In today’s world of revelations that the National Security Agency (NSA) is spying on citizens in the United States, and the United Kingdom requires Internet Service Providers to record their customer’s online activities, secure, encrypted messaging is more important than ever.
If you’re using standard, unencrypted SMS texting, such as what your wireless carrier offers, you’re leaving yourself open to monitoring by your carrier and your government, as well as hackers and criminals.
Not all encrypted messaging apps are created equal. In this article, I’ll explain how encrypted messaging works, which devices this type of messaging is available on, and which apps provide the best encrypted messaging protection and experience.
What Is Encrypted Messaging, and How Does It Work?
Encrypted messaging (also known as secure messaging) provides end-to-end encryption for user-to-user text messaging. Encrypted messaging prevents anyone from monitoring your text conversations. Many encrypted messaging apps also offer end-to-end encryption for phone calls made using the apps, as well as for files that are sent using the apps.
Encryption is the process of encoding information to prevent anyone other than its intended recipient from viewing it. The concept of encryption is millennia old, as Roman Emperor Julius Caesar reportedly used a simple form of encryption to send messages to his generals.
You might have used a basic form of encryption to send “secret” messages to your school chums when you were in grade school. Perhaps you used an “encryption” code similar to “A = 18, B = 23, C = 5” and so on.
While the encryption used in today’s secure messaging apps is much more complicated and secure than any secret code you used in grade school, the theory is still the same at its basic roots.
Modern data encryption makes use of an algorithm known as a cipher to convert information into what appears to be random characters or symbols. The encrypted information is unreadable to anyone who does not have access to a special key used to decrypt the information so that it’s readable.
Two modern methods of encryption are the Public Key (Asymmetric) and the Private Key (Symmetric) methods.
While these two methods of encryption are similar in that they both allow users to encrypt data to hide it from the prying eyes of outsiders and then decrypt it for viewing by an authorized party, they differ in how they perform the steps involved in the process.
Public Key Encryption
Public Key (Asymmetric) Encryption makes use of a recipient’s public key, along with a private key that mathematically matches the public key. A user can then send a message encrypted with the public key, which is then decrypted by the recipient, using their matching private key.
When using this encryption method, a sender can “unlock” a mailbox to place a message into it, but they would not be able to look at any of the other messages that may be in the mailbox, since the message can only be decrypted by using the recipient’s private key.
Private Key Encryption
The Private Key (Symmetric) Encryption method is similar to the Public Key method, as two keys are still required to encode and decode the information.
However, when using the Private Key Encryption method, both keys are basically the same. This means that both parties are allowed to encrypt and/or decrypt the information.
Both methods make for efficient ways to protect messages and other information from viewing by those who have no business viewing your sensitive personal and business information.
In the following section, I’ll discuss why you should be using an encrypted messaging app. You may be surprised to find out that you’re already using one.
If you’re not currently using one, be sure to read the section after next, where I’ll list the best apps for encrypted messaging available today. Most of them are available on multiple desktop and mobile platforms, so your messages can be protected no matter which device you’re using.
Why Should I Use an Encrypted Messaging App?
At this point in the discussion, you may be thinking that encrypted messaging sounds a bit complicated. There’s good news, though – it really isn’t so complicated.
All that’s needed on your end is for you to download and install the right app on your computer or mobile device and start using it.
As a matter of fact, you may already be using an encrypted messaging app, and you’re not even aware of it.
If you’re an iOS or macOS user, you most likely use the Messages app that’s included with both operating systems. The Messages app uses end-to-end encryption to protect users’ messages from prying eyes. The app is a perfect example of how simple using an encrypted messaging app can be.
Android, iOS, macOS, and Windows users may also already be using WhatsApp to send and receive messages with their friends and family. The feature that may have been most attractive to many of you (parents can’t monitor your conversations) uses end-to-end encryption to prevent monitoring.
Encrypted messaging apps protect your personal conversations from the prying eyes of those who would monitor your activities. I’ll be taking a look at three popular encrypted messaging apps and how those apps protect your privacy.
What Are the Best Encrypted Messaging Apps?
In this section, we’ll take a look at a group of messaging apps that provide end-to-end encrypted protection for your messages.
You’re likely familiar with a few of them and may already be using them. But, I’ll also bet that you’ll learn a few things about each app as we take a look at them.
Apple Messages (iOS, iPadOS, watchOS, and macOS)
While normally this app might not be included – as it’s only available on iOS, watchOS, and macOS devices – the sheer number of these devices in use justifies its inclusion in this roundup.
Besides, many iPhone, iPad, Apple Watch, and Mac users may not realize how well Messages protects their messaging sessions.
The Apple Messages app uses iMessage, Apple’s secure messaging service, which provides end-to-end encryption for users’ messages sent via the Messages app.
The app makes use of Apple users’ Apple ID, which is also used for the App Store, email, iCloud, and more. The service uses the end-to-end encryption built into iCloud to keep iMessage users’ messages secure.
Both messages and attachments that are sent and received via the Messages app are protected by end-to-end encryption, and no one but the sender and the recipient can access them.
Not even Apple can decrypt the data. (This has caused legal conflicts with federal law enforcement agencies that have attempted to force Apple to “unlock” messages on the devices of criminals and terrorists.)
The screenshot below is a simplified representation of how Apple’s system protects iMessage sessions. For a more detailed look at how it all works, I highly suggest downloading the latest version of Apple’s iOS Security Guide (PDF).
Please note that the end-to-end encryption only goes as far as messages that stay within Apple iMessage’s walled garden.
While Message app users can easily and transparently send SMS text messages to users of other devices, such as Android devices, the messages are not protected by end-to-end encryption, as SMS messaging does not offer the same encrypted security as iMessage.
The Apple Messages app comes pre-installed on all iOS, iPadOS, watchOS, and macOS devices.
Signal (Android, iOS, macOS, Windows, and Linux)
Signal is an encrypted messaging app that is available for Android, iOS, Windows, macOS, and Linux platforms.
Users can use the app to send messages to individuals and groups. They can also send files, voice notes, images and videos, as well as place voice and video calls via the app. All communications are secured via end-to-end encryption.
Signal uses an independent end-to-end platform, transporting information across its own infrastructure. The app’s encryption is based on the OTR protocol and uses AES-256, Curve25519, and HMAC-SHA256.
The app is free and open source, allowing any party to audit and verify the app’s code to ensure the code doesn’t offer any backdoor access to anyone, such as “terrorists will win without access” law enforcement types.
The app uses an app password and a blocker that prevents screen scraping. Users can control which types of data are allowed to be sent and received via WiFi or cellular connections. All parties are required to have the app installed on their device to participate in any one-to-one or group conversations.
For more information about Signal, or to download the Signal app for your device, visit the Signal website.
WhatsApp (Most Popular Platforms)
WhatsApp is a free, secure messaging app that is available for Android, iOS, Windows Phone, and Nokia S40 devices.
While there are WhatsApp clients available for the Windows and macOS platforms, as well as a web browser-based version, they require a device running the mobile app to be present to sync with the desktop client. Audio or video calling is not allowed from desktop or web clients.
Those users who are suspicious of Facebook and its privacy protections – or lack thereof – should take note that the social network acquired WhatsApp in February 2014.
Facebook mines the data of its users for advertising purposes, so you might expect some sort of similar mining operation for WhatsApp, although no such mining has ever been confirmed.
WhatsApp messaging is protected by end-to-end encryption across all platforms, incorporating the same encryption protocol used in Signal, which we took a look at in the previous subsection. Users can verify each other’s keys and can be notified if another user’s key changes.
In addition to text messaging, the WhatsApp platform also allows placing and receiving voice and video calls, images, and other documents. Users can also send their current location if they wish. All data is wrapped in end-to-end encryption.
While WhatsApp is available internationally, the service is currently blocked in China, and has, at one time or another, been temporarily banned in other countries, including Iran, Turkey, and Brazil.
For more information about WhatsApp, or to download the WhatsApp app for your device, visit the WhatsApp website.
Why Shouldn’t Law Enforcement Have “Backdoor” Access to Encrypted Messages?
It all comes down to one thing for me. If law enforcement has backdoor access to encrypted information like messages, that weakens the entire protective system. That same backdoor could be used by the bad actors of the world to access my encrypted information. Or even worse, overly restrictive governments like those in China, Russia, or other countries could gain access to my encrypted messages.
While I am all for catching the bad guys and preventing terrorism, allowing law enforcement and other government agencies to have access to encrypted info is not the way to go.
Besides, do you think the bad guys will continue using WhatsApp, Signal, or other encrypted messaging services if there is a law enforcement backdoor? Nope, they’ll simply move on to other messaging apps or even create their own, while the law-abiding citizens among us will be forced to use possibly compromised messaging systems.
What Have We Learned?
In today’s always-on world of the internet, security for your personal communications is more important than ever.
Users are increasingly finding that outsiders, such as hackers, their Internet Service Provider, and even their own government are increasingly interested in the contents of their messages and their accompanying attachments.
Standard SMS texting is unencrypted, leaving them open to folks who would seek to monitor the conversations for their own gain or to glean information regarding legal or law enforcement-related reasons.
Apps like Apple’s Messages, Signal, and WhatsApp provide a way for users to easily keep their one-to-one and group communications under wraps by applying a layer of end-to-end encryption to their users’ messages, keeping the information safe from prying eyes. This prevents outsiders from intercepting and monitoring messages.
If you are not currently using an encrypted messaging app on your favorite desktop and mobile devices, I urge you to download one of the apps I’ve shared with you in this article. You’ll be faced with one less thing to worry about when traversing the dangerous online world.
Encrypted Messaging FAQs
Why Should I Use an Encrypted Message Service?
An encrypted message service protects your personal and business conversations from the prying eyes of outsiders, like hackers and the government.
What Does Encryption Mean?
Encryption is the process of hiding your personal data or messages from prying eyes. Encryption can range from simple alphanumeric substitution ciphers, such as A=23, B=12, etc., to complicated algorithms known as ciphers to convert information into what appears to be random characters or symbols.
What Is the Advantage of Message Encryption?
Message encryption ensures that the sender and the intended recipient are the only parties that can read a message's content. Outsiders cannot decrypt the message, as they do not possess the encryption key.
Why would someone send me an encrypted message?
An encrypted message prevents any outside parties from reading the message, even if they are able to intercept it. Without the proper keys to unencrypt the message, no one except the sender and recipient can read the message’s contents.
How do I read an encrypted message?
Reading an encrypted message is as easy as opening your encrypted messaging app (such as Apple’s Messages, WhatsApp, Signal, or any other encrypted messaging app), tapping or clicking on the encrypted message, and reading it. You will need to be using the same encrypted messaging app as the sender.
Are MMS messages encrypted?
MMS and SMS messages, such as those sent and received by standard text messaging apps, are not encrypted. This means they can be intercepted and read. If you’re using an encrypted app – like Signal, WhatsApp, or Apple’s iMessage system – the messages are encrypted.
Should I Use a VPN When Encrypted Messaging?
Yes. A VPN adds an additional layer of encryption. End-to-end encrypted messages have been cracked in the past. A VPN's additional encryption makes the bad guys' job that much tougher.
How Secure Is Encrypted Messaging?
All of the messaging apps on this list use end-to-end encryption, meaning only the parties involved in the conversation can actually read the messages. Usually, the messages are not stored on a server, meaning bad guys can't access them on company servers.
- What Is Encrypted Messaging, and How Does It Work?
- Why Should I Use an Encrypted Messaging App?
- What Are the Best Encrypted Messaging Apps?
- Why Shouldn’t Law Enforcement Have “Backdoor” Access to Encrypted Messages?
- What Have We Learned?
- Encrypted Messaging FAQs
- Why Should I Use an Encrypted Message Service?
- What Does Encryption Mean?
- What Is the Advantage of Message Encryption?
- Why would someone send me an encrypted message?
- How do I read an encrypted message?
- Are MMS messages encrypted?
- Should I Use a VPN When Encrypted Messaging?
- How Secure Is Encrypted Messaging?