Are Your Messages Visible to Hackers?

Category: Privacy

Secure messaging apps are in the news following Wikileaks release of CIA documents suggesting the spy agency has ways of evading smartphone security features. If your phone isn’t secure, your messaging app should be. But which messaging apps can you rely on? Read on to find out.

Secure Messaging Apps

All of the leading messaging apps provide end-to-end encryption these days. But encrypting data while it’s in transit or stored on third-party servers is not enough. If your phone is infected with a keylogger, it will record all of your messages keystroke by keystroke and send them off to eavesdroppers at Hacker HQ.

Another tactic involves malware that takes screenshots of messaging sessions unbeknown to the users and sends those images to a remote server. The best messaging apps incorporate countermeasures for these tricks, too.

WhatsApp is one of the most popular encrypted messaging apps. That’s important because your contacts must be using the same messaging app you are in order to take advantage of its encryption. Odds are many of your contacts already use WhatsApp.

encrypted messages

When you install WhatsApp on your Android or iOS device, it will ask permission to access your contacts. You don’t have to allow it, but you’ll have to enter phone numbers manually if you don’t. That may not be a burden if you have only a couple of contacts with whom you want to communicate via an encrypted channel.

WhatsApp allows users to back up their messages to a cloud service such as Google Drive. Be aware that such cloud storage services do not store data in encrypted form. You may want to encrypt a hard drive on your laptop using Bitlocker or a similar whole-disk encryption utility, and back up your messages to that instead of the cloud.

Then there’s the fact that Facebook has owned WhatsApp since August, 2016. WhatsApp is just starting to share some of its user data - but not message contents - with Facebook, in part to enable better targeting of Facebook ads on the social media network.

More Secure Messaging Apps

Want to know more about encryption? See my article Time to Start Encrypting Your Stuff? for a discussion about encrypting your files, and the free software you can use to get that job done on your Windows, Mac, Linux, Android or iOS systems.

Confide is being used by White House staffers and other politicians. This app has been around since 2013, and includes innovative features along with end-to-end encryption. For example, Confide can reveal a message slowly and delete it immediately after it is read.

During installation, you will need to set a Confide password and verify your possession of the phone it’s installed on by entering a code that is sent to the phone’s number. Like WhatsApp, Confide will ask for access to your contacts, but you can refuse and enter phone numbers manually.

Security experts have been skeptical of Confide for two reasons. First, the app’s encryption protocol is proprietary, unlike that of WhatsApp and Signal (see below), so it cannot be vetted by the security community; we just have to take the company’s word that there are no vulnerabilities in Confide’s encryption. Second, in March, 2017, researchers at security firm IOActive reverse-engineered Confide and found “numerous security vulnerabilities” that would allow hackers to impersonate users, decrypt messages, and swipe users’ contacts. Confide’s developers say all of the vulnerabilities were fixed in a subsequent release.

Signal Private Messenger is lauded by the security community for its open-source and innovative encryption protocol, which has been vetted by researchers since 2014. In fact, Signal was just approved for use by the U. S. Senate.

During installation, you will have to enter a 6-digit code sent to your phone via text message, and you will need to give Signal access to your contacts. The company says contacts are quickly deleted from its servers. But why is it required that your contacts must be shared, even briefly?

Signal is popular among international aid workers, human rights activists, journalists. (And soon, perhaps, among Senators and other politicians.) But it’s not widely known amongst the "common folks," so finding Signal users among your contacts may be more difficult.

Apple’s iMessage app is built into iOS, so if you have an iPhone or iPad you can have encrypted conversations with any other Apple fan. Apple’s software is proprietary, but the company has a good track record when it comes to software security. Still, you have to take their cross-your-heart and pinkie-swear promise that they'll never, ever share your info with a third party.

The one astounding failure of iMessage is that you can’t know if the message you’re sending will be encrypted until you hit “Send.” It depends on how you and your contact have your iMesssage apps configured. After hitting send, your screen turns green if the message was not encrypted before sending, or blue if encryption was performed. Really, Apple? By then, it may be too late.

Of course, it’s essential to secure your hardware and operating system as well as your messaging app. Use a lock screen and PIN to prevent unauthorized access to the apps on your phone. If anyone with access to your phone can pick it up and starting poking around, it doesn't matter how much encryption you've got going on.

Apple users get iOS updates straight from Apple, but the vast majority of Android users must wait up to 18 months for their carriers to roll out Android updates. Only Google’s own Pixel phones get prompt updates for the Android operating system. The newest devices with the latest Android OS tend to get updates quicker. If you have an Android phone or tablet that's more than 2 years old, you may not get any updates. Check with your mobile service provider to see if and when your device will receive Android operating system updates.

Your thoughts on this topic are welcome. (And extra credit if you can identity the gadget in the image above.) Post your comment or question below...

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 22 May 2017

For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 18 May 2017

The Top Twenty
Next Article:
5-Point Tuneup For Hacker Defenses

Most recent comments on "Are Your Messages Visible to Hackers?"

Posted by:

22 May 2017

I deleted whatsapp from my phone when it was bought out. Looking to find something else for when I want to encrypt something.

BTW Its the ENIGMA encryption typewriter.

Posted by:

Mario Galvan
22 May 2017

Isn't that the Enigma coding machine used by Germany in WWII?

Posted by:

Craig Beard
22 May 2017

I thought I'd give Signal a go, but I've just changed back to my previous message app. You're so right about the lack of Signal users among my friends. Only one was using it when I started ... only a couple decided to change to it after receiving the invitation. Besides, currently if I want to send a group message, I have to set up the group in advance; I can't add multiple contacts on the fly (or I didn't find out how to do so). I may use Signal again in the future, but not now.

Posted by:

Juan Lopez
22 May 2017

Would it not be useful to have the encryption defined at both ends with the IOs recipient to reduce chance of having it turn green after the fact? I do agree that it should be up to the folks at Apple to give an opt-in feature from the get go.

By the way, the machine was an early encryption unit. Looks like a WWII German enigma machine.

Posted by:

Peter B
22 May 2017

Just to be clear about Apple's iMessage. If the contact is a known Apple user, then it will send an encrypted iMessage as Bob says. If not, it will be sent as a standard SMS text message, which is just plain text (and is shown in green on the screen). If the sending of the iMessage fails, then it gives the option of sending as an SMS text (assuming you and they have a mobile phone). I think that it defaults to the mode of the last successful message in that thread, but I'm not certain about that.

Posted by:

22 May 2017

For Marilyn (and anyone else interested):

It certainly looks like an early 3 rotor version ENIGMA machine (with all rotors removed) but it's NOT a typewriter. It's an encryption / decryption device where decrypted characters were indicated on lamps and the resultant had then to be written (or typed) by hand.

Posted by:

22 May 2017

Alan Turing is credited with leading the effort to solve the Enigma encryption from their post at Bletchley Park. This breakthrough resulted in a great advantage against Germany in the war. In the early 1950's, a grateful British nation rewarded Turing by arresting him for homosexuality.

Posted by:

22 May 2017

Please clarify something for those of us who are really **not** "tech"-oriented: does this entire message pertain *only* to cell and smartphones? I don't have one of the "everybody has one" carry-everywhere phones. I have only a simple land-line. IOW, does the Whatsapp also work on my desktop computer? Thanks as always, Bob.

Posted by:

23 May 2017

That is the Enigma machine used by Germany. Yes Butch I think this message only refers to cell phones and tablets. With a desk top or lap top there is an email program hosted in Switzerland that offers encryption end to end or not. If interested in encryption check out "" and see if they still offer free email addresses. I got mine quite a while ago when they were free and just starting out.

Posted by:

Dave K
23 May 2017

> In the early 1950's, a grateful British nation
> rewarded Turing by arresting him for
> homosexuality.

... and chemically castrating him. This is how we treat our national treasures.

The bite in the Apple logo was thought my many to be an homage to Turing who dommitted suicide by eating a cyanide-laced apple, but sadly this is not true.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- Are Your Messages Visible to Hackers? (Posted: 22 May 2017)
Copyright © 2005 - Bob Rankin - All Rights Reserved