents outsiders form intercepting and monitoring messages.

If you are not currently using an encrypted messaging app on your favorite desktop and mobile devices, I urge you to download one of the apps I’ve shared with you in this article. You’ll be faced with one less thing to worry about when traversing the dangerous online world.