We’ve all heard the names before – WhatsApp, Viber, Telegram, Wire, Signal, Allo… with so many cyberattacks in the news recently, people have begun to rely on encrypted messaging apps to protect their privacy from potential hackers. These services secure end-to-end connections using varying tactics and levels of encryption – you may find yourself questioning what any of that means. How do you encrypt your messages? Can anyone do it? What is being protected when you use an encrypted messaging system? If encrypted messaging is so great, why isn’t everyone using encrypted messages? It sure could put an end to all the celebrity phone hacks and government information leaks… Here’s what you should know about encryption, and find the answers to all your questions.
When people encrypt their communications, it means that only the sender and the recipient can see one another’s messages. While the message is in transit, it cannot be decoded or unraveled by outsiders or the maker of the application, which allows for privacy and security. Some apps do this by protecting individual messages sent to and from the device, some have encryption built in, and others offer a “secret” mode that can be switched on and off. Certain apps, namely Wire and Signal, encrypt messages by design. By installing and signing into the app, all communications are automatically encrypted.
People use encryption for all kinds of communication – for a long time, these apps could only offer encryption for text-based chat, but introducing encrypted calls has been natural next-step and layer of protection in today’s digital world. Encrypted calls would be highly valuable, with the ability to thwart any snooping. However, developing the technology to create such protection for voice calls has proven difficult for programmers.
One of the main challenges that developers face is mastering internet-based calls, which still are not the most reliable way to communicate. Wi-Fi or Ethernet connections are the most stable, but many people still use cellular data to make VoIP (or Voice Over Internet Protocol) calls. In 2014, Signal, one of the many platforms offering encrypted communication, began to offer encrypted calling despite the complications with dropped calls and connection reliability, as did Wire. When WhatsApp introduced encrypted calls and video chat to their one billion users in 2016, other secure messaging apps finally began to pick up the pace and develop secure calling services of their own.
So, now that both encrypted texting services and encrypted calling services have been developed, it seems like all of our calls and texts should be secured by encryption, no questions asked. However, there are many factors slowing down adoption among potential users, one of the main reasons being that both parties must be using the same system for end-to-end encryption to function. Think about it this way – you may find an app that you love to use, but it might be difficult to convince all your friends and family to go through the steps to downloading and using the new app regularly. Everyone has their preferences, and getting everyone in your life to be on the same page can be difficult. Now, expand that to everyone in their lives – and so on, and so forth.
The resolution to this particular problem would be to fully open source these encryption products, so that people can communicate securely within different interfaces and applications. Developers can implement this by making all end-to-end encryption protocols the same, so they could speak to each other cross-product. While some small companies have adopted the Open Secure Telphony Network, or “OTSN,” many of the larger names in encryption – like Skype, Google, and Apple – have decided to brave the world of secure communication on their own, and forego open sourcing (much to the chagrin of people who need complete and total security). The potential security flaws with open-source code can be reason enough for these larger companies to privatize their communications, which defeats the whole purpose. Until developers find the right solution, what’s the best way to keep your private communications safe?
- Avoid Risky Wi-Fi. Don’t trust unsecured Wi-Fi networks when sending personal information. While it’s great in theory that Wi-Fi is almost always readily available, those unsecured networks are an easy target for hackers to gain access to hundreds of personal devices. If you send personal information over an open network, you don’t know who could be spying on your device – or who could be sharing your data.
- Keep Your Secrets to Yourself. Generally, it’s a good idea to keep any super sensitive data off mobile devices and messaging apps. Besides not knowing who might be spying on your phone, devices can get lost or stolen, and physically broken into. There are many ways your data can be stolen from a phone, but if you never keep it there in the first place, you’re much more likely to keep it secure.
- Security Software Goes a Long Way. I highly recommend trusting a security software to have your back as a last resort. McAfee Mobile Security, which is free for Android and iOS, will warn you if you’re about to connect to an unsecured Wi-Fi network. That way, you’ll be more cautious if you are about to send any personal information over your phone.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.