The news last week that Facebook has paid a whopping $19 billion for the wildly popular (450 million users) instant messaging app WhatsApp has sent shockwaves through its users who, worried by Facebook’s infamous disregard for privacy, have reportedly been leaving it in droves. Der Spiegel, for example, reported that WhatsApp rival Threema doubled its user base in one night following the announcement.
The issue that has caused the greatest furore is the way in which WhatsApp uploads users contact list to servers in the US, so that entries can be matched to a database of existing users. With Facebook’s acquisition of WhatsApp giving it the ability to match this data to its own very extensive database of personal profiles, major alarm bells began to ring. It should be noted however, that since WhatsApp uses proprietary code and encrypts messages on its servers (i.e. it is not end-to-end), it was never a very good choice for security conscious IM users anyway, especially given that even the encryption it does use have may be flawed.
Many websites have been quick to publish articles on good alternatives to WhatsApp, but there has been too little focus on alternatives that are properly secure. Fortunately there are some good options available, and when looking at IM security it is clear that two factors are vital:
- Strong end-to-end encryption – all data should be encrypted by yourself on your device, so that it can only be decrypted by a trusted recipient. Since only you and the trusted recipient(s) hold the encryption keys, no-one else (including the app developer and your ISP) can access the data without cracking the encryption. If the encryption is strong (e.g. 256-bit AES), then this will be all but impossible (although who knows what the NSA is capable of?).
- Use free open source software (FOSS) – open source software code is freely available so that it can be peer-reviewed and vetted for backdoors and other nasty bits of code, while proprietary software is hidden, and can therefore conceal just about anything (and given the NSA’s campaign to backdoor just about all commercial software, likely does). Being FOSS is not a guarantee that code is secure as it is often very complex, and even when security experts have the time and resources available to do a full audit, malicious code can be easily missed. It is however the best guarantee available.
Secure WhatsApp alternatives
ChatSecure (was Gibberbot)
ChatSecure is a fully open source app that uses the highly respected Cypherpunk’s Off-the-Record (OTR) encryption protocol (first developed as a plugin for the Pidgin desktop IM client, but now incorporated into many secure IM programs). Developed by The Guardian Project, encryption is end-to-end, and uses AES and the SHA-1 hash function, and no central server is involved at all.
ChatSecure works securely with pretty near any app or client that uses OTR, such as Pidgin+OTR, Jitsi or Miranda IM (Windows), Adium (Mac) and Jitsi (Linux), and will work insecurely with many more. This is potentially a big security problem however, as if the recipient does not have an OTR enabled chat client then conversations occur in plaintext, and there are not enough warning to users about this.
A nice bonus however is that the Android version works with The Guardian Project’s Orbot App, which routes your messages through Tor for maximum privacy. It also works with The Guardian Project’s KeySync tool, which makes it possible to transfer your desktop OTR keys and fingerprints to the Android app, so that you can seamlessly communicate using your existing database of trusted contacts.
Since 2009 OTR does not support group chat, although this is a feature which may appear again in the future. More important is the fact that Apple does not allow background processes, so there is no push message support in iOS, which when combined with problems connecting to XMPP servers (used by OTR desktop clients), makes the iOS version is almost unusable as is.
This app seamlessly replaces your device’s messaging client, becoming the default messaging app. Completely free and open source, it sends messages encrypted end-to-end using 256-bit AES with the Curve25519 Diffie-Hellman function, and HmacSHA256 hash authentication. It also uses Perfect Forward Secrecy, so even if one message is somehow compromised, no others are.
Text Secure v2 addresses many of the problems the earlier version of the app once had, and now supports group chat, push notifications, has strong MMS support, and whether unencrypted messages are sent as clear SMS/MMS is now optional. It has also now been incorporated into popular alternative Android OS CynagenMod, expanding its userbase by around 10 million.
TextSecure is completely free, and is available for Android. Whisper Systems has also released an app for iOS called Signal, that combines TextSecure and RedPhone secure VoIP functions, and is 100 percent interoperable with TextSecure (and RedPhone). For more details about Signal see here, and also be sure to check out our full TextSecure and RedPhone review.
Update: The unified Signal app is now available for Android (replacing TextSecure and Redphone.) Please check out our full Signal Private Messenger Review for an in-depth look. Whisper Systems has also announced that it plans to release a desktop version of Signal in the near future (beta tests are underway.)
Threema is a Swiss service, and is therefore subject to the Swiss Federal Act on Data Protection, one of the strongest pieces of privacy protection legislation anywhere. It uses open source end-to-end PGP encryption, so it is generally considered secure, although some parts of its code are proprietary, and therefore have not been independently verified.
Data on-phone can be secured with a master key, and (addressing the major complaint against WhatsApp) users can either choose to synch their contacts by sending data fully encrypted to volatile memory on Threema’s servers, where (Threema promises) it only resides long enough to be matched and is then deleted), or forgone altogether, and contacts added individually, ideally by sharing IDs only in person.
Because it is not fully open source, Threema requires a fair degree of trust, but it works well and is easy to use. If it opened up its code then it would be a strong contender for best WhatsApp replacement, but as is. it should probably be avoided by more security conscious texters.
SureSpot is a well-designed and easy to use open source messaging app that uses seamless (so you needn’t worry about key exchanges and suchlike) 256-bit AES-GCM encryption using keys created with 521 bit ECDH. It supports long messages (so they won’t be split into smaller ones as happens with SMS, often arriving in the wrong order) and allows sending of high quality images (although it has no video or group messaging support). Interestingly, you can send voice messages, and even more interestingly, you can delete messages that you have sent from the receiving device!
SureSpot does not support Perfect Forward Secrecy (although new keys can be generated anytime by the more paranoid), and there is a known vulnerability to MiTM attacks, but overall it is a very secure and easy to use app.
Update 29 July 2015: It is just speculation, but we suggest anyone considering using Surespot read this article first.
Jitsi is a popular free and open source IM client for Windows, OSX and Linux that also supports VoIP video chat (Skype style). An Android app is currently in the works and looks very promising, so we just include it here as a heads-up, and will take a closer look when it is fully released.
We have not bothered to cover the remaining so-called secure messaging apps available for the following reasons:
- BBM, myEnigma, Redact, Silent Text, TigerText and Wickr – these are not open source. BBM, popular though it is, is particularly laughable when it comes to security
- Cyyptocat – this app looked very promising, but an audit of the software (paid, ironically enough, by Cryprocat itself!) revealed shocking security flaws. An update fixes most of these, but after such a fiasco we have no intention of going anywhere near it
- Telegram – despite its growing popularity, cryptography experts are unhappy with the custom MTProto protocol used (see Telgram’s response here). There is also no Perfect Forward Secrecy and Secret Chats are not the default, although it should be praised for being open source
In terms of ease of use, Threema is the winner, but the fact it is not fully open source also makes it the poorest choice in our lineup in terms of security. There is much to admire about ChatSecure, but it is plagued by too many problems to really recommend (and is absolutely awful on iOS). SureSpot is a great app, and hits the sweet spot in terms of balance between security and usability, but the Signal boasts impressive security, is packed with features, and is also very easy to use, so gets our vote as the overall winner.