SecureMac, Inc.

Checklist 29: Encrypted Chat Apps for Secure Messaging on iOS

March 23, 2017

Encryption is big news today for security professionals and regular users as well. As more and more people are concerning themselves with keeping their communication secret, a large number of encrypted messaging apps are hitting the scene. How do you pick one? And what do you need to know about them?

Checklist 29: Encrypted Chat Apps for Secure Messaging on iOS

  • Why you might need encrypted messaging.
  • Pros & cons of specific encrypted messaging apps, including:
    • iMessage
    • WhatsApp
    • Signal
    • Silent Phone
    • Gliph
  • Choosing the app that’s right for you.

Encryption is a hot topic today for security professionals and regular users alike. More people are concerning themselves with keeping their communications safe from prying eyes. In a world where instant messaging is increasingly the dominant form of communication, many new apps have sprung up to accommodate this desire for encryption. With so many to choose from on iOS, which are the best apps out there, and what should you know about these technologies? On this edition of The Checklist, we’ll be looking at encrypted iOS messaging.

Why does anyone want encrypted messaging in the first place? There are many reasons you might want a way to chat securely, but let’s start with the most obvious one: it ideally prevents anyone else from reading your messages, period. Everyone from the journalist communicating with an anonymous source to the average Joe concerned about his privacy – anyone can benefit from encrypted chat. In an era of growing surveillance and rising threats from hackers who try to eavesdrop on digital communications for information, it’s more important than ever to be thoughtful about the way we chat.

When people hear “encryption,” though, the first thing that often comes to mind is a complicated process. Setting up a connection to anonymously browse the web through Tor, for example, takes a little bit of technical knowledge. Messaging apps that encrypt their communications typically don’t require too much additional user intervention, however. That makes it an easy way to reap the benefits of secure communications.

Breaking down the pros & cons of iOS encrypted messaging apps. As we look at the following apps, it’s important to remember that you only gain the benefits of encryption when you and your messaging partner both use the same app. Otherwise, your message contents could still potentially suffer from exposure. However, some of the apps offering encryption are already quite popular. In fact, you might’ve already been communicating through encryption.

iMessage: This stock standard messaging service available on iOS devices and the Mac platform might seem unassuming, but it’s packing a cryptological punch under the surface. When you send something to a friend through your iPhone’s Messages app, you’ll know it was sent via iMessage if the message bubble turns blue. However, if your device can’t reach Apple’s servers, an iMessage will default automatically to insecure SMS, or text message. Disable this in your phone’s settings to enhance iMessage security.

While the downside is that you can only securely chat over iMessage with other iOS users, it does provide an easy way to speak securely on a basic level. So how is Apple making sure your iMessages are safe? It uses what we call “end to end encryption,” a theme common to all the other apps we’ll discuss.

In this setup, the only individuals who can read the contents of a message are the sender and the recipient. Not even Apple has access to the contents of an iMessage due to the way the application handles its security keys. While Apple retains the “public keys” for other devices to identify and communicate with yours, all the private keys (used for encrypting and decrypting messages) remain stored on your device. Additionally, the entire package is encrypted a second time when transmitted to and from Apple’s servers; this dual layer of security makes it virtually impossible for anyone, including Apple, to spy on your messages.

However, it is not a perfect solution, and not just because it’s limited to iOS users. In mid-2016, researchers from Johns Hopkins University developed an attack method for reading iMessages. The attack required a very high level of sophistication and would have required forged security certificates or direct access to Apple servers.

While they patched the specific holes identified, researchers noted that the overall encryption method Apple uses means iMessage could remain vulnerable to very high-level attacks. It also appeared that iMessage did not periodically change it’s encryption keys like some other apps do. However, iMessage remains a good, free option for iOS users, though in some cases it may not provide the depth of protection one wants.

WhatsApp: Perhaps by far the most popular messaging app out there to provide end to end encryption, WhatsApp is now used by over a billion people worldwide and recently rolled out some pretty robust end-to-end encryption of its own. Its encryption protocol was built by the same team, Open Whisper Systems, that created the Signal app. We’ll touch on that app shortly. Though it once had a subscription fee, WhatsApp is now completely free for use and includes the ability to make secure calls.

Maybe you already use WhatsApp — with so many users, chances are good you know at least one person who does. WhatsApp immediately has an advantage over iMessage: you can message users no matter the device they are on, and you probably won’t need to convince a friend to install an app since they’ll have it already. One possible downside, is that users must always be on the same version of the software for encryption to function.

Overall, its end-to-end encryption provides the same deep level of protection from prying eyes, but WhatsApp also includes an additional feature: the ability to verify a unique security code. When you absolutely want to be confident that encryption is in effect and the person you’re communicating with is who they say they are, you can use this feature. Each device generates a unique 60-digit string and QR code for every chat. Users can verify with one another that these codes match. If they do, then you know that valid encryption is in place.

Recently, some controversy erupted around the way WhatsApp handles public key mismatches. Other protocols, when a key change is detected, block the key and the message altogether; this is the most secure way to handle the issue. However, because keys can change due to innocent reasons (like getting a new phone), WhatsApp chooses to accept the new public key rather than implementing a block.

Accepting a new public key can potentially open the door for a sophisticated “man in the middle” attack; though not the “backdoor” described in most publications, it is a design choice that reduces the app’s overall security. In most other cases, though, WhatsApp notifies users when they lose encryption. While not a perfect solution, WhatsApp offers an accessible and user-friendly method for secure messaging across devices. It’s also an excellent introduction to developing smart encryption habits, like verifying unique keys with your recipient.

Signal: Many consider Signal to be a gold standard for a secure messaging service, and for a good reason. It’s the first app on our list which is completely open source — a significant advantage for a service like this. While we might feel okay putting our trust in Apple to handle our information safely, for example, there’s no way for the average user to know what’s exactly going on inside software like iMessage or WhatsApp. Signal changes that; by being open source, anyone can vet their claims and ensure the encryption functions as it should.

Signal Messenger is free, and like WhatsApp, it calls itself “device agnostic.” In other words, iOS users can easily message Android users and vice versa. Signal delivers one of the most robust approaches to security: messages are encrypted in transit, Signal never has access to the keys, and the app takes a hard stance when keys don’t match.

Signal blocks messages if it detects problems with keys, and will prohibit access to old messages when there’s a possibility that a hacker has stolen a user’s keys. The app applies these same rigorous protocols to it’s calling function as well; users can easily speak privately through Signal. You can even set a “self-destruct” timer of sorts on your messages; after a set period, you can automatically wipe all your Signal messages.

Like most of these apps, communicating securely with others does require that both parties install Signal. Overall, Signal is an excellent choice from a security standpoint, having suffered no major breaches or problems thus far. Even the NSA has recognized how robust Signal’s protocols are!

Silent Phone: If the security of your phone calls is just as important as your messages, Silent Circle’s “Silent Phone” app is worth your attention as well. This app was even granted certification and clearance for use within the US government due to the strength of its encryption protocols. That alone speaks volumes about the effort that’s gone into the technology behind Silent Phone; this is a tier above WhatsApp, and for more “hardcore” users than Signal targets. With these added features comes a price tag, however: Silent Phone requires a monthly subscription fee of about $10.

Like the other apps we’ve discussed, Silent Phone enables secure calling, messaging, and the ability to share files up to 100MB in size. Targeting enterprise users, Silent Phone is also easy to install across a wide number of devices. Perhaps most interestingly, however, is the extra control it gives users over message lifespan.

Similar to the way Signal allows messages to “self-destruct,” a user can set their own “burn timer” within the app. When the timer expires, messages disappear from both your device and the recipient’s phone as well. This method is the most secure way to ensure no trace of your communication remains. Users will find a barebones messaging feature here; don’t expect to find the usual emojis, bells and whistles of iMessage and WhatsApp.

As a downside, calling is only free to other Silent Phone subscribers. Users require credit to call outside of their network, and the same security features may not fully apply if you call an unsecured user. Due to its subscription, Silent Phone has a smaller install-base — but for those serious about their encryption, it’s worth a look.

Gliph: The lesser-known Gliph is also an option. It receives less attention because the app was not built primarily for messaging, but was initially a way to facilitate Bitcoin transactions. Free to download, Gliph relies on an in-app purchase model to upsell users on different services, such as “email cloaking” and the ability to securely transfer files over the app – a feature which, as we’ve mentioned, is already available for free in Signal. As with the other options, Gliph only works with other Gliph users; therefore, it’s not the most convenient option available.

It also does not rely on the same level of encryption as other apps we’ve covered. Through a peer-to-peer connection, Gliph claims its messages are encrypted by SSL “over the wire” and through standard AES-256 encryption on your device. This is a big step down from the tight protocols run by Signal, Silent Phone, and even iMessage. Overall, Gliph focuses more on delivering a Bitcoin marketplace experience with an added messaging feature; users shouldn’t rely on it if they want true privacy.

Choosing the app that’s right for you. Ultimately, how you decide to protect your messages from prying eyes or surveillance involves carefully weighing the pros and cons of each app. Every iPhone user can enjoy the benefits of iMessage security, but it’s far from the best choice out there. Additionally, while many people globally take advantage of WhatsApp for peace of mind, its closed source nature and controversial design choices make it potentially risky. It should be clear that for true privacy and safety, users must dig a little deeper. Signal offers more verifiable protections, but is not as widely used yet. Meanwhile Silent Phone may not be as well-polished yet, it still offers an excellent protective ability and improves regularly.

One additional thought: recently, we covered some topics for parents on The Checklist about monitoring your child’s device usage. Even if you don’t choose to install and use an encrypted messaging app yourself, it’s important to understand what they are and how they work. If you spot one of these apps on your child’s phone, you’ll be able to recognise them and restrict access if you choose. It might be an opportunity for a good conversation with them, too.

That wraps up another episode of The Checklist! If you’d like more information on this topic, or if there’s a specific one you’d like to see us cover on a future episode, send us an e-mail at checklist@securemac.com!

Get the latest security news and deals