When you send a text or MMS from your phone the normal way, you can’t control what happens to the information once it leaves your device. Wireless carriers are required to save messages for a certain length of time to assist authorities in criminal investigations. The recipient can save the message indefinitely, or send it to someone else without your knowledge or permission.
That means those risqué photos, videos or texts you sent to your significant other could come back to haunt you in the future. There are web sites where people post pictures and messages of a private nature sent by their exes as a form of revenge. Relatively innocuous business-related messages could prove damaging if taken out of context later. Even if you don’t have a disgruntled ex or business partner, the recipient’s device could be lost or stolen, or their cloud accounts hacked.
Several messaging and social media apps have sprung up in response to these security concerns. But how secure are they? Let’s examine the features you should look for in a messaging app that will keep your private messages under wraps.
Encryption uses a public and private key to encode and decode the messages. A secure messaging app should generate and store the keys on the user’s device, not on a server. The keys should only leave the device by action of the user, such as creating a backup or transmitting them to a new device. This means that even if a company is subpoenaed or required to deliver your private messages to the authorities, they technically cannot.
Encryption during transmission is important because these apps use a data connection instead of the phone connection. If you or the recipient is on WiFi, the messages could be intercepted and read by a third party. The app should also encrypt stored messages, in case the device is hacked or falls into the wrong hands.
The digital storage on a smartphone works much like a PC’s hard drive. By default when you delete something, the operating system marks the space as available, but doesn’t actually remove the data until something overwrites the space. A secure messaging app should either remove the information completely, or only store the messages in RAM. Some messaging apps automatically delete the messages once they are read or after a specific length of time.
While this isn’t a security feature in itself, it’s still important. Most secure messaging apps require both parties to be using the same app. If you choose one that isn’t user-friendly, it will be difficult to convince others to join and they may not stay. If you’re choosing a messaging app for business purposes, your employees may be tempted to find their own solution and resort to easier to use but less secure apps instead.
Which Messaging App Should I Use?
Most mass market messaging apps were not designed with security in mind. Apps like Yahoo! Messenger, AIM, Google Hangouts, SnapChat and Viber encrypt messages during transit, but leave them vulnerable to being read at other points.
Of the more popular messaging apps, iMessage and FaceTime are the most secure but are limited to Apple products. On the Android exclusive side, users concerned about security can use TextSecure. Other secure messaging apps such as Cyber Dust, Silent Text and ChatSecure support both platforms.
The best way to decide which app is right for you is to ask your contacts or employees and find out if there is a secure messaging app they are already using. If they are using an app without robust privacy protection, try out a few different apps and determine which one has the features you need the most.
Learn more about texting security features. Subscribe to our weekly video 2 Minute Cyber Security Briefing Podcast on iTunes or Youtube. Visit www.CyberSecurityDictionary.com for more terms and definitions.