is.strong.e2e.crypto.default.or.not

aka

Does your mobile messaging app use strong end-to-end encryption by default when you talk to your friends?

YES

1)  Signal:  built-in since before Feb 24, 2014.  Be aware of the metadata-spewing properties of every mobile messaging app.


2)  WhatsAppon by default since April 5, 2016.  Change some of the settings to increase privacy and security.


3)  ChatSecure:  built-in since before Oct 24, 2013[tentatively recommended - there are lots of under-the-hood changes in the works and a third-party analysis is needed once they are complete]



NO

1)  iMessage:  although end-to-end encryption is on by default [PDF - pg 41], it's missing key verification, unencrypted messages are backed up to iCloud by default, and the underlying crypto could use an overhaul.


2)  Allo:  although it uses the Signal Protocol to provide end-to-end encryption, it is not on by default and it might never be - the encryption would prevent Google's search assistant from analyzing the content of your messages in order to 'help' you.


X)  Everything else has multiple deficiencies that prevent them from being recommended as a truly secure option. Future updates to this site will detail the problems with other popular apps.

 


Stick with the YES options up above if you want strong in-transit confidentiality for your mobile messages that is active by default.