Data protection is crucial when using the internet, and encryption is the key to keeping your
sensitive information safe. It "jumbles up" the data so only authorized users can decode it.
Even if someone intercepts your connection, they can't read the information without some
decryption key or password.
For example, your online banking details, like your username and password, are encrypted before
being sent over the internet, keeping them secure. The same goes for emails: only the recipient
with the decryption key can read your message. And when chatting on messaging apps, end-to-end
encryption ensures that only you and your friend can read your conversation.
In this article, we will highlight encrypted
communication apps in particular – and examine the role encryption plays in securing them and
protecting your data privacy.
Types of Encryption
The two basic encryption types are symmetric and asymmetric
encryption.
Symmetric encryption uses identical keys for both encryption and decryption.
Therefore, only the sender and receiver of information hold the keys, and both keys are private.
Asymmetric encryption uses a public encryption key, but the decryption key (and
thus the ability to decrypt and read the encrypted message) is only accessible by the intended
receiver.
Nowadays, asymmetric (or “public-key”) encryption is commonly used in digital signature
applications and email encryption. You can learn more about email encryption and digital
signatures here.
What Are Encrypted Chats?
Without encryption, a regular chatting app will send messages in plaintext, so anyone who
intercepts the communication can read its contents freely.
Luckily, nowadays most messaging apps use TLS/SSL encryption for data protection during the
transit between the device and the server. However, TLS does not protect the data once it is
decrypted on either the client or the server side. If the data is intercepted after decryption,
or if one of the endpoints is compromised, the data is vulnerable.
Encrypted chats, on the other hand, use encryption to ensure only the intended parties can
access the exchanged data.
One of the common encryption methods used in chats is end-to-end encryption (E2EE). Anything you
say is encrypted on your device and sent to the recipient – and only decrypted once it reaches
the recipient's device.
Encrypted Communication Apps
Let’s talk more about what message apps are encrypted. Here are a couple of the most widely
known ones:
Signal
Signal does a lot to make itself a trusted app. It is open-source, so anyone can analyze its
code, check security settings and dependencies, and so on. Keeping the Signal’s “innards”
visible to anyone makes it seem more trustworthy.
Signal uses end-to-end encryption with Signal Protocol for messages, voice, and video calls.
Your messages are only stored in your device (and the device of the recipient), so Signal
cannot access them.
So, is Signal really safe? Comparably, yes.
WhatsApp
One of the most popular chatting platforms, WhatsApp, also uses end-to-end encryption
(Signal Protocol). But since it is owned by Meta, one can hardly claim that WhatsApp is 100%
secure. Meta faced various data breach incidents and illegal data collection controversies,
so trusting it will keep your private data private seems quite naive.
Your messages are stored on WhatsApp’s servers only temporarily until they are delivered,
and then they are deleted. However, with trust in Meta severely shaken, many might not be
willing to take the risk.
If you decide to back up your chat history, WhatsApp offers additional end-to-end encryption
of chat backup – protected by a password or a 64-digit encryption key. Otherwise, your chat
history is backed up unencrypted on your Google Drive. Adding E2EE might be a good call when
using WhatsApp backup. It is turned off by default, though, so make sure to enable it.
Telegram
While using Telegram, your data will only be encrypted by E2EE when you use the “Secret
Chats” feature. Otherwise, Telegram’s cloud-based chats are encrypted with the “MTProto for
Cloud Chats” protocol which was created by Telegram and they are stored on Telegram’s
servers. In other words, your cloud chats can be accessed by Telegram. Therefore, in case
you decide to use Telegram, it’s best to only use the “Secret Chats” feature.
Threema
Threema is a paid messaging app that uses E2EE. The encryption uses the NaCl library (an
open-source cryptographic library). Threema does not require an email address or phone
number to use the app. You can even use the app without providing any personal information
if you choose to use their Threema ID, which is randomly generated.
Your messages are only stored on Threema’s servers temporarily and deleted upon being
delivered.
Threema is an open-source software and is regularly audited.
SimpleX
SimpleX is an instant messaging app with double-layer end-to-end encryption.
The first layer uses the Double Ratchet Algorithm which encrypts each message with a unique
encryption key. So even if someone managed to steal one of the encryption keys, they would
only be able to read the one message that was encrypted with it. The second layer, NaCl
Cryptobox, mixes the messages up so that no one can tell their order or groupings. That way,
even if someone managed to decrypt each of your messages, they would not be able to assemble
them into a meaningful conversation.
On top of its solid encryption measures, SimpleX does not store any of your messages on its
servers.
Rocket.Chat
Rocket.Chat is an open-source team communication platform. It uses end-to-end encryption
with two layers – a symmetric encryption algorithm (AES-256) for messages and an ECDH
protocol for secure key exchange between users.
On top of being open-source, Rocket.Chat can be self-hosted. When self-hosting, the
organizations can decide the server configuration and how long their data will be retained.
The administrators can choose to delete messages after a certain period or otherwise apply
each company’s privacy policies.
Rocket.Chat E2EE is optional. If you choose to use it, your data is only relayed via the
Rocket.Chat’s servers in its encrypted form and is never stored there, ensuring that no one
can read it.
However, if you decide not to use the end-to-end encryption, all your messages, search,
history, and so on will be stored on the Rocket.Chat’s servers in decrypted form.
Microsoft Teams
Microsoft Teams is used by many companies for team communication.
It uses TLS for encryption in transit (during communication) and Advanced Encryption
Standard (AES-256) to encrypt messages stored on Microsoft servers. This means even if
someone hacked Microsoft’s servers, they cannot read the content of your messages without
somehow acquiring the encryption key.
The usual E2EE is only offered in case of 1:1 voice and video calls – additionally, for E2EE
to be enabled, both the participants have to turn the feature on in their app.
If you are a fan of Rocket.Chat or Microsoft Teams, you will be pleased to know that both are
available in eM Client!
Having your team communication app integrated into eM Client makes it easier to stay connected
and organized without switching between multiple apps. With everything neatly placed into a
single platform, your team collaboration will be smoother than ever.
When choosing the right messaging app, it is important to consider more than just convenience.
Various factors determine the safety of your communications, including the type of encryption
used, the transparency of the app, and how it handles your data.
You should evaluate whether the app uses strong encryption, if it's open-source with regular
third-party audits, and if the platform has a clear, minimal data retention policy. Keeping
these factors in mind will help you choose a secure and trustworthy app.