All Top Messaging Apps Fail the EFF Security Review
Billions of instant messages are sent every day using the top messaging apps by millions of users. These users rely on the security mechanisms and protocols implemented by the providers of these apps, but to what extent are these providers striving to keep the messages of their users safe? It is definitely a difficult question to ponder on—and Electronic Frontier Foundation (EFF) is looking to investigate the very same issue.
EFF is a San Francisco-based organization that investigates and reports issues and news related to digital privacy, free expression, and innovation in these domains. In the first phase of a campaign to score all leading and well-known messaging apps against the security mechanisms they employ, EFF has compiled a targeted scorecard. This campaign scores the apps for a set criteria of agreed-upon basic requirements for digital security and privacy of the communication. Here are the results of the campaign dubbed ‘EFF Campaign for Secure & Usable Crypto’:
As it turns out, only 6 apps completely fulfill the criteria of EFF’s test: ChatSecure, CryptoCat, Signal/RedPhone, Silent Phone, Silent Text, and TextSecure. Apple’s iMessage and FaceTime rank marginally higher as compared to the competition, while BBM and AIM performed poorly. BlackBerry’s private messenger (not shown in the image above) ranked better in the results, however.
Some may argue that giants like Facebook and Apple would never make their code or security designs public for independent review, so they can’t score higher on these aspects. It should be kept in mind, however, that these scores are not a guarantee of absolute secrecy, but merely an indication of aspects which are generally known to be an indication of the efforts that have been made public by app’s developers for anyone to judge against.
Moreover, EFF agrees that in near-future, the upcoming phases of this research work will include more details like closer examinations of the usability and security of the tools, so type away (for now, anyway!).