Donald Trump won the US presidential election this week, and a lot of people are nervous. Trump previously called for a boycott of Apple’s products after it refused to build a backdoor key for law enforcement who wanted to access the iPhone of a suspected terrorist. Trump has also repeatedly voiced his interest in maintaining “law and order,” a vague desire that might concern some activists. With a Republican congress, Trump also has the power to pass legislation that could offer law enforcement more comprehensive access to Americans’ private communications. We don’t yet have concrete encryption policies from Trump, but given these past statements, it might be time to switch to an encrypted messaging app. Encryption can’t stop the NSA or the most determined attackers from viewing your data, but it at least offers a baseline level of protection. Here’s what you need to know about the messaging apps you’re already using and how they compare to one another privacy-wise:
iMessage is end-to-end encrypted by default between iPhones, and Apple made a point of fighting for its users’ privacy earlier this year following the mass shooting in San Bernardino. That default iMessage encryption doesn’t matter, however, if the person you’re texting has an Android phone because Messages will revert to unencrypted SMS.
iPhones are encrypted by default, so Apple can’t get into a device or read sent messages, even if it wanted to do so. That being said, The Intercept reported that Apple logs the people its users message. Whenever a message is sent, Apple’s Messages app asks Apple’s servers whether the contact has an iMessage account, thereby giving Apple information about who you’re contacting. That information is logged, along with the date and time the request was made. Those logs are saved for 30 days, although check-ins with Apple’s servers continue to happen on a regular basis. That contact information can be given to law enforcement with a warrant.
WhatsApp is end-to-end encrypted by default through Open Whisper’s open-source Signal protocol. Only messages in-transit are protected, however. While the messages might be secured and unreadable, at least without heavy cooperation from WhatsApp, the company still retains and stores chat logs, even after they’ve been deleted. iOS researcher Jonathan Zdziarski found that data from those chat logs can be restored if anyone gains physical access to a device. WhatsApp also shares some individual data, including phone numbers, with Facebook.
Telegram doesn’t end-to-end encrypt chats by default, although users can turn encryption on in “secret chats.” The company relies on its own MTProto protocol, which many researchers are skeptical is completely secure because the founders designed the cryptographic algorithm themselves.
Signal is end-to-end encrypted by default and funded through donations and grants. The app encrypts both phone calls and messages, and also doesn’t store metadata. An observer could only see that you pinged Signal’s servers — not who you contacted or when. Signal is preferred among most cryptographers but can run into issues when connecting iOS and Android users.
Messenger chats aren’t encrypted end-to-end by default. Users have to open a “secret conversation,” and both users have to be using an updated version of Messenger. Conversations can only be accessed on a single device, and chat logs can be deleted from your profile settings. You can also set an expiration date on messages, which will make them disappear after a certain amount of time. Like WhatsApp, Messenger relies on the Signal protocol for encryption.
Google’s new messaging app stores all messages by default. The chat logs last on Google’s servers until a user actively deletes them, and the app doesn’t enable end-to-end encryption by default. Incognito Mode is encrypted end-to-end and stored on Google’s servers as encrypted. As a result of that logging, law enforcement can request chat logs using a warrant, similar to Gmail and Hangouts.