So-called “secure messaging” systems, including popular apps like Skype and Facebook Chat, don’t actually live up to their supposed safety, according to a report released Tuesday by a digital rights group.
The Electronic Frontier Foundation’s Secure Messaging Scorecard judged the security of over 30 e-mail, social media, voice and video calling apps across seven categories, including whether the provider can read your messages and whether your previous communications are secure if your passkeys are stolen.
Some of the most popular chat platforms, including Facebook Chat, Snapchat, WhatsApp, BBM, AIM and even “off the record” Google Chat, lack the encryption necessary to protect communications from the app’s makers, though they do encrypt messages during transit, the EFF’s scorecard says.
The most secure mainstream chat apps are Apple’s iMessage and FaceTime, which are encrypted so that neither outsiders nor Apple can access your conversations. Still, both lack security functions to verify your contacts’ identities, and they also don’t release their code for independent review.
Of the 38 systems evaluated in the scorecard, only six managed to fulfill all seven categories: ChatSecure, CryptoCat, Signal/Redphone, Silent Phone, Silent Text and TextSecure, all lesser-known apps purpose-built for the security-minded.
Aside from Mxit, a messaging app popular in South Africa, the other app that failed all seven of the security indicators is QQ, a hit Chinese messaging app with nearly 1 billion users.
The EFF’s full scorecard can be viewed here.