Best secure mobile messaging apps - Signal
Signal (formerly TextSecure Private Messenger) is arguably the pioneering secure mobile messaging platform that kickstarted the whole sector. Originally created by Moxie Marlinspike and Trevor Perrin’s Whisper Systems, the firm was sold to Twitter in 2011, at which point things looked uncertain. In 2013, however, TextSecure re-emerged as an open source project under the auspices of a new company, Open Whisper Systems since when it and has gained endorsements from figures such as Bruce Schneier and Edward Snowden.
We call it a platform because Signal is more than an app, which is simply the piece that sits on the Android or iOS device and which holds encryption keys. The App itself can be used to send and receive secure instant messages and attachments, set up voice calls, and has a convenient group messaging function. It is also possible to use Signal as the default SMS app but this no longer uses encryption for a host of practical and security reasons.
Signal was designed as an independent end-to-end platform that transports messages across its own data infrastructure rather than, as in the past, Google’s Google Cloud Messaging (GCM) network. The Axolotl protocol underlying the platform’s security is also used by G Data (see below) as well as Facebook’s WhatsApp, which isn’t to say that Facebook’s implementation won’t have other vulnerabilities – as ever use with care.
Using the app is pretty straightforward. Installation begins with the phone number verification after which the software will function standalone or as the default SMS messaging app after offering to import existing texts. The most secure way to use it is probably as the default messaging app, so that an insecure message doesn’t get sent by accident.
Interestingly, Signal just launched encrypted video calls, stepping up its current level of encryption. The app previously supported voice call end-to-end encryption but this update will ensure video capabilities hold the same level of security as its chat functionality.
Additional security features include an app password and with a blocker that stops screen scraping. It is also possible to control what types of data are exchanged over Wi-Fi and mobile data. Obviously both sender and receiver need to have the app installed, which worked simply by entering the phone number of any other registered user.
Security: based on OTR protocol, uses AES-256, Curve25519 and HMAC-SHA256; voice security (formerly RedPhone app) based on ZRTP
Pro: Android and iOS, handles voice as well as messaging, Edward Snowden said to use this app
Con: None although service reportedly not always the fastest
Next: Secure Chat