Good news: Most messaging apps are secure

With the Covid-19 pandemic forcing many countries to go into lockdown, people are having to talk to their friends and family or customers online rather than in person. The good news: Most messenger apps are secure, but be careful with Facebook Messenger and Telegram – they’re not secure by default.


There are lots of messaging and video apps that allow to communicate with friends, family members or customes onlines, but not all apps are safe. This is especially true with the recent news of large-scale hacking and vulnerabilities in popular software. For that reason, the Investigation team analyzed the 13 most popular and less-popular messaging apps to check their security.

11 of 13 checked messagenger apps are safe

Luckily the security researcher got some good news: 86% of the apps (11 of 13) we looked at were secure by default. Only two apps – Telegram and Facebook Messenger – did not have end-to-end encryption enabled by default.  Bernard Meyer, Senior Researcher at told us:

“End-to-end encryption is one of the most important things you’d want from a secure messaging app this Christmas, as well as the type of encryption used. We found that these apps used some of the most secure encryption algorithms available. These both are crucial because the encryption turns your clear messages and media files into a jumbled mess. Making it end-to-end encrypted means that it’s encrypted from your device and decrypted on the other person’s device, so that not even the messaging service can see what you’ve sent. If it was intercepted by an attacker, it would be impossible for them to read your messages. Therefore, if the messaging platform doesn’t encrypt it by default, or use good encryption, then an attacker would be able to read or alter your messages. This is really important, because this Christmas will be unique for many people in unfortunate ways. Because they’ll only be able to communicate by using messaging apps, it’s important that they don’t forget about their security as cybercriminals are actively exploiting vulnerabilities to steal personal and financial data. So be sure to stay safe online this holiday season.“

The research looked at the following messaging apps:

  • Signal 
  • Wickr Me
  • Messenger
  • WhatsApp
  • Telegram
  • Wire
  • Viber
  • Cyber Dust
  • iMessage
  • Pryvate
  • Qtox
  • Session
  • Briar

CyberNews also found that most of the apps used variations of RSA and AES for encryption and key hashes – which are some of the most secure encryption algorithms available today. With this kind of encryption, it would be extremely difficult for a cybercriminal to see your private messages, pictures, video or calls, even after they’ve intercepted the traffic.

Basically, what this means is that people are safe to talk to their families using their favorite programs (listed above). The only caveat is this: if you’re using Facebook Messenger or Telegram, you should turn on these privacy and security settings.


Unfortunately, you’ll have to do this on a conversation-by-conversation basis in Messenger. To turn on encryption, hit the “i” button in the top right corner of any active conversation, and then select “Go to Secret Conversation.” A new end-to-end encrypted conversation will be created. But, of course, you’ll have to do this for each new or existing conversation. 

This is similar in Telegram. On iOS, simply open the profile of the user you want to contact. Tap on ‘…’, then “Start Secret Chat.” For Android, you should swipe right to open the menu, then select “New secret chat.”  This offers not only great for security – also for privacy, seeing as even Facebook and Telegram can’t read end-to-end encrypted conversations.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Software and tagged . Bookmark the permalink.

1 Response to Good news: Most messaging apps are secure

  1. Wil Ballerstedt says:

    End-to-end encryption is what’s matters to be secure? Server locations? Nope? 😕

Leave a Reply

Your email address will not be published. Required fields are marked *