Secure Messaging Apps: The Pros and Cons of Each Platform

By: Christopher Guess | 07/07/2016

Meeting in a parking garage at 4 a.m. in trench coats — while still effective in certain circumstances — works less in the era of CCTV and mobile phone tracking. When it comes to secure communication, phone calls are out, normal email is laughably awful and SMS is only worse.

Enter: secure messaging apps.

These apps, operating under the same principles as PGP email encryption, are the new front line in securing communications between journalists, sources and contacts. All of these apps offer end-to-end encryption. If the company running the servers is ever subpoenaed, the only thing they can hand over to prosecutors is essentially gibberish.

However, the problem with some of these services is that you have to trust that your data is secure, as proprietary companies usually do not open source their software.

I’m going to discuss a few of the pros and cons of several secure messaging apps and offer a few suggestions for which ones journalists should use. Please remember that there is no right answer for everyone. Depending on who you’re hiding from, some apps are more practical or useful than others.

1.) iMessage

Pros Cons
  • Built into every iPhone and Mac.   
  • Completely seamless. If the text bubble is blue, it’s being sent securely.                
  • If an iMessage doesn’t send, the iPhone will send it through SMS as the fallback, potentially allowing it to be sent unencrypted. However, this can be disabled.
  • Most of your friends, colleagues and sources already use it.

 
  • Ties your personal phone number and device.

2.) Signal

Pros Cons
  • Designed from the ground up to be nothing but a secure messaging platform.
  • Buggy, especially on iOS.
  • It’s not oddly hacked onto an existing platform.
  • The user interface and some of the user experience design can have some, let’s say, interesting glitches. However, none of these problems affect security.
  • Fully open source.
  • Not widely used or known.
  • Extremely familiar, intuitive interface.
  • Requires your phone number for contact discovery.
  • Allows audio chat, with verification.
  • Anyone intent on tracking your internet use can see you’re using Signal. However, they won’t be able to read your messages.

3.) WhatsApp

Pros Cons
  • Built end-to-end by same team as Signal.
  • Not fully open source.
  • More than 1 billion users.
  • Owned by Facebook.
  • The default security settings are very good, as every message is encrypted automatically.
  • How much do you trust Facebook?
  • Users receive notifications if anything is wrong.
  
  • Everyone you’d want to talk to already uses it.
  

4.) Tox (a Skype “replacement”)

Pros Cons
  • Completely decentralized.
  • Usernames are 77 random numbers and letters. Mine is 1EFD9FE2EC7D30065AB
    E5E5C9C93908057608622D94020C952C
    1A7A61D1D0F622E59F5DF41C0.
  • There is, for all intents and purposes, no company that can be attacked.
  • It’s slow.
  • User lists are distributed and shared across the network itself.
  • Finding a user on the network can take time since there is no central repository.
  • No personally identifiable information — phone number, email address, etc. — is needed to make an account.
  • The actual chatting and voice services are still very buggy.
  • Fully open source, so developers can take the Tox protocol and build upon it as they like.
  • Other apps that have adapted Tox’s protocol are difficult to use and ugly to look at.
  • Very few users overall.

5.) Allo (Google’s newest messaging platform. Yes, another one)

Pros Cons
  • Created by Google, so you know the user experience will be pleasant.
  • It’s brand new.
  • The team behind Signal implemented Allo’s end-to-end encryption.
  • Closed source.
  • Extremely accessible on many devices.
  • For now, none of your messages are encrypted by default in Allo’s security settings.

The takeaway

If you’re reporting on the big boys (U.S., Russia, Israel, China), then even these services may not help you. The encryption protecting your messages probably won’t be broken, but the possibilities of malware on your device — or a very sophisticated man-in-the-middle attack — are much higher. In this case, there are many other internet security issues to be considered as well.

However, if you’re only worried about securing your standard day-to-day communication, I’d recommend Signal. Broadly speaking, if you’re a step below international espionage, iMessage, WhatsApp or Signal all fit the bill.

The biggest key to successfully using any of these tools is normalizing their use. If your team is using Signal, use it for everything. As the adage goes, those on the offensive only have to be lucky once; defenders have to be lucky all the time.

This post was also published on IJNet, which is produced by ICFJ.

Related Programs
ICFJ Knight Fellowships
Topics
Media Innovation
Country/Region
Worldwide

Latest News

How to Deal with Mis- and Disinformation in Times of Uncertainty

There is evidence that disinformation is designed to take advantage of our emotions. It also tends to spread farther and more rapidly during times of change and uncertainty. When people have questions and there are gaps in information, the disinformers (those who profit from lies), take advantage, “magically” putting forth what appear often to be simple answers or solutions. Here are some tips to protect yourself from falling for or sharing false or alarmist content as the U.S. transitions into a second Donald Trump presidency.

Insights into Journalism and Advice for Student Reporters Heading into 2025, from ICFJ Knight Fellows

As we kickstart 2025, we asked our ICFJ Knight Fellows about their outlooks for the new year, and what challenges and/or opportunities they’re preparing to face head on. The Fellows also provided their topline advice for student and early-career journalists to succeed in today’s news industry.

ICFJ Announces Its Inaugural Cohort of Boost Reporting Fellows

Journalists from Gambia, Bangladesh and Ecuador will pursue reporting on climate-related issues with support from ICFJ’s Boost Reporting Grants.