Messenger | Google Messages  | Apple iMessage  | Facebook Messenger  | Element (Matrix)  | Signal | Microsoft Skype  | Telegram | Threema | Viber | Facebook | Amazon Wickr Me  | Wire | Session | SimpleX | Twitter | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Overview | ||||||||||||||||||||||
| Is the app recommended to secure my messages and attachments? | No | No | No | No | Yes | No | No | Yes | No | No | No | Yes | Yes | Yes | No | |||||||
| Main reasons why the app isn't recommended / Improvements to apps that are recommended | Named as NSA partner in Snowden revelations Makes money from personal data Data not protected, not all data protected No independent, recent code audit and security analysis | Named as NSA partner in Snowden revelations Data not protected, not all data protected No independent, recent code audit and security analysis | Named as NSA partner in Snowden revelations Encryption not enabled by default Makes money from personal data Data not protected, not all data protected No independent & recent code audit and security analysis | No independent, recent code audit and security analysis | Remove the mandatory requirement for users to sign up with a mobile number | Named as NSA partner in Snowden revelations Encryption not enabled by default Makes money from personal data Data not protected, not all data protected Closed source | Bespoke cryptography Encryption not enabled by default Data not protected, not all data protected | Make APIs and server code open source Provide more comprehensive independent assessments of security/privacy | Data not protected, not all data protected No independent & recent code audit and security analysis Closed source | Named as NSA partner in Snowden revelations Messages can be read by Facebook if marked as "abusive" Makes money from personal data Data not protected, not all data protected No independent & recent code audit and security analysis Closed source | Former NSA chief Keith Alexander is on Amazon’s board of directors Funded by the CIA Recent security audits are not public Has contracts with the US government Closed source | Further limit metadata storage and logging Provide more comprehensive independent assessments of security/privacy | Implement perfect forward secrecy at the end-to-end encryption layer Provide more comprehensive independent assessments of security/privacy | Provide more comprehensive independent assessments of security/privacy | End-to-end encryption not implemented for all users and group chats No implementation details No comprehensive independent assessments of security/privacy Closed source | |||||||
| Details | ||||||||||||||||||||||
| Company jurisdiction | USA | USA | USA | UK | USA | USA | USA / UK / Belize / UAE | Switzerland | Luxembourg / Japan | USA | USA | USA / Switzerland | Switzerland | UK | USA | |||||||
| Infrastructure jurisdiction | Worldwide (rollout on-going, unsure of exact locations, most likely Google Cloud regions) | USA (Ireland and Denmark planned); iMessage runs on AWS and Google Cloud | USA, Sweden (Ireland planned) | UK (and potentially all jurisdictions, given it's a decentralised messaging platform) | USA | USA, the Netherlands, Australia, Brazil, China, Ireland, Hong Kong, and Japan | UK, Singapore, USA, and Finland | Switzerland | USA | USA (unsure of other locations) | USA (unsure of other locations) | Messages: Worldwide (uses de-centralised servers) Attachments: Centralised server in Canada | Worldwide (uses de-centralised servers) | Worldwide (uses de-centralised servers) | USA, worldwide (unsure of other locations) | |||||||
| Implicated in giving customers' data to intelligence agencies? | Yes | Yes | Yes | No | No | Yes | No | No | No | Yes | No | No | No | No | Yes | |||||||
| Surveillance capability built into the app? | No | No | No | No | No | Yes | No | No | No | No | No | No | No | No | No | |||||||
| Does the company provide a transparency report? | Yes | Yes | Yes | No | Yes | Yes | No | Yes | No | No | Yes | Yes | Yes | Yes | Yes | |||||||
| Company's general stance on customers' privacy | Poor | Poor | Poor | Good | Good | Poor | Poor | Good | Poor | Poor | Poor | Good | Good | Good | Poor | |||||||
| Company collects customers' data? | Poor | Poor | Poor | Good | Good | Poor | Poor | Good | Poor | Poor | Poor | Good | Good | Good | Poor | |||||||
| Funding | Apple | New Vector Limited | Freedom of the Press Foundation The Knight Foundation The Shuttleworth Foundation The Open Technology Fund Signal Foundation (Brian Acton) | Microsoft | Pavel Durov | User pays / Afinum Management AG | Rakuten Friends and family of Talmon Marco (very unclear) | Amazon the CIA | Janus Friis Iconical Zeta Holdings Luxembourg Morpheus Ventures | LAG Foundation Ltd | Venture Capital fund Village Global | |||||||||||
| App collects customers' data? | Yes (Difficult to assess given the app is integrated into Google's greater ecosystem) | Yes (Difficult to assess given the app is integrated into Apple's greater ecosystem) | Health & fitness / purchases / financial info / location / contact info / contacts / user content / search history / browsing history / identifiers / usage data / sensitive info / diagnostics / other data | Contact info / contacts / identifiers / diagnostics / user content (Contact info not sent when using anonymously) | Contact Info | Identifiers / Contact Info / User Content / Identifiers / Usage Data / Diagnostics | Contact info / contacts / identifiers | Contact info / identifiers / diagnostics (Contact info not sent when using anonymously) | Location / identifiers / purchases / location / contact info / contacts / identifiers / usage data / user content / usage data / diagnostics | Purchases / financial info / location / contact info / contacts / user content / identifiers / usage data / diagnostics | Contact info / identifiers / diagnostics (Contact info not sent when using anonymously) | Contact info / identifiers / usage data / diagnostics | No | No | Purchases / Location / Contact Info / Contacts / User Content / Search History / Browsing History / Identifiers / Usage Data / Diagnostics | |||||||
| User data and/or metadata sent to parent company and/or third parties? | Yes | Yes | Yes | No (User data is sent to a third party if a payment is made) | Minimal (Mandatory mobile number sent to third party for registration & recovery) | Yes | Yes | No (Optional mobile number sent to third party for registration) | Yes | Yes | No (Optional mobile number sent to third party for registration) | Yes | No | No | Yes | |||||||
| Is encryption turned on by default? | Yes | Yes | No | Yes | Yes | No | No | Yes | Yes (if device supports it) | Yes (if device supports it) | Yes | Yes | Yes | Yes | No | |||||||
| Cryptographic primitives | Curve25519 / AES-256 / HMAC-SHA256 | P-256 ECDH & Kyber-768/1024 / AES-256 / HMAC-SHA384 | Curve25519 / AES-256 / HMAC-SHA256 | Curve25519 / AES-256 / HMAC-SHA256 | Curve25519 & Kyber-1024 / AES-256 / HMAC-SHA256/512 | Curve25519 / AES-256 / HMAC-SHA256 | RSA 2048 / AES 256 / SHA-256 | Curve25519 256 / XSalsa20 256 / Poly1305-AES 128 | Curve25519 256 / Salsa20 128 / HMAC-SHA256 | Curve25519 / AES-256 / HMAC-SHA256 | ECDH512 / AES-256 / HMAC-SHA256 | Curve25519 / ChaCha20 / HMAC-SHA256 | X25519 / XSalsa20 256 / Poly1305 | Curve25519 & sntrup761 1158 / XSalsa20 256 / Poly1305 | ||||||||
| Are the app and server completely open source? | No | No | No | Yes (clients Element / Riot, server/API matrix.org) | Yes | No | No (clients and API only) | No (apps only) | No | No | No | Yes | Yes | Yes | No | |||||||
| Are reproducible builds used to verify apps against source code? | No | No | No | No | Android only | No | iOS and Android | Android only | No | No | No | No | No | No | No | |||||||
| Can you sign up to the app anonymously? | No | No | No | Yes | No | No | No | Yes | No | No | Yes | No | Yes | Yes | No | |||||||
| Can you add a contact without needing to trust a directory server? | N/A, Google Messages uses RCS, which doesn't use a directory service | No | No | no | No | No | No | Yes | Yes | No | No | No | Yes | Yes | No | |||||||
| Can you manually verify contacts' fingerprints? | Yes | Yes | Yes | Yes | Yes | No | No (session only, does not provide users' fingerprint information) | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |||||||
| Directory service could be modified to enable a MITM attack? | N/A, Google Messages uses RCS, which doesn't use a directory service | No | No | No | No | No | No | No | No | No | No | No | No | No | No | |||||||
| Do you get notified if a contact's fingerprint changes? | Yes | Yes | Yes | No | No (session only, does not provide users' fingerprint information) | Yes | Yes | No (setting turned off by default) | Yes | If contact was previously verified | N/A | N/A | ||||||||||
| Is personal information (mobile number, contact list, etc.) hashed? | N/A, Google Messages uses RCS, which doesn't use a directory service | No | No | Yes | Mostly | No | No (session only, does not provide users' fingerprint information) | Yes | No | No (setting turned off by default) | Yes | Mostly | N/A | N/A | ||||||||
| Does the app generate & keep a private key on the device itself? | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | ||||||||
| Can messages be read by the company? | No | No | Yes | No | No | Yes | Yes | No | No | Yes | No | No | No | No | ||||||||
| Does the app enforce perfect forward secrecy? | Yes | Yes | Yes | Yes | Yes | Yes | No (session keys do change after being used 100 times) | Yes | Yes | Yes | Yes | Yes | No | Yes | ||||||||
| Does the app encrypt metadata? | No | No | No | Yes | No | No | Yes | No | Yes | Mostly | Yes | Yes | ||||||||||
| Does the app use TLS/Noise to encrypt network traffic? | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |||||||
| Does the app use certificate pinning? | Yes (>=iOS 9.3) | Yes | Yes | Yes | Yes | Yes | ||||||||||||||||
| Does the app encrypt data on the device? (iOS and Android only) | No | Yes (if passphrase enabled) | Yes | Yes (if passphrase enabled) | iOS: Yes (if passphrase enabled); Android: Yes (if master key set in the app)s | iOS: Yes (if passphrase enabled); Android: Yes (unsure of function) | Yes | Yes | Yes | |||||||||||||
| Does the app allow local authentication when opening it? | No | No | Yes | No | Yes | No | Yes | Yes | No | Yes | Yes | Yes | Yes | |||||||||
| Are messages encrypted when backed up to the cloud? | Yes (>= Android P) | Yes | Yes | N/A, Signal is excluded from iCloud/iTunes & Android backups | Yes | iOS: Yes / Android: Yes | N/A, Wickr is excluded from iCloud/iTunes & Android backups | N/A, Wire is excluded from iCloud/iTunes & Android backups | N/A, Session is excluded from iCloud/iTunes & Android backups | |||||||||||||
| Does the company log timestamps/IP addresses? | Yes | Yes | No | Yes | Yes | No | Yes | Yes | No | Some | No | No | Yes | |||||||||
| Have there been a recent code audit and an independent security analysis? | No | No | No | No (Matrix's encryption library reviewed by an independent party) | Yes (many in the last few years) | No | Yes (November, 2015) | Yes (October, 2020) | No | No | Yes (August, 2014) | Yes (March, 2018) | Yes (April, 2021) | Yes (November, 2022) | No | |||||||
| Is the design well documented? | No | Somewhat | Somewhat | Somewhat | Somewhat | No | Somewhat | Somewhat | Somewhat | Somewhat | Somewhat | Somewhat | Somewhat | Somewhat | No | |||||||
| Does the app have self-destructing messages? | No | No | Yes | No | Yes | No | Yes | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes | |||||||
Source code: Mike Kuketz | CC BY-NC-SA 4.0 |     | ||||||||||||||||||||||