When it comes to secure messaging, there are traditionally a few names that come to mind: Telegram, Whatsapp, Signal, etc. These apps have built a reputation around strong encryption, which they market heavily to consumers in the form of “secure messaging.” Millions of users for their part trust these apps to ensure that their communication doesn’t fall into the wrong hands.
However, with growing privacy concerns stemming from government spying overreach and ever-more sophisticated hackers, and recent well-publicized breaches, consumers are taking a hard look at the security of their preferred messaging apps. Even the most widely well-regarded secure apps are now being looked at to see whether there aren’t previously unknown vulnerabilities.
Security Breach in the News
The news of a massive Whatsapp hack that broke last month has raised serious concerns over the actual security of messaging apps. While Whatsapp was quick to identify and react to the threat, releasing an update that addresses the vulnerability, an as yet unknown number of its estimated 1.5 billion global users were affected.
The threat in the case of Whatsapp didn’t stem from someone cracking its encryption, a feature that remains solid, but rather through application development: a vulnerability in the app allowed malware to be introduced. This highlights one of the main challenges to messaging apps that market themselves as secure- not only securing messages from prying eyes through encryption, but also developing an overall secure app.
News such as this breach acts to remind users of the potential dangers of any messaging app. In the current short news cycle, it’s easy to fall into complacency, until the next story comes along and reminds users of the very real cybersecurity threats that exist. In short, if what is considered by many to be one of the most secure apps can be so vulnerable, then are any messaging apps actually safe?
The Main Challenge to Secure Messaging
The Whatsapp news certainly demonstrates that even the most secure apps aren’t perfect, and that users should never have complete trust in any service. While an encrypted messaging app is still users best bet for secure communication, it’s important to be aware of the potential vulnerabilities every app comes with.
As Whatsapp demonstrated, threats to secure messaging apps mainly come not from breaking the apps’ encryption, but rather finding backdoors into the app itself. In other words, the threat to secure messaging apps most often stems from the constant updates and changes that services make to their products.
The fact that most apps are constantly updated is a double-edged sword. On the one hand updates provide improvements to the service and address issues as they arise, but on the other hand updates also could increase the number of vulnerabilities. This means that app developers have a large responsibility to ensure that any changes to the app are secure.
What Can Users Do?
While there is certainly cause for alarm whenever any breach on the scale of the Whatsapp hack in May happens, it’s important to put things into perspective. It’s all too easy to panic and vow to delete all messaging apps, social media accounts, etc., but for most people, this is an unrealistic and counterproductive approach.
So what can users do in order to stay safe? First and foremost, ensure that apps are updated regularly. Even though, as mentioned, updates could present vulnerabilities, they are also crucial to addressing threats. Luckily most breaches are detected relatively quickly (although unfortunately not quickly enough to prevent serious damage) and services are quick to respond with security updates.
Staying abreast of the latest cybersecurity news of their preferred service can also help users react quickly when necessary. Unfortunately for users, however, the majority of the responsibility for securing messaging apps lies with the developers themselves.
There is little users can do apart from making an informed choice, and staying on top of any security updates to apps and operating systems. Users should also exercise a healthy amount of skepticism for any app that claims to be invulnerable, because it might turn out to not be all it’s cracked up to be.
