Top messaging apps flat-out flunk EFF's security review

Posted: November 5, 2014 at 10:47 pm

Some of the most widely used messaging apps in the world, including Google Hangouts, Facebook chat, Yahoo Messenger, and Snapchat, flunked a best-practices security test by advocacy group the Electronic Frontier Foundation (EFF).

The organization evaluated 39 messaging products based on seven criteria it believes such tools should meet in order to ensure the privacy and security of digital communications.

The reviewed products included mobile texting apps, instant messaging clients, voice and video calling software and email services. The results were published Tuesday under the form of a Secure Messaging Scorecard.

The EFF did not perform vulnerability assessments or in-depth technical analyses of the encryption implementations in the reviewed products. Instead it judged them based on principles and features it felt are necessary to protect communications from widespread Internet surveillance by governments, which includes data collection in transit or from online service providers.

When reviewing the products, the EFF asked the following questions:

Six applications, most of them open source, met all of the EFFs requirements: CryptoCat, a Web-based instant messaging application; ChatSecure, an encrypted chat client for iPhone and Android; TextSecure, a text messaging app for Android; RedPhone, an encrypted calling app for Android and Signal, its version for iOS; Silent Text and Silent Phone, the encrypted texting and calling apps by secure communications provider Silent Circle.

One of the few perfect scorers.

There were other apps that came close, failing on just one criteriathe annual code audit or the forward secrecy requirements. These products were Mailvelope, RetroShare, Subrosa, Jitsi, Adium, and Pidgin.

Of the mass-market products, Apples iMessage and FaceTime scored the highest, failing on only two requirementsthe availability of code for independent review and the out-of-band contact identity verification. This means they dont currently provide complete protection against sophisticated, targeted forms of surveillance, the EFF said.

Other widely used communication tools scored much worse, meeting only one or two of the seven requirements. This was the case of Google Hangouts, Facebook chat, Yahoo Messenger, Snapchat, WhatsApp, Viber, AIM, BlackBerry Messenger and several others. None of these products offer end-to-end encryption making communications through them susceptible to surveillance on the providers side.

Here is the original post:
Top messaging apps flat-out flunk EFF's security review

Related Post