EFF tests mass-market messaging apps: The most (and least) secure ones are...

Apple's iMessage and FaceTime have been found to be the most secure mass-market messaging apps, according to a scorecard released by the Electronic Frontier Foundation (EFF).

After conducting a study of nearly three dozen messaging apps, EFF has concluded that Apple's messaging apps edged out all the other products by other major technology companies, including Google Chat and Hangouts, Microsoft's Skype, Facebook Messenger, Snapchat and WhatsApp.

The scorecard evaluates 39 messaging apps on seven criteria: encryption in transit, end-to-end encryption, ability to verify a contact's identity, security of past communications in case the password is stolen, independently reviewed code, properly documented security design and also audited code.

Apple passed all but two of these criteria, says the EFF, because iMessage and FaceTime do not have certificates for verifying the authenticity of users' messages or that of their contacts' identities, and also because Apple's code remains closed off from independent review. Still, iMessage and FaceTime are better than most of the popular messaging platforms, which performed rather poorly in EFF's scorecard despite companies' claims that they are working to improve security.

Google Chat and Hangouts and Facebook Messenger only received two check marks from EFF for encrypting messages while they are being sent from sender to receiver and opening their code for auditing by an independent security firm. However, both apps failed in all other criteria, which means Google and Facebook can still access users' private messages if they want to. Snapchat and Facebook-owned WhatsApp also received the same checks.

Skype, on the other hand, also scored only two check marks, one for encryption in transit and another for end-to-end encryption. Microsoft does not have access to users' messages but fails in all other criteria.

Even BlackBerry Messenger, which touts itself as more secure than other platforms, performed poorly, scoring only one check for encrypting messages in transit and failing to meet the other criteria. BlackBerry Protected performed slightly better with three checks for in-transit encryption, end-to-end encryption and a properly documented security design.

Not surprisingly, less popular apps that were designed for the security-minded received the highest grades from the EFF. Apps such as ChatSecure, CryptoCat, SilentPhone, SilentText and TextSecure all received checks on all seven criteria, though, unfortunately, their perfect scores are not likely to help them push ahead of the more popular but less secure apps.

Two non-U.S. apps scored zero on all fronts. The first one is Mxit, a popular app based in South Africa, and QQ, which is actually one of the biggest messaging apps in the world with nearly 1 billion users in China. Both apps received zero checks as both do not even bother to provide encryption for messages in transit.

EFF says grading the apps on the scorecard is only the first phase of a campaign for more secure messaging platforms; it will take a closer look at the highest scorers in later phases.

Joseph Bonneau, web security researcher at Princeton University, points out that the apps are graded simply on their ability to follow industry best practices, not on the actual security of the apps.

"It's important to realize we're mostly grading for effort here and not execution," Bonneau says. "We're still a long way from being able to state with confidence how much security apps are actually delivering."

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics