This spring, text messages got a lot more private. In April, the world’s most popular messaging service, WhatsApp, announced it would use end-to-end encryption by default for all users, making it virtually impossible for anyone to intercept private WhatsApp conversations, even if they work at Facebook, which owns WhatsApp, or at the world’s most powerful electronic spying agency, the NSA. Then in May, tech giant Google announced a brand new messaging app called Allo that also supports end-to-end encryption.
Making the news even better from a privacy standpoint is that both WhatsApp and Allo use a widely respected secure-messaging protocol from Open Whisper Systems, the San Francisco-based maker of the messaging app Signal.
To recap, there are now at least three different instant-message services that implement robust encryption: WhatsApp, Signal, and Allo. How is someone who cares about their privacy and security to choose between them?
In this article, I’m going to compare WhatsApp, Signal, and Allo from a privacy perspective.
While all three apps use the same secure-messaging protocol, they differ on exactly what information is encrypted, what metadata is collected, and what, precisely, is stored in the cloud — and therefore available, in theory at least, to government snoops and wily hackers.
In the end, I’m going to advocate you use Signal whenever you can — which actually may not end up being as often as you would like.
What’s up, WhatsApp?
With more than 1 billion users, WhatsApp is the world’s most popular messaging app. Which is why it was huge news among encryption advocates when the company a year and a half ago announced a partnership with Open Whisper Systems to integrate the Signal protocol into its product. The rollout was gradual, starting only on the Android version of WhatsApp and only for one-on-one text communication, but by this past April, WhatsApp was able to announce it was using the Signal protocol to encrypt all messages, including multimedia messages and group chats, for all users, including those on iOS, by default.
So if a government demands the content of WhatsApp messages, as in a recent case in Brazil, WhatsApp can’t hand it over — the messages are encrypted and WhatsApp does not have the key.
WhatsApp may retain date and time stamp information associated with successfully delivered messages and the mobile phone numbers involved in the messages, as well as any other information which WhatsApp is legally compelled to collect.
A WhatsApp spokesperson told the Committee to Protect Journalists, “WhatsApp does not maintain transaction logs in the normal course of providing its service.” However, the company makes no promises and could easily record and hand over metadata in response to a government request without violating its own policy.
When you first set up WhatsApp, you’re encouraged, but not required, to share your phone’s contact list with the app. This helps the WhatsApp service connect you with other users quickly and easily. A WhatsApp spokesperson confirmed to me that the company retains contact list data, which means that WhatsApp could also hand over your contact list in response to a government request.
Finally, online backups are a gaping hole in the security of WhatsApp messages. End-to-end encryption only refers to how messages are encrypted when they’re sent over the internet, not while they’re stored on your phone. Once messages are on your phone, they rely on your phone’s built-in encryption to keep them safe (which is why it’s important to use a strong passcode). If you choose to back up your phone to the cloud — such as to your Google account if you’re an Android user or your iCloud account if you’re an iPhone user — then you’re handing the content of your messages to your backup service provider.
By default, WhatsApp stores its messages in a way that allows them to be backed up to the cloud by iOS or Android. WhatsApp does let you remove your chats from these cloud backups if you go out of your way to do so, which I recommend you do, if you use WhatsApp to discuss anything sensitive.
Google's decision to disable end-to-end encryption by default in its new #Allo chat app is dangerous, and makes it unsafe. Avoid it for now.
— Edward Snowden (@Snowden) May 19, 2016
The first thing to understand about Google’s forthcoming Allo app is that, by default, Google will be able to read all of your Allo messages. If you want end-to-end encryption via the Signal protocol, you need to switch to an “incognito mode” within the app, which will be secure but include fewer features.
It’s 2016. We should be moving toward a future where the conversations we have on our phones are private, but Allo’s lack of default encryption is clinging to the past. Google releasing a new messaging app without default end-to-end encryption is like Tesla announcing a brand new model that only lets you use the airbags when you’ve disabled the entertainment system. As NSA whistleblower Edward Snowden put it, Allo’s defaults are “dangerous” and “unsafe.”
On the other hand, Google is trying something brand new, applying so-called machine learning techniques directly to your conversations. Allo hooks into an artificial intelligence called Google Assistant, which will read all of your messages and offer suggested responses, in your own slang, that it thinks you would likely write yourself. It also brings Google search directly into your conversations — you and your friends could, for example, search for a restaurant, pick one out, and make a reservation without having to leave the app.
Allo’s machine learning features prevent Google from turning on end-to-end encryption for all messages, since Google needs to be able to ingest the content of messages for the machine learning to work, a Google spokesperson told me. The spokesperson also said Google isn’t ready, until Allo is released later this summer, to make any promises about where user data will be stored or for how long.
The technology behind Allo looks very cool, but it’s moving in the wrong direction with regard to privacy. If privacy is important to you, you should use a messaging app that encrypts messages by default instead.
Along with Allo, Google is also releasing a new video calling app called Duo. Unlike Allo, all video calls in Duo will be end-to-end encrypted by default. Google isn’t releasing details — how the encryption works, if it’s possible for users to independently verify that it’s secure, or if metadata of the calls will be retained on Google’s servers — until it’s publicly released.
Signal in the Noise
The first thing that sets Signal apart from WhatsApp and Allo is that it is open source. The app’s code is freely available for experts to inspect for flaws or back doors in its security. Another thing that makes Signal unique is its business model: There is none. In stark contrast to Facebook and Google, which make their money selling ads, Open Whisper Systems is entirely supported by grants and donations. With no advertising to target, the company intentionally stores as little user data as possible.
Like WhatsApp, all messages sent over Signal are end-to-end encrypted, and Open Whisper Systems doesn’t have the keys to decrypt them. What about message metadata, your phone’s contact list, and cloud backups?
Signal users must share their contact list with the app in order to find other users — in WhatsApp, this is optional but recommended. But Signal doesn’t directly send your contact list to the server. Instead, it uses what’s known as a cryptographic hash function to obfuscate phone numbers before sending them to the server. (It also truncates the hashed phone numbers, if we’re being precise about things.) The server responds with the contacts that you have in common and then immediately discards the query, according to Marlinspike.
If you back up your phone to your Google or iCloud account, Signal doesn’t include any of your messages in this backup. WhatsApp’s gaping backup issue simply doesn’t exist with Signal, and there’s no risk of accidentally handing over your private messages to any third-party company.
Really happy with the Signal anti-forensics architecture: encrypted database excluded from backup, key in keychain. https://t.co/URipYdxnnI
— Frederic Jacobs (@FredericJacobs) February 24, 2016
Of course, this also means there’s no way to back up your Signal data to the cloud — a feature that some users find useful. If you lose your phone and restore a new one from backup, you simply lose all of your chat history. The Android version of Signal lets users locally export and import app data, for example if you’re switching to a new phone but still have your old one, but the iOS version of Signal does not support this.
In short, if a government demands that Open Whisper Systems hand over the content or metadata of a Signal message or a user’s contact list, it has nothing to hand over. And that government will have just as little luck requesting backups of Signal messages from Google or Apple.
From a user privacy perspective, Signal is the clear winner, but it’s not without its downsides.
Compared to WhatsApp’s 1 billion users, Signal’s user base is minuscule. Marlinspike said that they don’t publish statistics about how many users they have, but Android’s Google Play store reports that Signal has been downloaded between 1 and 5 million times. The iPhone App Store does not publish this data.
This means that if you install the Signal app, chances are you’ll have to convince your friends, family, and colleagues to install it as well before you can benefit from Signal’s top-grade privacy protection. If you install WhatsApp, chances are a lot of your contacts are already using it, and you can begin having encrypted conversations with minimal effort.
Signal also has fewer features and gets improved at a slower pace than its corporate competitors. For example, an early version of Signal Desktop has been available since the end of 2015, but it’s only available for Android users — iPhone support has not yet been developed, and it’s unclear when it will be finished. WhatsApp has a desktop version that works regardless of the type of phone you use.
Marlinspike told me that Open Whisper Systems has three full-time staff: two software developers and one person who handles user support and project management. With such incredibly limited resources, it’s surprising that they’ve accomplished as much as they have.