Secure Messaging Apps for Smart Phones

11

Data transmitted through smartphones from the regular text message applications are %100 insecure. All transmitted data can be read by your provider, their third parties, and a number of other agencies you don’t want reading your personal messages. With a number of new encrypted chat applications arising since Snowden revelations and Facebook buying Whatsapp, its time to provide a list of truly secure smartphone messengers. Below is a list of secure instant messaging applications for your smartphone that you can trust. All providers listed will have built in encryption, and various other privacy enhancing features.

1. Telegram: Telegram is an instant messaging application for both iPhone and Android to securely communicate back and forth. Telegram provides end-to-end encryption meaning all messages sent and received through the application are fully encrypted, and no third party can read or harvest data from your messages. Telegram even has a ‘Secure Chat’ feature which allows for an untimed secure chat that will self destruct all messages by default. If you prefer, Telegram has no limit on how large chat logs are, so you can save chats, messages, and all sorts of data on their servers for any amount of time. You can also send messages, photos, videos and files of any type (doc, zip, mp3, etc). “We support two layers of secure encryption (server-client and client-client). Our encryption is based on 256-bit symmetric AES encryption, RSA 2048 encryption and Diffie–Hellman secure key exchange.” – Website FAQ. The application is free for both platforms and is an open source project, meaning anyone can check, review, or add to the code.

2. Surespot: Surespot an another secure instant messaging application that offers “exceptional end-to-end encryption for every text, image and voice message” transmitted through the service. SureSpot is another free and open source application that can be used on both platforms. SureSpot does offer less flexibility not allowing documents to be sent through the service, but in turn allows voice messages right from the UI. SureSpot encrypted messenger uses “256 bit AES-GCM encryption using keys created with 521 bit ECDH”, that only the senders and receivers can decrypt. SureSpot is free on both devices.

3. Threema: Threema is another secure messaging application that allows for secure messaging with end-to-end encryption. Threema is a bit more restricted in it can only send text, photos, videos and your current GPS location. Threema uses: “asymmetric ECC based encryption used by Threema has a strength of 255 bits.” The application can be used on both platforms, iPhone and Android, but is a paid application for both systems.

4. CyberDust: CyberDust is a bit of a newer privacy concept. While using industry standard encryption, CyberDust takes a different approach offering only self destructing messaging software. CyberDust allows users to send messages back and forth to each other through the application. Once a message is sent, the receiver can only view that message for 30 seconds before the message self destructs and is %100 erased from the users phone and server. CyberDust does allow pictures and text to be sent. CyberDust will notify any parties inside the chat if a receiver takes a snapshot of the chat or anything similar. CyberDust is %100 free, and is currently only for iPhone users.

5. TextSecure: Textsecure is an application that allows for secure end-to-end encrypted messaging. TextSecure is an open source project built by WhisperSystems. Textsecure uses “Curve25519, AES-256, and HMAC-SHA256” encryption throughout the application. Messages are transmitted using AES-256 encryption. TextSecure is a free and open source application. TextSecure is only for Android phones.

6. Silent Text: Silent Text is another end-to-end encrypted messenger. Silent Text is built by Silent Circle, one of the leading providers in encrypted communications. Silent Text allows users to send text, image, voice messages, map locations, self destructing messages, and file transfers up to 100MB in size (Word, PDF, Excel, PowerPoint, Keynote, Pages, Google Docs – any file.) Silent Text is a paid subscription service for both iPhone and Android devices.

Secure messaging apps are becoming more prevalent as more NSA revelations come to light, and corporations buy out others. Whatsapp, the once somewhat secure messaging application, was recently bought by Facebook, making the application %100 insecure allowing Facebook to see every piece of data transmitted through the application. Encrypted communications can be vital for sending sensitive information through data lines. Text messages can contain personal information you don’t want others reading, or sensitive credentials begin passed through them. Secure messaging for smart phones will start to become more prevalent as the NSA is tapping into every major data line the US and is gaining unauthorized control overseas.

About Author

Brandon Stosh is the founder and CEO of www.freedomhacker.net. Stosh is a cyber security researcher and professional consultant who strives to provide reliable news on cyber-security based topics.

11 Comments

  1. random hero on

    Brandon

    Thanks a lot for the list. Im currently using Surespot as it is open source and it does not ask for your phone number , email, name or any other stuff like other messengers ask. I would like to know your general recommendations from the list as well

    • Awesome, glad you like the list. I don’t use any of these currently, but have in the past. I would personally recommend Telegram, and Silent Text. I would use Silent Text for more business oriented services, as both parties have to use it and its built for high end intensive business based usage.

      But for regular use or to talk to others, I would use Telegram. Mostly because they have no cap on how large conversations are, you can send various document types right through the phone, and its compatible on both devices. Surespot sounds great, but Telegram has a bit more flexibility on what it can do in total. I also like their secure chat feature, where you can have self destructing messages.

      But all apps listed I would feel safe using, those are just my top two. Silent Text for business based services, and Telegram for average everyday use.

  2. random hero on

    Thanks for your analysis Brandon. You should definitely try SureSpot. While the UI doesnt appear to be very appealing, still I like the idea that its completely open source as opposed to Telegram, you sign up with your username with no requirements for name, email phone number etc. Im currently using it with some of my friends and the app never failed me so far. The push notifications also work seamlessly. I have contacted their support and recommended adding a more modern design for the app with delivery notifications and they said they are considering such features in future updates. Once again thank you and please don forget to see my comment in the list of secure emails section!

    • I will take a look into it. Telegram does require some more info, but the flexibility is what does it for me. I always enjoy more features, than less. But whatever suites your needs, is really only what you need. Telegram has an open API, and is open source too. Either way, both are great. As long as your using end-to-end encryption, secure messaging is good to go. Also, taking a look at the Q right now. Didn’t have time to reply yesterday.
      Regards.

  3. secure communication is becoming more and more important, i just cannot go with any service that uses your phone number (the easiest way of locating and tracking you) as a login id..
    it just will not matter how secure your message is, if they can track who is sending to who.

    • Yes secure communications is essential, but if you need such a high layer of anonymity on your smartphone, you can’t get anywhere near that even owning a smartphone. The idea behind the apps is they keys are on your phone and in your hands. Most if not all of these infrastructures offer end-to-end encryption. If the developers even tried to read your messages, they would have absolutely not way to. The idea of the applications is to offer secure encrypted communications that do not go through the phone providers that also feed into the NSA.

      When you say you use your phone number as a login, that doesn’t affect the service in any way. The developers cannot see who is sending messages, the NSA does not know who is sending messages, that is simply the authentication method. They cannot track who is sending messages based on a form of authentication or login. If your really worried, your best bet would be to dump the smartphone overall.

  4. This article was garbage. It didn’t talk about the significant problems with the first three apps and only gave a cursory nod to textsecure. This is a far better review by a John Hopkins cryptography professor, http://blog.cryptographyengineering.com/2013/03/here-come-encryption-apps.html

    Telegram has broken cryptography, doesn’t use encryption by default, and has closed source server side software. http://thoughtcrime.org/blog/telegram-crypto-challenge/

    Threema is closed source so you can’t tell what they are doing. Their is probably backdoored.

    Surespot is pretty good. Though it lacks perfect forward secrecy. What that means is that if the NSA or a hacker gets your secret keys they can likely decode all your messages for all time.

    Textsecure is awesome but it isn’t available on iOS yet :( It is open source, no harder to use than a normal texting app, and has the best security features of any texting app I have seen.

    Silent circle costs money so you won’t be able to get many people on it.

    • Hi thanks for the comment.

      I understand you concern, and I do have to say those articles are great. I am not cryptography expert, and the applications listed have a long list of users, and appear to be stable. I still would personally use Telegram, I would assume it is all fixed now. They have a bounty program, and it doesn’t seem anyone has broken it, so I would still trust it. I dont agree its broken. Don’t count me on that, just noting.

      I did note Threema is closed source, but its still an end-to-end encrypted chat. So it is worth noting, I give a list of open source and non open source, so you can’t really argue there.

      Can agree on surespot.

      TextSecure is only available on Android, and a large amount of people use Apple products, so I can’t recommend it quite as much. Yes its built by Moxie and Whispersystems, its one if not the best app. Just not compatible with multiple devices, which is why its farther down.

      Silent Circle is the best of them all, and yes it does cost money. Silent Circle is built for business and high profile security. You can either use the free above apps, or Silent Circle to solve all issues.

    • Seems to be a paid application to get a bundle of the features, not sure about it. Never heard of it, but if I were going to pay for a secure smartphone messenger, I would stick with SilentText. For free, I would stick with Telegram.

  5. I have to got to agree with Brandon here. I have used almost every secure app on the market but never found an app more reliable than Telegram. All of the apps on the market now are nothing but trash and have critical limitations

    1. Surespot is open source but has no delivery or read notifications and hasnt been updated in ages

    2. Text secure: Same as surespot but more commonly used

    3. Chadder: piece of crap and so buggy. Closed source

    4. Cyber Dust: Although it has some good notifications system still not all users want their messages deleted after 30 seconds do they?! if you close your chat window your messages are lost

    5. Wiper: A failed Telegram clone. App is still very buggy

    6. Wicker: Closed source and its notification system is a huge fail

    7. Hemlis: Has been in development for a year. God knows when they will release the app

    8. MyEnigma: A failed whatsapp clone

    9. MyThreema and SilentCircle: Havent used either and I dont think you will be able to get your contacts to use them since they are paid

Leave A Reply

Send this to friend