Pinterest Stumbleupon Whatsapp
Ads by Google

Don’t fancy your messages being read by unwanted parties? Get a secure messaging app and worry no more. There’s a good chance you’re already using something to replace SMS – be it WhatsApp, Google Hangouts or Twitter’s direct messages – but security is a notoriously grey area for these services.

Today we’re taking a look the best choices on the App Store for reliable, secure messaging. Each of these apps has been designed with security before everything else, which should make them pretty trustworthy.

What About iMessage?

The security of Apple’s own iMessage system is often the topic of discussion among skeptics and concerned users alike. In October of last year QuarksLab posted details of two vulnerabilities it had found with Apple’s iMessage. The report claimed that the retrieval of messages is possible in a scenario where the attacker has access to both sets of encryption keys, while impersonating Apple’s servers and intercepting correspondence.

This is a highly unlikely scenario in the wild, though it is certainly possible under more controlled conditions. QuarksLab reiterated the “strong requirements” required on multiple occasions. The other attack involves Apple being able to intercept and decrypt messages, simply because it was Apple who implemented and maintains the systems that power the service.

Apple technically has all the bits it needs to put together to be able to intercept messages too, though the company has stated that the iMessage system has not been built in such a manner to facilitate this kind of attack. We’ve only got Apple’s word, but it’s fair to say that the company stands to lose more than trust (think customers and lawsuits) if they are found to be lying.

Ads by Google

So is iMessage secure? Yes, and it’s perfectly adequate for most users’ requirements. And if you’re really worried that your plans for global domination are too sensitive for an instant message – don’t talk about it over IM.

Silent Text (Subscription-based)

Silent Text, from the security-minded Silent Circle, was one of the first services of its kind to spring up in October 2012, long before the NSA and Prism revelations of last year. The service comes as part of a secure phone and text messaging system which requires a subscription in order to use. You can get Silent Text and Silent Phone together for $9.99 per month, and for an additional fee you can even call non-Silent Phone numbers, securely.

Both apps use end-to-end encryption, the keys for which Silent Circle claims only subscribers have access to. Like many apps of this type, Silent Text has a “Burn” feature which allows you to stipulate how long your message lasts before being destroyed. The apps are also available for Android, perfect for cross-platform messaging.

Silent Circle used to offer Silent Mail, but the service was discontinued last year after US security services sought unfettered access to everyone’s personal information Why Email Can't Be Protected From Government Surveillance Why Email Can't Be Protected From Government Surveillance “If you knew what I know about email, you might not use it either,” said the owner of secure email service Lavabit as he recently shut it down. "There is no way to do encrypted... Read More .

Confide (Free)

A completely free service, Confide is designed to take everyday conversations off the record by deleting them once they have happened. It’s the Snapchat approach to messaging, with a few security-conscious tweaks like end-to-end encryption (as per Silenct Circle, Confide claim they can’t read your messages either).

The app uses a slick interface but lacks one important measure at present – a passcode. Unique swiping gestures prevent messages from being captured by a screenshot in their entirety, making this a very clever little app indeed. Confide is currently only available to iPhone users.

Wickr (Free)

Boasting “military-grade encryption”, Wickr offers some serious control over who can read your messages. Self-destructing messages are the order of the day here, and Wickr allows you to set the duration for which your message is available, as well as a whitelist of recipients who can see it.

Each message gets its own unique AES 256-bit encryption key, and the app doesn’t need any personal information from you – making it both privacy and security conscious. Wickr is also available for Android, a great choice for cross-platform requirements.

Threema ($1.99)

Threema is a secure messaging service that claims to offer “true” end-to-end encryption. The app isn’t anonymous, and instead requires an email or phone number as a form of identification. Public encryption keys are pulled from the server during setup, but Threema’s trick involves verifying who you are talking to.

It’s possible to “verify” keys by meeting in person and using Threema to scan a QR code with your associate’s ID and public key, which will upgrade that contact’s verification level. Not ideal if you’re not meeting in person any time soon, but a novel way of doing things. Also available for Android.

ChatSecure (Free)

chatsecure

ChatSecure is a different kind of secure messaging program – one that doesn’t rely on its own protocol, but rather uses existing services. This means security is a bit of a mixed bag, though with a name like ChatSecure you’d expect a few padlocks here and there. These come in the form of support for non-standard root certificates for Jabber connections, SSL certificate pinning and a basic encrypted connection.

The app also uses Off-the-Record (OTR) encryption but you’ll need to make sure the person you’re speaking with is using a client that supports it. If you’re looking for a security-minded multi-protocol IM client for Jabber, Facebook, Google and more, this is it.

Telegram (Free)

telegram

Finally comes Telegram, an app which again makes some pretty bold claims about its security. According to their FAQ they claim to be more secure than WhatsApp or Line, but only use end-to-end encryption on certain “secret” chats.

The service is cloud-based, so message retrieval is possible from multiple devices. Telegram also reckon that the decentralised network of servers they use makes it one of the fastest messaging apps on iOS, as users connect to a nearby server that’s local to them. The app is completely free forever, with no ads, and also available on Android.

Final Words

What I said at the start of the article bears repeating: if your topic of discussion is really that sensitive, instant messages sent over the Internet might not be the best place for your chat. For most of us, iMessage provides encryption that’s “good enough” – and I don’t see why Apple would be interested in my boring chats anyway.

For everything else you should probably opt for something like Wickr for its anonymity, Confide for its clever message scrambling or ChatSecure for connecting to your own Jabber server. Let us know if you have any preferences or best practices when chatting securely from your iPhone.

  1. anna belleza
    June 19, 2015 at 3:48 am

    I'm not familiar with secure IM, but right now I installed bleep from torent and also StealthChat.
    It's simple and easy for me to use on a daily basis. I used both on my Android and iOS

  2. Manuel
    April 1, 2015 at 12:09 pm

    It's a good aricle, but your last sentence makes the whole article senseless.....
    Why are you investing that amount on time to sort out secure messengers when you write as last sentence: "I don’t see why Apple would be interested in my boring chats anyway"

    • Tim Brookes
      April 3, 2015 at 12:37 am

      I don't see how the last sentence or my own personal uses of IM should impact on the validity of these as usable solutions for those looking for a secure messenger.

      Here's a tip for you: If you're going to talk about your plans for world domination or a super secret product that's going to make you a millionaire, you'd do well not to discuss it over anything that's remotely open to intrusion!

  3. Luldo
    March 1, 2015 at 6:36 am

    "I don’t see why Apple would be interested in my boring chats anyway." screwed up the article entirely :(

    • Tim Brookes
      March 2, 2015 at 2:58 am

      I don't see how one line in a conclusion (that actually refers to using the iMessage protocol for mundane chit chat) negates any benefit within the entire article.

      These apps all do their job, but at the end of the day if your topic of discussion over IM is so sensitive that you're seriously concerned you're being spied on, don't talk about it!

  4. Bodu
    February 3, 2015 at 2:30 pm

    You only think you don't have any secrets. Activity today that seems perfectly benign could be criminalized tomorrow. And they will have you on record participating in that activity, if it suits their purposes.

  5. dragonmouth
    February 2, 2015 at 1:30 pm

    "I don’t see why Apple would be interested in my boring chats anyway."
    They do not care about the text of your boring chats, they are after the metadata. Just read Guy McDowell's articles.

    Oh, the irony of it! Users are looking to encrypt and anonymize their boring chats but the metadata gives away more info than the chats ever do.

  6. Danial Lucas
    July 3, 2014 at 12:35 pm

    You could also find pretty useful instant messaging app called nectarchat which is available in both android and ios platform. If you hate using whatsapp, it might be a great alternative for you.

    • Etta R
      July 21, 2014 at 8:13 am

      I don't think that nectarchat is not as secure as it suppose to be. I found this https://safeum.com/ and I think it will kick ass to heml.is an others.

  7. Matt Leyden
    June 23, 2014 at 7:10 pm

    For the record - Threema CAN be anonymous. It DOES NOT "require an email or phone number as a form of identification." You CAN use an email or phone number as a form of identification which helps others find you... but you are certainly not required to.

    Threema creates a user ID that's 8 random characters long which you can share with others verbally or electronically. Or, optionally and more securely, you can exchange public keys in person (by scanning eachother's User ID's in QR code format) - which makes a Man-in-the-Middle attack extremely difficult/practically impossible.

    • g33kp0w3r
      March 3, 2015 at 6:12 am

      I love that feature about Threema but if you install it on your phone you just gave away your identity. You would have to buy a separate device (with cash) and only connect it to public wifi for short periods of time in each spot and only spend cash while you are there. That's too difficult for me but am I not right?

    • Matt Leyden
      March 3, 2015 at 8:54 am

      g33kp0w3r, "...but if you install it on your phone you just gave away your identity. "

      I'm not sure what you're referring to here. Installing Threema does not prove any information to Threema.ch about your identity unless you choose to include your phone number or email as identification shortcuts. This is an option during the initialization of the app.

  8. Richard Castleberry
    March 31, 2014 at 4:47 am

    Do any of the mentioned apps (or any others) work one sided?

    In other words, only the sender needs the app, not the receiving person.

    • Tim B
      March 31, 2014 at 11:20 pm

      No, though IM+ has a multi-protocol thing going on so technically I suppose that counts. Would something like encrypted email do the trick here, using PGP or something?

  9. Bigbrother
    February 12, 2014 at 10:27 am

    You can not use the terms "IOS" and "Privacy" in one sentence without contradicting yourself. Writers and users have to learn, that commercial operating systems that come without open source code can never provide any kind of privacy. The very first step is to use open source operating systems for your open source hardware. Yes, we have to change the industry for this to happen and "consumers" should use their voice and money to make it happen.

    All this short-sighted writing about "privacy" on a commercial operating system is just a demonstration of not having thought long enough of the underlying problem.

    Besides the technical issue US citizens must solve their failed political system right now! "Secret courts" and "democracy" do not go together very well - you are already living in an Orwellian world where terms similar to "Ministry of Love" and other newspeak constructs are part of your actual reality. You can not escape this reality with an Iphone App - you have to fight in real life.

    • prometheus
      January 23, 2015 at 9:21 am

      your perspective is appreciated

Leave a Reply

Your email address will not be published. Required fields are marked *