Want end-to-end encryption? Use these apps
Updated November 11, 2016 to include Facebook Messenger Secret Conversations. Updated April 5, 2016 to include WhatsApp.
As U.S. politicians and law enforcement agencies step up their rhetoric against tech companies’ implementation of end-to-end encryption of phone calls, text messages, and emails, you can protect your communications with encrypted apps.
It’s virtually impossible to encrypt all of your communications today. In addition to installing and using apps that protect your communications from your smartphone, across the Internet, and on to the smartphone of the person you’re talking to, known as end-to-end encryption, you have to get the person with whom you’re communicating to use them, too. And because not all encryption code is created equal, some apps are safer than others. Some popular communications services, such as Skype, protect your communications data in transit between computers, but not when it reaches its destination or at rest on the services’ computer servers.
“Data encrypted end-to-end is the only case where you can trust the service to protect your data,” says cryptographer Paul Kocher, who has been involved in computer-based encryption since the first round of encryption debates in the 1990s.
For these reasons, the security of your mobile communications depends entirely on which phones and apps you and your contacts use. Few companies have been focusing on mobile encryption until recently. The following encrypted apps can respectively replace (or complement) your default phone, SMS messaging, and online-storage apps. When you and your contacts use them to communicate, you are armed with the end-to-end encryption privacy advocates say you need to thwart surveillance and hacking attempts.
Encrypt your devices’ stored photos, movies, and documents
If you have an iPhone or iPad running iOS 8 or a later version, your hard drive is encrypted by default, meaning that the data you store on the phone is protected from being accessed when it’s locked. Phones running iOS 7 or previous versions of Apple’s mobile operating system are less protected.
It’s not quite so clear which devices running Google’s Android have encrypted hard drives. Newer Nexus models come with disk encryption enabled, and future phones and tablets that ship with Android 6.0 Marshmallow will have it activated by default, but on most Android devices, you must actively turn encryption on.
To activate hard drive encryption on your Android devices, make sure that they are plugged in, then, in Settings, tap Security, then Encrypt Phone, and select Encrypt Phone again. The encryption process will take about an hour, depending on how much data is stored on your device.
Protect your messages with end-to-end encryption
Only six messaging apps fully protect your instant messages and texts, and only two apps fully protect your phone calls, according to an encryption app scorecard maintained by technology rights advocate the Electronic Frontier Foundation. Popular apps such as WhatsApp, Skype, and Snapchat are not among the six.
You can choose the apps you use to protect messages from surveillance based on the types of messages you want to send. iPhone users have it easy, if they’re communicating with other iPhone users. Apple’s iMessage and FaceTime, which come preinstalled on iPhones, iPads, and Mac computers, are encrypted by default for messages and calls sent to other iMessage and FaceTime users. Not even Apple can tap into those coded communications, much to the displeasure of some politicians.
Google’s Hangouts service for instant messages and calls is encrypted in transit, but Google has access to the data at its end. That means that the company can and must hand over any communications it has stored for which it receives a subpoena. Hangouts comes preinstalled on Google’s Android devices, but not necessarily on other Androids.
Because text messages, also known as SMS (Short Message Service) messages, are sent over standard phone networks and are therefore difficult to encrypt end to end, a cottage industry has sprung up of apps that encrypt them for you. There’s a catch, of course: Like Apple’s iMessage, everyone in on the chat must use the same app.
The ubiquitous WhatsApp changed the end-to-end encryption game in April 2016, when it added end-to-end encryption for all its users, on every platform. WhatsApp is used by more than 1 billion people on Android, iPhone, BlackBerry, Windows Phone, and Nokia phones, and it has a Web-based version so you can use the service on Windows, Mac, and Linux. There’s a good chance that your friends already use it, and now it protects communications on just about every platform available, including text, group chat, photo, video, file, and voice message.
However, you can’t use it to text directly to a contact’s phone if they don’t have the app, and it doesn’t offer message destruction services.
Signal
Signal encrypts your smartphone’s SMS messages, instant messages, and phone calls on Android and iPhone, and it is developing a desktop version. You install the free app as you would any other smartphone app. When you launch it for the first time, it will ask to verify your phone number. The app will then text you a verification code, or you can choose to receive your code via phone call.
When using the app, it will notify you when you’re texting or speaking with people who don’t have Signal and offer to send them an app download link. When a message is encrypted, a lock icon appears next to the text field where you type. Likewise, encrypted calls show people on the call a word pair used to verify that the call is secure.
Facebook Messenger (Secret Conversation only)
In October 2016, Facebook added a feature to its Messenger app used by 900 million people: opt-in end-to-end encryption. It uses the same Open Whisper encryption software that powers the encryption in WhatsApp and Signal. Unlike those apps, Facebook Messenger’s Secret Conversations are currently only available on Android (download) and iPhone (download). However, you can set messages to expire after 5 seconds up to 24 hours later, similar to Snapchat. To turn on the feature, tap the lock slider in the upper right before choosing your recipients.
Silent Phone
Silent Phone app for iOS and Android includes phone and messaging features. With features such as 100MB of encrypted data transfer, encrypted conference calls for up to six people, and encrypted voicemail available in a premium upgrade for $9.95 per month, the otherwise free app is marketed toward business users, but there’s nothing stopping people from using it for end-to-end encrypted personal communication.
Founded by Phil Zimmermann, inventor of the widely known but hard-to-use email encryption tool Pretty Good Privacy, Silent Circle also makes the Blackphone, a security- and privacy-focused Android phone that comes with its suite of encrypted apps preinstalled.
Before using Silent Phone, you have to register a username and password with Silent Circle. In addition to calls and messaging, the app lets you set messages to automatically delete from the recipient’s phone. You can also call phones that aren’t using Silent Phone through the app, though those calls will not be fully encrypted.
Wickr
is a messaging-only service that lets you set messages to self-destruct after they’ve been read. It works a bit like Snapchat, except that it includes end-to-end encrypted communication with other people who have installed and are using the app on an Android, iOS, Windows, Mac, or Linux device.
Another differentiator from Snapchat: Wickr doesn’t keep any of your messages on its servers. It doesn’t even have access to its customers’ usernames, so if you forget your log-in information, you’ll have to create a new account.
Threema
is another end-to-end encrypted messaging app, one of a few that work on not only iOS and Android, but also on Windows Phone. In addition to messaging, it offers secure QR code scanning and voice mail, though to get those to work, you have to install app plug-ins.
Like Silent Circle, Threema is based in Switzerland, a country known for laws protecting consumer privacy. However, while many of Threema’s competitors are free, the Swiss app costs $2.49.
ChatSecure
ChatSecure’s end-to-end encryption is open-source, meaning that people can peer-review the code. It lets you message people with or without encryption. When a message is protected because both sender and recipient are using ChatSecure, a lock icon appears over the message send button. When an unlocked padlock icon appears over the message send button, you know that you’re not protected.
One benefit of ChatSecure is that it can integrate with your Jabber/XMPP accounts, so you can take desktop messaging on the go. Another is that it can connect to the Internet through Tor, which anonymizes your communications by bouncing them across multiple Internet servers.