Is Your Privacy Really Secure On Messaging Applications?

Messaging applications. Are they safe?

Believe it or not but your privacy does get heavily affected by the type of messaging application that you use on your mobile device.

The rampant rise of smartphones mean that many of us now live our life on the internet and increasingly on a smartphone screen. Smartphones have become our lifelines so to speak.

It is safe to assume that the average mobile device user now makes use of several smartphone application for messaging on a daily basis.

Moreover, the arrival of the digital age means that most of us are now consumed by an ever increasing number of mobile device applications that we have on our mobile devices. And that isn’t necessarily a bad thing.

Messaging applications allow users a highly streamlined way of communicating and keeping in touch with family and friends. And most of all, the smartphone revolution has eliminated factors such as distance and time when it comes to connecting with your loved ones.

Such widespread regular use of messaging apps really begs the question if these messaging applications are really secure enough to guard our privacy.

We already know that most of the messaging applications analyze our conversations with our contacts to give us better predictions on what to say next.

Can we really know for sure if our messaging applications are taking the necessary measures to protect our privacy?
In other words, how secure and private are our mobile messaging applications?

Just a few weeks ago, Alphabet Inc’s Google launched another one of its messaging applications by the name of Google Allo. As indicated before, it is a chat and messaging application that is powered by Google’s artificial intelligence.

And because of Google’s use of artificial intelligence in its latest messaging application, it gives Google Allo a great advantage over the rest of the competition.

Among many other benefits, the one that is clearly the most important one is the ability of the messaging application to suggest responses to messages by simply analyzing the contents of the user’s messages.

What does that mean as far as end users are concerned?

Well, for one, it means that now there are more than two participants in each of your conversations. One is you, the other is the recipient of the message and the third is the intermediate interpreter in the form of Google Allo’s artificial intelligence that studies the content of your messages and then comes up with suitable predictive suggestions.

Nevertheless, according to a recent report published by the Verge, it was stated that Google had actually publicized its new Allo messaging app, back when the company announced Google Allo, as a constructive step to further the cause of privacy advocates. In other words, the new messaging application from Google was marketed as a messaging application that took user’s privacy seriously.

Now it has been revealed, through various media reports, that all messages not sent through the incognito mode will be encrypted while they are en route. That sounds great. But the fine print is that all messages will now be stored by the company. At least that will be the default settings though users will be able to change it to their liking by configuring the settings of the new messaging application.

Of course, readers should know that Google Allo messaging application stores conversations messages of all its users to enhance its smart reply feature. As indicated earlier, users can manually (and rather actively) delete those messages and conversations which they don’t want the messaging application to study.

All of that means that end-to-end encryption, which is enabled by default in many other messaging application such as Whatsapp, in Google Allo is a stuff of dreams. Again, the non-existence of end-to-end encryption in Google Allo only happens when the user does not change the default settings or delete the conversations manually.

It should become clear to anyone that Google Allo doesn’t care much for user privacy by default. But are other messaging applications also following the same policy?
Let’s find out.

What Do We Mean When We Say, Messaging Applications Privacy Features.

Google Allo’s artificial intelligence integration nullifies the whole point of encryption

Most people don’t realize this but the fact that there are so many messaging applications in the market doesn’t automatically mean that all of them support the same policy on privacy. There are subtle differences in the default privacy settings of most applications. Users who don’t pay attention, lose out on guarding their online privacy because of sheer negligence.

The privacy feature is probably the only feature that is different for almost all messaging applications.

Of course, a different privacy feature is not always the case. Some messaging applications do have similar-looking privacy features but there are also those messaging applications that make it immensely hard for the users to make their conversations private.

We have already alluded to the fact the Google’s Allo chat/messaging application does not offer end-to-end encryption by default. This feature is an opt-in feature for users who want to make their conversations extra secure.

The only problem with no encryption by default is that it leaves a huge backdoor open for cybercriminals to compromise a user’s personal and private information.

Having said that, according to a recent report published by the Wall Street Journal, the number of major messaging application companies that always use end-to-end encryption by default are currently three.

These three messaging applications are,

  1. Facebook Inc’s WhatsApp
  2. Open Whisper System’s Signal messaging application
  3. Apple Inc.’s iMessage application

The really interesting part about Facebook’s Whatsapp is that, according to a report published by the New York Times on Sep 27, 2016, Facebook was actually ordered to halt any data collection activities on the users of its messaging application WhatsApp in Germany.

In fact, according to the same published report by the New York Times, it was revealed that Whatsapp had done the exact opposite of what it was ordered to do , by announcing last month that the messaging application would start to share the online information regarding its users with its parent company, Facebook.

The data protection commissioner for the city of Hamburg, again ordered Facebook to stop its data sharing activities. It was also reported that the regulator also requested Facebook to erase all information that the company’s wildly popular messaging application, WhatsApp, shared with it.

The information shared between Facebook and WhatsApp was estimated to be on around 35 million online German users.

Facebook Messenger

Facebook Messenger is probably the most used messaging app in the world.

Facebook Messenger’s privacy feature is quite similar to the one in Google Allo in the sense that similar to Google Allo messaging application, the end-to-end encryption feature is an opt-in feature rather than a default feature.

Moreover, the end-to-end encryption feature in Facebook Messenger is only available for users who use Facebook Messenger messaging application on a mobile platform. In other words, desktop users don’t even have the option of enabling end-to-end encryption for their conversations.

For the mobile users too, the feature is not turned on by default. Users who want to make use of the privacy feature are actually required to enable the feature from the settings menu.

But that isn’t even the worst part. The worst part was revealed by a recent report that was produced by the Indian express, which uncovered that Facebook Messenger chatbots could theoretically endanger user privacy.

The Indian Express report also brought light to the fact that when it came to tracking online orders, chatbots were indeed the ideal solution. However, because of privacy concerns, online customers including those who wanted to purchase products were less likely to share sensitive data. That held true not only for people but also for companies. Handing over personal information was a problem in all sectors of the online economy.

But even if one ignores that issue for a moment, then there is still the problem of companies not trusting Facebook to share exclusive data related to their customers. In fact, some companies might even be put off by Facebook’s usage of their customers’ data. As a result, these same companies were also less likely to use Facebook Messenger for sensitive information.

A blog post that was published on the Wall Street Journal website in 2014, asserted  that even though people who downloaded and used Facebook Messenger application criticized the amount of permission they had to give up to Facebook Messenger in order to avail the service before downloading the actual application, they were actually not handing over any additional private data in the process.

What About Skype Then?

Skype, initially did not have end-to-end encryption.

In the not too distant past, many people believed that Skype did not offer end-to-end encryption for its users. Skype’s messages were routed through Microsoft’s server but those messages along with audio and video chats were not encrypted until they had reached the transit stage.

Ars Technica, a technology news and information website created by Ken Fisher and Jon Stokes in 1998, in a report that was published in 2013, stated that its investigative reports indicated ‘the Microsoft-owned service regularly scans message contents for signs of fraud and company managers may log the result indefinitely.’

To put it another way, a user’s private data or files was exposed to cyber criminals and hackers if the security of the user’s computer, smartphone or tablet was weakened or compromised.

On the other hand, a report that was published by Reuters in March of this year said that Skype had launched a new version of its own messaging service that promised end-to-end encryption for all conversations, including by video.

But another authoritative cyber security website, Comparitech, came out with its own report which had discovered that Skype did not encrypt everything that was sent through its servers.

The report that was published in July of the current year helped industry experts to understand that Skype-to-Skype calls were encrypted as long as none of the participants use other methods of calling other than the online ones.

In other words, if a person used Skype to make a phone call to a mobile or landline number then that fragment of the call, which took place over the traditional phone network, PSTN, was not encrypted.

The Case With Google Hangouts

Google hangouts probably has the worst privacy features of them all.

Google Hangouts, which was released in 2013, has gained a significant amount of traction in the last couple of years. Contrary to the messaging application’s beginnings, the masses finally started coming to the messaging application sometime after 2013.

That still doesn’t explain the fact why this messaging application still does not provide end-to-end encryption for its users.

Motherboard stated in one of its published studies that Google Hangouts indeed did not provide any end to end encryption as far as user conversions were concerned. Moreover, a Google representative uncovered this fact last year as well that Google Hangout conversations were only encrypted when they were in transit.

So what happens if a government asks Google to wiretap its Google Hangout conversation?

Well, because Google Hangouts does not use any end-to-end encryption, Google could certainly hand over information to the government agencies if they asked for it.

With that said, it is also true that with Edward Snowden’s revelations about how government agencies spied on its own citizens, the issue of knowing whether your conversations are being recorded by one agency or another has become a rather important one for the vast majority of the public.

This concern is, of course, offset by the fact that most of the people who use the internet for their daily communications just can’t help themselves and end up using social media messaging application such as Facebook Messenger, Skype, and Google Hangouts regardless of the fact if their data is compromised or not.

And most of all, this trend of more and more people using social media messaging applications is only going to increase in the coming future.

You, on the other hand, can select the best messaging application that suits your needs. If privacy is on the top of your concern list then you should definitely go with the messaging application that provides end-to-end encryption by default for all conversation.

That is the only way to ensure that your conversations are safe for eavesdroppers that scour the internet for weak targets.

Or just use a VPN service.


Zohair A. Zohair is currently a content crafter at Security Gladiators and has been involved in the technology industry for more than a decade. He is an engineer by training and, naturally, likes to help people solve their tech related problems. When he is not writing, he can usually be found practicing his free-kicks in the ground beside his house.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.