Best Secure Text Messaging App (For Most People) in 2023!
Secure text messaging is one of the simplest ways to protect your information from companies, including cell phone carriers, from snooping on your data. I’ve reviewed each of these on previous channels, but they’ve changed since then, so it’s time to revisit them like some fine wine and see which text messaging app is best for privacy and security.
The biggest concern we have with secure text messaging is encryption. If they are indeed secure, they should have end to end encryption so even if a government agency sent them a warrant, they wouldn’t be able to turn over any text messages, because they couldn’t see them. End to end encryption, also called E2EE means that only you and the person you’re sending the message to can see what is being sent - and that should include the text, photos, videos, and attachments.
Before we get into the third party app recommendations - it’s important to point out that both Apple’s iMessages and Google’s Android Messages app have E2E encryption enabled. In the case of Apples iMessages, this is the standard app that Apple iPhones come with and will serve up both standard non-encrypted SMS messages as well as encrypted ones. This can be convenient, but if you don’t pay attention, you could send non-encrypted messages without knowing it. The best way to tell is the text bubbles - if they are blue, that means you’re sending encrypted messages to someone else who is using iMessages. If it’s green, that means the receiver is using something other than iMessage and the text is not encrypted. iMessage does need to be enabled on the phone for encryption to be turned on, and your iCloud backups should be set up securely too in order to keep everything locked up tight. But using iMessages is definitely a good option for iphone users, if you don’t mind the fact that Apple is the company behind the app.
On Android’s Messages, if you see a little lock icon underneath the message, that means it’s encrypted. You can also click the 3 buttons in the conversation and click Details to see if the conversation is end to end encrypted. This means both parties are using Messages.
The unfortunate part of both of these is your conversations will only be encrypted if the receiver is using the same type of smartphone OS you are using and is also using the same app. Android to Android, Apple to Apple - neither of these companies has agreed to make an E2EE standard cross platform, though Google’s special type of RCS protocol, the backbone of their E2EE without going into a ton of nerdy details, is open and they’ve invited Apple to use it too, but Apple hasn’t done so yet and probably never will because they want everyone to use iPhones.
Since we have third party apps that can be downloaded on both operating systems and allow you to send E2EE chats, we know cross platform encryption is possible, but everyone has to agree on the same protocols. If tech companies don’t play nice, that puts our privacy at risk.
So how can you send encrypted messages cross platform? My friends and family are basically split 50/50 in terms of Apple vs Android. I’m on Android so I have to use a third party app to get encrypted messages to my friends on iPhones.
This whole convo about privacy is really important and brings me to my sponsor for today’s episode, DeleteMe.
In today's digital world, our personal information is constantly exposed online. In the case of mobile, one study showed 52% of apps are sharing data with 3rd parties, which can include data brokers. But DeleteMe has been my tool of choice to make that exposure less of a problem.
I signed up for DeleteMe as a customer many years ago, and they’ve continuously removed my personal information from data broker websites, giving me peace of mind and one less thing to put on my adulting list of to dos.
DeleteMe takes your privacy seriously, I appreciate that you can protect your DeleteMe account with 2FA, and they work tirelessly to remove your information from data broker websites. They provide you with regular updates and a detailed privacy report every quarter, so you can see the difference they've made in protecting your personal information overtime. I save all of my privacy reports so I can visually see how DeleteMe is doing overtime, and since I first signed up, they’ve doubled the amount of data brokers that they scan for matches.
Don't let your personal data be up for grabs. Use the code SNUBS at checkout - that’s S N U B S - for 20% off any of the consumer plans. or just click the link below or hit up JoinDeleteMe.com/MorseCode to sign up today and that code will automatically apply at checkout! Sign up now and safeguard your personal information today!
Huge thank you to DeleteMe for sponsoring this episode.
Like iMessages and Google’s Messages, some apps can replace your default SMS app and still have end to end encryption too, but only other people using that same app will also have encryption because all the apps use different kinds of protocols.
For example, you could totally replace the default app on your phone with Facebook Messenger, but some folks may not want to stick all their unencrypted SMS messages and all of their encrypted messages in one app, specifically one made by a major company like Facebook and may prefer to have a separate app just for the encrypted messages. In this case, I’ve got a few options for you to consider, all of which are free to use, and it’s gonna be pretty obvious which one of my favorite.
First is Signal. For a long time, Signal did support SMS messages too, but they’ve removed this from Android in recent months for logical reasons. But if both parties are using Signal… then this is the cream of the crop when it comes to E2EE. In fact, the protocol that Signal uses for encryption is so good that WhatsApp and Facebook Messenger adopted it too. The big difference though is Signal was founded by a cryptographer and expert in the field of encryption. It’s run by a non-profit, not a big social media company.
Signal is the number 1 choice of security experts for a variety of reasons. It lets you do regular messages, voice and video calls, group messaging, you can send photos and attachments, and nowadays you can make the app look pretty with colorful icons, gifs, animations, and custom wallpapers.
A useful feature is self destruct, which allows you to make messages disappear after a set amount of time. You are required to have a phone number to sign up, but if you are using Signal to talk to people who don’t necessarily need your main phone number, you can set it up with a secondary number, and share your Signal account with them without disclosing your primary phone number.
Number 2 is WhatsApp, and I have valid reasons for including this so continue watching. Even though this messaging app is owned by Meta or Facebook, many people may choose WhatsApp because of it’s popularity overseas. WhatsApp is very popular internationally, and it is end to end encrypted by default. While trust is a concern due to it’s parent company, the app itself is full of features and very easy to use.
Given that WhatsApp is free, cross platform, user friendly and easy to use, it’s a common go to. Messages are encrypted with the Signal Protocol, but metadata, which is shared with it’s parent company, isn’t.
Features include cute things like sending GIFS, photos and videos, voice messages, video calls and group convos.
I personally don’t use WhatsApp because it is owned by Facebook, but I would be doing a disservice if I didn’t include it. Unlike most security and privacy apps that end up in my recommendation lists, a major consideration for messaging apps is popularity and convenience. If other people aren’t using the private messaging app, then you either A) can’t send them messaging using that app, or B) your messages won’t be encrypted by default.
I also wanted to give a shoutout to some other apps. While these aren’t as popular as my picks, so it might be harder to get your friends or family to move to them so you get the perk of encryption, or they may cost money - all of these are optional apps you may also want to consider. That includes Threema, Telegram, Wire, Wickr, Silent Circle, Briar, Matrix Element, Session and Facebook Messenger. Each of these has pros and cons, but none of them include any major features that weren’t included in my top picks.
Some of them, like Telegram, don’t enable encryption by default or it’s not available for group chats. Others, like Facebook Messenger, are owned by a social media company so there may be an issue of trust, just like with WhatsApp. Telegram can hide your phone number, so that’s a plus.
Element is a cool option that has defaulted E2EE, strong crypto security, and it’s free. This uses the Matrix federated decentralized platform, very similar to Mastodon, so that also means it may be slow to add new features. The usability and ability to get normal people to adopt it may be much harder. This one is really intriguing though and I’d love to give it a more thorough video.
Session is limited and not heavily adopted. Briar is another really cool one, but it’s not available on iOS, and the features are extremely limited.
Threema is really good in terms of security, probably the best of my alternative options, but it costs $5 on iPhones and may be hard to get people to adopt it.
For me, getting folks outside of my nerdy hacker circle to adopt another app just for encryption is really tough, so using something that is free and cross platform, not to mention easy to set up and use, is extremely important. I make these recommendations with the understanding that my audience is no longer predominantly infosec or hacker. I’m a content creator first, so I need reliability, cross platform, and convenience. Signal still brings me those feature, though the loss of SMS, while understandable, makes it less convenient. Die hards, don’t get mad at me, read the reviews on Google Play I’m not the only one that feels that way.
I know I have folks in my audience who are both infosec experts as well as people who just want to get a little better at online security, so I’m curious if you’d choose one of these or if you prefer to just stick with Google Messages with RCS, or Apple’s iMessage with their own encryption. I’m not bugged out by Google owning messages so I like that all my Android folks get E2EE chats with me via RCS. I’d love to hear your opinions though.
Watch these videos for more security and privacy recommendations that don’t sacrifice convenience and subscribe for more.
Bye yall!
