While there are a number of messaging apps from which to choose, only a dozen or so have marketplace gravitas. The best-known and most-utilized are usually the ones that come with your smartphone: the Google, Samsung, and Apple Messages apps, the Facebook Messengers, and the Whatsapps of the world. Most people don't even think about their messaging app -- they take it for granted and simply check notifications regularly.
But there are differences between them, and the most important ones involve security, because all messaging is speedy and virtually instantaneous. Is it possible for hackers to break into your connected device through a vulnerability in the messaging app? You bet it's possible, and break-ins there are more common than you might think.
For example, we've probably all received phony messages purportedly from a friend containing a link to a video ("I think you're seen in this video ... check this out!"). Woe to those who fall for this ruse. So security and encryption of messages is a serious consideration when it comes to messaging, which is far and away the favored method of communicating among Millennials, Gen Z folks, and younger.
Please know that end-to-end encryption is not a security panacea that will protect you from surveillance. Even if you use a secure messaging app, an unsecured device can enable anyone to access your messages. The best way to protect your messaging apps is with a separate password or use of biometrics (face, fingerprint, iris) on your device.
We've identified five of the most secure (and most utilized) messaging applications available.
Compatible operating systems: Windows, MacOS, Linux, Android, iOS
Price: Free
Signal is probably the best all-around bet when it comes to reach, security, and privacy-enabled features. However, it lacks the usership of the Messages and Messenger apps because it is not a pre-loaded default app inside phones. Development of Signal was started by Open Whisper Systems, creator of TextSecure, which used end-to-end encryption to secure the transmission of instant messages, group messages, attachments and media messages to other TextSecure users. In 2015, TextSecure was merged with an encrypted voice-calling application called RedPhone, and the entire company was renamed Signal. Signal has become a favorite of the infosec community since its release, but it also has grown in popularity among ordinary users. It still has nowhere near the same number of active users as those noted above, however.
Key features/attributes
Pros
Cons
Compatible operating systems: Android, Windows
Price: Free(Google Messages currently comes with Android devices not made by Samsung)
Security: Knox Security (Samsung); standard device security (Google)
It's easy to get Samsung Messages and Google Messages confused, because they populate Android phones used the world over. Samsung Messages, included only on Samsung phones, has an interface that might be a little easier to use. However, the main advantage of Google Messages is the availability of RCS (rich communication services) by default, no matter where you live or which carrier you use. You can have RCS with Samsung messages, but only if your carrier supports it. All Verizon plans, for example, now support Google Messages.
RCS is a next-generation SMS (short messaging service) protocol that upgrades standard text messaging. Features include payments, high-res photo/file sharing, location sharing, video calls, and others that are delivered to a device's default messaging app. Knox's E2EE security protocol, with its military-grade encryption, is a major advantage for users of Samsung Messages.
Key features/attributes
Pros
Cons
Compatible operating systems: MacOS, iOS
Price: Free(on Apple devices)
Apple Messages is used only on Apple devices, but it is exemplary when it comes to security features. In addition to offering end-to-end encryption between users, Apple Messages allows users to control how long the message stays up and how many times the recipient can view the message (although this feature is only available to those who have iOS 10 and above).
Regardless of which Apple device you're using, whether it's iOS, watchOS, or iPadOS, your messages are end-to-end encrypted and cannot be accessed without a passcode. Users of Apple's FaceTime can also rest easy knowing that their video calls are also E2EE-empowered.
Key features/attributes
Pros
Cons
Compatible operating systems: Windows, MacOS, Android, iOS, KaiOS
Price: Free
WhatsApp may be used by more people than many of the above apps, but its ownership by Meta (formerly Facebook) is worrisome. The founders of WhatsApp in 2009 originally intended it for people to publish status updates, similar to Facebook's statuses. It was the messaging feature, however, that sold the app to Meta, which bought it in 2014. WhatsApp is encrypted end-to-end, but its ownership continues to raise concerns about how it could be used in the future.
Key features/attributes
Pros
Cons
Compatible operating systems: Windows, MacOS, Linux, Android, iOS
Price: Free
A key feature of Telegram is that it provides its users with two layers of secure encryption. Both private and group cloud chats support server-to-client encryption, while secret chats benefit from client-to-client encryption. In both instances, messages are encrypted. Telegram has recently gained popularity for organizing protests largely because it allows large chat groups of up to 10,000 members. This has in turn drawn the attention of state actors.
Key features/attributes
Pros
Cons
Signal is our top pick for the best encrypted messaging app because of its wide range of compatible operating systems, extra protection through passwords, and open-source technology. However, if you are an Apple user, Apple Messages will provide great E2EE, and same goes for Android users with Samsung and Google Messages.
If you want to chat across OS systems, though, Telegram and WhatsApp are also decent options that provide E2EE capabilities to keep your messages secure.
Encrypted Messaging App | Price | Compatible OS | E2EE by default? |
Signal | Free | Windows, MacOS, Linux, Android, iOS | Yes |
Samsung and Google Messages | Free | Android and Windows | Yes |
Apple Messages | Free | MacOS and iOS | Yes |
Free | Windows, MacOS, Android, iOS, KaiOS | Yes | |
Telegram | Free | Windows, MacOS, Linux, Android, iOS | No |
It depends on your needs and your device. Some apps only play well on the iOS platform while others are more suited for Android devices. Moreover, this buying tree can help you decide which encrypted messaging app is right for you:
Choose this encrypted messaging app | If you want or are... |
Signal | Best all around |
Samsung/Google messages | Supports RCS by default |
Apple messages | Best of iOS devices |
Great app for customized privacy options | |
Telegram | Two layers of secured encryption |
We only discussed messaging apps that use (or can optionally use) end-to-end encryption (E2EE), a method of encrypting data that only allows the sender and receiver of the message to decrypt and read messages passed between them. More importantly, encryption prevents apps from storing copies of your messages on their servers.
Signal and other encrypted messaging apps are not a security panacea that will protect users from surveillance. You still have to have a secured device to safeguard your messages.
The statutory definition of records (44 U.S.C. 3301) includes all machine-readable materials made or received by an agency of the US Government under federal law or in connection with the transaction of public business. Agencies that allow IM traffic on their networks must recognize that such content may be a federal record under that definition and must manage the records accordingly. The ephemeral nature of IM heightens the need for users to be aware that they may be creating records using this application, and to properly manage and preserve record content. Agency records management staff determine the record status of the IM content based on the overall records management policies and practices of their agency.
Nearly all IM client software has the ability to capture the content as either a plain text file or in a format native to that client. Generally, the location and maximum size of that file are determined by a configuration setting in the client. DoD 5015.2 certified applications have the ability to capture and manage records in any electronic format. Such formats include those files produced by the various IM clients.
In addition, various IM management products have the ability to address the monitoring and management of IM content, either from those clients that are part of the agency's enterprise or the various public clients. Generally, these products operate at the server level and should be able to capture IM sessions regardless of the configuration of the individual client.
Determining which solution is appropriate for your agency involves collaboration among the program staff, the information technology (IT) staff, the records management staff, and NARA.
Here are a few other options to look into: