I’m sure you’ve heard about “What’s App”. If you haven’t, “What’s App” is an application available for smartphones such as the iPhone, Android, Windows Mobile, Blackberry and more. It allows you to send messages, similar to SMS, to friends who also use the same application. On the upside, it’s free of charge (you only need to pay for the internet traffic generated), on the downside it’s very insecure. But what are secure alternatives out there?
Let’s start and answer the obvious question: Why is What’s App insecure?
The main reason is: What’s App is storing all your communication on the servers unencrypted. The company claims there is encryption, but that is only limited to the transfer between your phone and the servers. Once the message (or photo, video, location information) reached the server, anyone with access within the company can read your message.
I don’t need to mention, that being the most popular instant messaging application, What’s App surely attracts hackers as well. And once these have gained access to the servers, they will also have access to your communication.
So you better make sure that What’s App is not your only means of communication. And you shouldn’t use it for anything that is confidential.
But sometimes, we need to send confidential messages. Your wife forgot the password to the computer, or you want to send her the code to open the order. So what are the secure alternatives?
There are a few out there that I would like to introduce:
1) Wickr – leave no trace
Wickr is an iPhone-only application focused on “providing communication that leave no trace”. The Android version is in the works, but the fact that it only works on the iPhone is limiting its usage quite a lot.
Wickr claims to be totally secure. All messages are encrypted on your device before being sent to the server. Once the message reached its destination, it will be erased from the server in a secure manner by overwriting the message twice. Even if Wickr will be hacked (or government agencies try to intrude), there will be nothing left with the company. Hence, it’s also not interesting for hackers.
What’s more, Wickr allows you to set an expiry date of your message. That means, after a time of between 10 seconds to 5 days (it’s your choice) the message will be deleted from the recipients device. This is quite a nice feature and allows you to completely clean all traces you left.
I personally find the app very useful, although sometimes I would like to keep messages for longer. Hence, a feature to de-activate the self-destruct function would be nice.
You can download Wickr on the App store for free.
2) Threema – security first
Compared to Wickr, Threema is available for the iPhone and Android making it available to a larger audience. Like Wickr, Threema puts its focus on security. By using end-t0-end encryption, the company will never be able to read your messages as they are encrypted on your device and decrypted on the recipients device.
Compared to Wickr, which is based in the U.S. and operating under U.S. jurisdiction, Threema is based in Switzerland and all servers also remain there. That adds an additional layer of security as U.S. companies will need to comply with the all mighty NSA when presented with a secret court order, enacted by a secret court with secret judges.
Threema has a three-stage verification approach for contacts. If you add a contact by his/her nickname it will be red. Once they are verified with your address book, the status is switched to orange.
To fulfil the verification you actually need to meet the person and scan his/her ID from his/her phone with your phone. While that is a nice spy-like gimmick, it doesn’t have any effect on the ability to send and receive messages from this person.
Threema doesn’t have a message-destruct mode. Whatever you send to your friends will remain on their mobiles.
The app can be purchased from the App store or the Google play store. The price is USD 1.99 and worth it.
Threema’s local encryption is using the built-in features of the iOS or Android operating system. Wickr, on the other hand, is using a custom-built system. Hence, the local security is better on Wickr compared to Threema.
Both apps, Wickr and Threema, don’t support group chats. Threema claims this feature is in the works though and will be available soon.