Disclosure: Privacy Australia is community-supported. We may earn a commission when you buy a VPN through one of our links. Learn more.
Most Secure Messaging Apps in 2021
In the modern world of common and complex technology, pretty much everything we do is logged. Whether it’s your phone or the social media platform you use, they can track your location, what you’re doing, who you’re talking to, what type of device you have, what your connection is like, and really pretty much anything that can be logged digitally. In fact, it’s gotten so bad that even the EU had to step in and institute General Data Protection Regulation (GDPR).
As such, we’re all scrambling to protect our information online, with any privacy tools that we can. While that takes up a whole article, in this one we want to look at how to protect your communications online, and more specifically what are some of the better messaging apps when it comes to security and privacy. We’ll also cover some of the most common apps near the end, just to give you an idea of their quality in terms of security.
Signal is at the top of this list for a very good reason: It’s easily one of the most secure messaging apps and has very few, if any weaknesses.
The reason for that is it’s guiding philosophy and building blocks that relied heavily on messaging security.
Probably the biggest positive in terms of security is that Signal uses end-to-end encryption by default, which is not something you tend to find on all apps.
On top of that it uses several security protocols such as X3DH, the Double Ratchet algorithm and AES-256. What that all means is that you basically have high-levels of security pretty much across the board.
Aside from that Signal has a bunch of great features that can help you keep your identity and privacy safe. These features include face blurring for images, disappearing messages, device verification and even encrypted video calling. Most importantly, the company has a no-log policy, so even if they get a subpoena request, there’s really not much they can hand over, since they have nothing saved or stored.
Free and Open Source
Of course, all this means nothing if their features and security protocols can’t be independently verified, which is why the app is completely free and open source under the GPLv3 license. They’re also really great with staying on top of bugs and vulnerabilities, fixing them quickly as they come up. The best is that the whole thing is run by a non-profit organization, so there’s no ads, there’s no fees, and the org doesn’t have any need or motivation to weaken user’s privacy.
All that being said, Signal does have two main issues which can be a bit annoying. Firstly, there’s no 2FA authentication, which is surprising for an application that puts so much emphasis on security.
Secondly, you do require a phone number to sign up, which can be a problem if the phone number identifies you like in most places, since ‘burner SIMs’ are not that big everywhere. Thankfully, the organization is trying to work around that issue by looking into using profile PINs around which a potential profile can be built around.
The only really big other downside is that Signal doesn’t have as large a user base as something like whatsapp, although that’s not necessarily a problem. If you need to have a secure conversation with somebody, you can always ask them to download and install it, since it’s completely free. The lower user base only really affects the chances of you finding lots of other people who use it right off the bat.
So, given all that, should you use Signal? Absolutely! In fact, everybody from the EU Commision to Edward Snowden uses Signal as their secure messaging App. So if it’s good enough for them, then it’s certainly good enough for you.
- Open-Sources app and servers
- No-log policy and minimal data storage
- Self-destruct messages
- Default end-to-end encryption
- No two factor authentication
- Requires phone number to use
If your issue is the number of people who are using Signal and want something that is slightly more popular, Telegram is a good alternative.
Much like Signal, it has self-destructing messages, as well as the ability to delete messages for yourself and all the recipients.
Similarly, the Telegram application (not the servers) are open-source for people to check up on them. Unlike Signal though, it does offer two factor authentication, which is a big positive.
The positive differences end there though and there are some somewhat annoying aspects of Telegram. For example, end-to-end encryption is only for their ‘secret chat’ mode, and isn’t the default, and therefore any messages you send are saved on their servers. Similarly, Telegram has created its own security protocol called MTProtocol that isn’t open-source, so expert can’t verify the quality of their encryption.
Find Bugs in Their Software and Get Paid
That being said, Telegram does actually have a cracking contest wherein you can win up to $300,000 for finding vulnerabilities in their software. So they must feel pretty secure in their protocol if they’re willing to put up that much. They also have a sort of self-destruct for the whole account, not just for messages, video and audio sent, so if you want your whole account to be destroyed after a certain period of inactivity (which is set at 6-months by default), you can.
Another thing that we can appreciate about telegram is that it’s supported on most platforms, including desktop ones, unlike Signal and some other secure messaging apps. You also get a remote logout feature for those, in case you think one of the devices you use it on has been compromised. So all in all, in terms of practically it’s pretty great.
I’ll also mention before closing this off, that Telegram sort of told the Russian Government to shove it when they asked for encryption keys. This has resulted in Telegram being banned in Russia, which is pretty telling on all counts.
So ultimately how does this compare to Signal? Well, it’s not as secure, but it is much more practical and common, so if you’re not too worried about security and just want a generally more secure messaging app, then Telegram is a great alternative.
- Self-Destructing messages
- Open-Source app
- Has two factor authentication
- End-to-end encryption not enabled by default
- Logs IP
- Requires phone number to use
If you’re looking for a truly anonymous secure messaging app, you don’t have to look further than Wickr. Not only that, but it actually provides two different services, one for personal and one for business use.
First though, let’s talk about the security of the app itself.
With end-to-end encryption on by default, you don’t need to worry about the company reading your messages which is great. On top of that, not only does Wickr have self-destructing messages, but they also support a shredding feature which basically deletes anything related with your account.
They even have a couple of extra features such as third-party keyboard blocking, screenshot protections and overlay screen protections, all of which can really help keep your phone incredibly secure.
You Can Use it Anonymously
The biggest plus of Wickr though, is that the app can be used completely anonymously if you wish to do so, at least for the personal/free version. You don’t need an e-mail or a phone number and since they don’t log any other forms of metadata such as GPS or IP, it really is the most anonymous out of all the apps on here.
As mentioned earlier, there are really two forms of Wickr; Wickr Me and Wickr Pro. Wickr Me gives you the complete basics and is completely free. As such, you’re only getting one-on-one conversation, and minimal features of that nature, although you still get all the security and privacy.
Wickr Pro on the other hand is created for business, and is really the only app on the list that actually has this functionality designed into it. There are even 4 different tiers, starting at nothing a month on the basic and going up to $25 per user per month on the platinum plan. As you go up in price you get more features, such as larger file transfers, better storage, controls for 2FA and password complexity, even 24/7 response at the top tier.
Another thing they’ve started providing is Wickr Open Access, which is a sort of VPN. It’s not like ExpressVPN or NordVPN, it’s more of an Wickr Pro network to keep people connected regardless of any attempts to block that connection.
As for their encryption protocols, there’s the Wickr Crypto-protocol on Github, so anybody can view it. Unfortunately the app and server software are not open source, which is one ding there, but not necessarily a deal breaker.
So, should you use it? Well, absolutely, especially if you’re a top-level manager and are looking for a secure messaging app to keep your company information safe. Of course, if you’re just looking for a personal solution, it’s also pretty good for that, especially if you want something that keeps you completely anonymous.
- Anonymous sign-up
- No-Log policy
- Supports two factor authentication
- End-to-end encryption on by default
- No change of fingerprint verification
- Not completely open-source
Another alternative to Wickr which also has both a personal and professional version is Wire, and it hits a lot of the same points, which is great if you want an alternative.
Wire personal, usually just referred to as Wire or Wire messenger, is probably the one you’re going to be most interested in, and supports all the privacy features you’d expect. End-to-end encryption is on by default, which is excellent, and it also supports two-factor-authentication.
One big plus is that both the apps and the servers are open source, so there’s a lot of transparency there, along with the transparency reports that Wire themselves provide.
On top of that there are some more practical security features, such as encryption verification and a PIN-lock to keep prying eyes out. Wire also has self-destructing messages, and at this point no self-respecting secure messaging app is going to go without it.
They Log IPs and People
Unfortunately the wire isn’t perfect, since it requires a lot of personal data to sign up. Similarly, they do log IPs as well as the people you’re talking to. In general there’s quite a bit of metadata logging with Wire.
If it’s the business side you’re more interested in, Wire has two option with Wire Pro and Wire Ent. They’re both pretty good and much lower priced than Wickr; Pro is $5.83/user/month and Ent is $9.5/user/month. You obviously don’t get as many features as you would with the more expensive Wickr options, but it’s a great solution if you have a small to medium business and need some form of secure messaging.
- End-to-end encryption by default
- Two factor authentication supported
- Apps and servers are open source
- Provides transparency reports
- Logs IP
- Isn’t anonymous since it requires email, phone number and username to sign up
You’ve probably heard of this one, and you’re probably thinking that it’s a joke putting this on here, but hear us out.
One big positive of using whatsapp is that an absolutely massive amount of people have it (Supposedly 1.5billion people). This means that you don’t have to scramble to get people to download, verify and use a specific app for your secure messaging.
On top of that, the app is incredibly user-friendly and has a lot of common stuff you’ll find in social media platforms, such as stickers, emojis, voice messaging, phone calls, and group chats. Even better, it recently started allowing users to delete messages not only for themselves but also for other people in the chat.
Not only that, but Whatsapp also recently implemented end-to-end encryption as a default, so even if your phone does experience a man in the middle attack, they won’t be able to read your messages. Whatsapp has a way to verify that the encryption is actively working which is really useful for those who worry about that.
You can even set up two factor authentication that requires a PIN to verify your number on new devices. Finally, messages are not stored on Whatsapp servers beyond the time it takes the message to reach from the sender to the recipient, or in the event that the message can’t get sent it’s archived for 30 days then deleted.
So now we have the good stuff out of the way, it’s probably a good time to talk about addressing the bad stuff.
Being Owned by Facebook Raises Some Concerns
For starters, Whatsapp is owned by Facebook, and while they pinky promise that they won’t violate user’s privacy and read their messages . . . well it’s Facebook and you never know. For example, they did say that they would be sharing meta data with Facebook, supposedly for ad-targeting purposes. This of course opens up a whole can of worms, considering the generally predatory behaviour Facebook has when it comes to gathering user data for marketing purposes, and it’s not like they’re always 100% transparent either.
The other issue is that Whatsapp uses unencrypted backups, and while this issue has somewhat been mitigated for iOS users when Whatsapp added encryption to iCloud, it’s still an issue for Android users. In fact, if you’re using Google Drive for backups, you might have to disable the feature altogether if you’re worried about the safety of your messages, which is a pain and very inconvenient.
So, should you use Whatsapp? Well, you could, but it’s not advised. You’re better off using the other secure messaging apps on this list and saving Whatsapp for the circumstances where you can’t get the other person to install the other apps. Even then, make sure to verify the encryption and switch off Google Drive back-ups, especially because the latter can be a big security risk on Android
- End-to-end encryption by default
- 1.5 billion users
- Encryption verification
- Owned by Facebook
6. Apple iMessage
The Apple alternative to Whatsapp, it pretty much has the same positives and downsides like it’s Android equivalent.
For starters, it has end-to-end encryption, as well as encrypted iCloud storage. Unfortunately, Apple does have access to those keys, so if they get subpoenaed or feel the need to access that info, they can easily do so.
That being said, Tim Cook, the CEO of Apple, does put a lot of emphasis on their user’s privacy, so it’s a bit of a mixed bag in terms of what to expect. Also, messages are only stored on Apple’s servers for 7 days before being deleted, so that’s something at least.
Widely Used App
Of course, another big positive is that a LOT of people use iMessage, probably the same amount of people who have Apple devices. Since it’s such a popular app, it has all the features you’d expect such as video messages, emojis and just generally a more user-friendly interface. Interestingly, iMessage doesn’t only have self-destructing messages based on length of time, but also no view count, which isn’t something very common yet still pretty smart.
So is iMessage worth using? I guess as much as Whatsapp is worth using. The vulnerabilities remain the same, and really the only big positive is the practically of a user-friendly interface and finding people who likely already have it. Basically, it’s better than just sending SMS’.
- End-to-End encryption
- Self-destructing messages
- Only available on Apple devices
- Encryption keys available to Apple
Keeping your data and information secure online is very, very important, because there are prying eyes everywhere. While this shouldn’t be an issue with most people, for those who are dealing with sensitive information, it can be a big problem. Make sure to check out some of our other privacy suggestions such as the most secure emails and most secure browsers.