Last month an excellent report (What-Is-Secure-An-Analysis-of-Popular-Messaging-Apps-20-June-2023) was released describing the security situation of messengers.
The report analyzed the security of Signal, WhatsApp, Telegram, Google Messages, Apple Messages and Meta’s Messenger.
- Users are not well acquainted with the technicalities of security implementations and do not understand the specifics of certain feature names.
- It is necessary to encrypt and minimize the storage of metadata, and to allow users to decide for themselves what functionality to use and to what extent.
- Pay attention to the functionality that affects security – local copies, authorization and search by numbers, processing of deleted messages.
- Interaction with social platforms and comparison of data with them.
- Use stronger encryption and assert rights at the state level to prohibit invasion of privacy (hard to understand the implementation).
Assessment methodology:
- Interviews.
- Technical evaluation.
- Design evaluation.
- Regulation and privacy.
Further consideration is given to encryption security, authorization features, and other both technical and user interface decisions.
Recommendations
- No tool provides guaranteed protection. It is a question of the value of the information and resource to the adversary.
- Using encryption is generally a good thing :-).
- Need to customize the device and application based on your needs.
- If you have very sensitive information, then apply separate device, general and personal security principles.
- For the rest, remember the “elusive Joe”.
In any case, the report is quite detailed and contains 86 pages of research results, which despite the banality of the conclusions may seem interesting.
