What secure communication apps do you use?

Do you use Signal, Wickr, Confide, WhatsApp, SudoApp, ChatSecure or other apps to communicate securely?

I currently have five of such apps on my mobile phone, all on free subscription. I regularly use several of them. Some of my contacts have their own preferences about 1 particular app. Some other contacts are using and testing multiple apps for professional curiosity, like me, and we alternate apps from time to time.

Secure communication apps provide a good alternative to insecure email communication (ask Hillary Clinton about it). There is a growing list of choices amongst those apps. They are growing fast in popularity and not only with Security geeks like me. For example, leading politicians are reported to use them.

Those apps are very quick to install and easy to use. You download them from your app store. You follow a quick setup and enrolment process and you are good to go for secure communication in no time.

No privacy worries?

When installing and using secure communication apps, you may feel like entering a privileged super-private zone where you can freely and carelessly communicate with your contacts, for free.

Well, you know the saying:

“There’s no such thing as a free lunch privacy”

All private communication apps have their own specificity, in features, in how they secure messages, in being open-source or not, etc. They however all have something in common. While the apps’ providers may not be able to know the content of the messages you exchange, being encrypted, they gather information about you, including for example:

  • Your personal information on registration (email address, phone number, etc.)
  • Who you communicate with and additional metadata on your communications (e.g. date & time)
  • Your Address Book (everybody in your contacts list)

Confide Privacy Policy: “When you access and use the Service, you will be asked to grant us the right to collect the data stored in the address book on the Device from which you are accessing and using the Service”

  • And a whole raft of other data

Confide Privacy Policy: “Like most organizations, we rely on automatic data collection technology… when you visit our Website or use our Service…  such as your IP address, Internet service provider, browser type, operating system and language, referring and exit pages and URLs, date and time, amount of time spent on particular pages, what sections of the Website you visit, number of links you click while on the Website, search terms, and other data. They may also collect information about your Device, including universally unique ID (“UUID”), MAC address, operating system and version…, carrier and country location, hardware and processor information…”

The Confide Privacy Policy gave me a shiver, but to Confide’s credit their privacy policy is very well written, very clear and very easy to find. It is probably the clearest privacy policy I’ve come across amongst the secure comm app providers I’ve checked. It also provides some level of clarification on how collected data is handled (e.g. some data is stored in an anonymised or hashed manner).

See also the WhatsApp Privacy Policy (WhatsApp also collects device and connection information, which can include device location information),  Wickr Privacy Policy, SudoApp Privacy PolicySignal Privacy Policy and ChatSecure Privacy Policy.

There is some differences between the apps from a privacy point of view, the data they collect about you and what they do with that data. If you care about your privacy, you may want to understand about that before getting and using such apps.

Recommendations

I would recommend:

  1. Read the privacy policy of the app before getting it. Make sure you understand the data it will collect, the purpose of the collection and how the data will be handled.
  2. Watch the app setup process. You may be asked to grant the app access to data such as your address book – do you really want to do that?
  3. Check your device privacy settings. You can always check your privacy settings at any time, especially against Contacts, Location Services, Calendars, Microphone and Camera (iPhone/iPad under Settings, Privacy).
  4. Remember “There’s no such thing as a free lunch privacy”. How confident are you that your communications are truly secure and private with such an app? How confident are you that the app may not exploit your private data, whether by design or when compromised?

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s