The Snowden Phone: A Comparative Survey of Secure Instant Messaging Mobile Applications

Abstract

In recent years, it has come to attention that governments have been doing mass surveillance of personal communications without the consent of the citizens. As a consequence of these revelations, developers have begun releasing new protocols for end-to-end encrypted conversations, extending and making popular the old Off-the-Record protocol. New implementations of such end-to-end encrypted messaging protocols have appeared, and several popular chat applications have been updated to use such protocols. In this survey, we compare six existing applications for end-to-end encrypted instant messaging, namely, Signal, WhatsApp, Wire, Viber, Riot, and Telegram, most of them implementing one of the recent and popular protocols called Signal. We conduct five types of experiments on each of the six applications using the same hardware setup. During these experiments, we test 21 security and usability properties specially relevant for applications (not protocols). The results of our experiments demonstrate that the applications vary in terms of the usability and security properties they provide, and none of them are perfect. In consequence, we make 12 recommendations for improvement of either security, privacy, or usability, suitable for one or more of the tested applications.