If recent history is any guide, most WhatsApp users reacted to last year's controversy over changes to its terms of service and connections to parent company Facebook with a shrug. The inconvenience of moving from WhatsApp to avoid the sort of commercial surveillance many users now accept as normal across free internet services will simply be too big a barrier.
But for anyone who is upset at the privacy implications of WhatsApp’s gradual integration with Facebook, the good news is there are now plenty of alternatives to turn to. The confusing part is often comparing the underlying privacy on offer from apps in a sector that is still evolving quite rapidly.
A year ago, consumer apps using end-to-end encryption with perfect forward secrecy (PFS) – considered the current base standard for plausible privacy - were thin on the ground. This has changed quite dramatically with several adopting this security level although not always in a way that offers detail on the underlying engineering.
In the following pages, we line up some alternatives to WhatsApp, doing our best to compare the security and features on offer. The apps discussed are all for single users. Led by a clutch of British firms, business-oriented (i.e. subscription) messaging apps have also boomed, but the requirements for this type of app very different from consumer apps and are best left to a separate feature.
Worried about WhatsApp privacy? Fine print
A word of warning: secure messaging apps are a lot more complex than they appear on the surface, encompassing not only messaging and IM but voice, video, file transfer and even in some cases SMS texting. The standards that govern each are different and, in some cases, take in proprietary approaches as well as ones using open standards. One or two even offer desktop applications as well as mobile apps. The key issue is that for messaging, how something is implemented is extremely important. Most people downloading free apps probably don’t look into the detail but the privacy-aware will want to study the fine print more closely.
Last but not least, no matter how secure and advanced an app might be it is dead in the water if your contacts don’t use it. That is the fundamental that has made WhatsApp so hard to live without and all but guarantees its continuing dominance. As ever, disappointingly, privacy remains one of life's trade-offs.
The granddaddy that helped pioneer the early market, Signal appeared in 2014 as the unification of two earlier open source apps with rather complicated histories, TextSecure and RedPhone, authored by famous developer Moxie Marlinspike. Today, the underlying end-to-end Signal protocol (previously called ‘Axolotl’) is now used by several other apps mentioned here including, in 2016, WhatsApp itself. Its security and privacy features are second to none. To many, Signal is the original and best on which many others are based - even Edward Snowden uses it.
Platforms: iOS, Android (2.3 on)
Features: Comprehensive security
Security: End-to-end encryption with PFS, no metadata storage, privacy-based directory system to protect contacts
Drawbacks? iOS and Android only, Signal focusses on underlying technology rather than the app itself, very small user base
Conclusion: Not as slick to use as more recent apps but still the standard bearer for the underlying security. The app for privacy advocates rather than consumers.
Launched in 2015, Wire is the work of a Swiss company backed by Skype cofounder Janus Friis, which invites obvious comparisons with that older but more established platform. Has gradually added more thorough security to its core features and now covers messaging, voice, video, and even screen sharing using an underlying open source platform. The founders go to some lengths to emphasise that the app doesn’t monitor users for ad purposes or display pop-ups. Impressively multi-platform but currently small – one for the hardcore privacy enthusiast.
Platforms: Windows, OS X, iOS, Android, web browsers
Features: Works on almost everything, end-to-end encryption across all channels, open source, user check verification, excellent design
Security: End-to-end encryption with OTR instant messaging security
Drawbacks? Small user base, handling of metadata unclear
Conclusion: Shows how far these apps have come
Sold mainly as a secure messaging app for businesses, Pryvate is also offered in a ‘Pro’ version for single users, which is why we include it here. This costs £4.68 per month ($6 approx), a cost some privacy-conscious users might feel comfortable with.
As well as encrypted end-to-end instant messaging, voice, and video, also includes secure file transfer, secure email and conference calls. This clearly marks the software out as professional rather than enthusiast. The free version offers encrypted IM and picture sharing plus voice calls. Users can also receive video calls from Pro users. Underlying end-to-end security based on Phil Zimmermann’s respected ZRTP protocol, also used by Silent Circle and the secure Blackphone.
Platforms: iOS and Android
Features: Secure file exchange, secure email
Security: End-to-end voice and IM using ZRTP protocol, no metadata or logging of IM
Drawbacks? More of a freemium app which builds in limitations, tiny user base
Conclusion: Affordable way of getting the security features of Silent Circle as an app
Before it launched in mid-September 2016, Allo was touted by Google as a secure mass-market alternative to WhatsApp – and although end-to-end encryption would not be turned on at all times, it promised that any message data the app stored would be temporary.
The interesting feature of Allo is the integration of machine learning and chatbots into the platform so that the service will suggest information to its users as well as transmit their messages. Allo is limited, however, and is designed to integrate with a user’s Google universe in ways that imply that Google is collecting data on user’s habits and interests. Private? Hardly.
Allo by default stores every single message that’s sent on the service and these will all remain on Google’s servers until the user goes out of their way to delete them – so while at least they can be deleted, the app lags behind tried and tested, more secure alternatives.
However, an Incognito Mode option does use the same Signal protocol as WhatsApp for end-to-end encryption and stops Google from storing messages, but this must be enabled by the user first.
The company claimed the reason for storing all the message data was to make Allo’s Siri-like virtual assistant smarter. It uses AI to learn from user messages and uses this intelligence to offer improved suggested replies, as well as better functionality for other features across the Google suite like search and calendar reminders.
But as far as privacy goes it’s a leap from what Google had first promised.
Google products are already subject to requests from governments and law enforcement agencies – as detailed in its transparency report – including Gmail and Android location data, and Allo will be no exception. Privacy pundits quickly dragged Allo over the coals for failing to deliver on security, including NSA whistleblower Edward Snowden, who described the service as “Google Surveillance”.
Google believes (possibly correctly) that users don’t want or need security at all times.
Platforms: Android, iOS
Features: machine learning, integration with Google services
Security: offers an incognito mode based on Signal, expiring chats, private notifications
Drawbacks? Limited privacy by default, only handles IM sessions
Conclusion: A bit confusing – isn’t the more featured Hangouts meant to be the messaging app?
Telegram is less an app than an entire cloud-based messaging platform based on strong encryption that can seem at time somewhere between a secure social network and a broadcasting system. Repressive regimes and police forces hate it and have even demanded back doors be created. This is all excellent advertising for Telegram of course.
This design means that the service syncs across multiple devices and platforms, acting more like a hosted email service in which users can exchange a variety of content and files to groups of up to 5,000 people. Broadcast groups are unlimited which explains why media firms such as the BBC have used Telegram to distribute content securely to ‘subscribers’ in countries such as Russia or Iran.
Platforms: Android, iOS, Windows Phone, Windows PC, Mac, Linux
Features: Powerful group and broadcasting features, excellent end-to-end security, open source
Security: Uses MTProto protocol based on 256-bit symmetric AES encryption, RSA 2048 encryption and Diffie–Hellman secure key exchange
Drawbacks? None as such although it’s possibly more involved than some users need
Conclusion: The only independent privacy platform with a sizable user base
Find your next job with techworld jobs