In the past couple of years, privacy advocates have helped the general public become aware of the need for secure communication and how your favorite social network may be misusing the unlimited message history, contact lists, and personal info they have available to them to target you with advertising (their business model).
There are plenty of app makers developing instant messaging services out there that focus on marketing their security features: Signal, Telegram, and of course our very own Rolo Secure Chat. But what makes secure messaging apps secure, and is it really enough to protect you?
What makes a secure messaging app "secure"?
Security experts agree the most basic component of secure messenger apps is end-to-end encryption. What this means in layman's terms, is that the encryption between users in the chat permits only the senders and the receivers to read the messages. This gives you absolute data privacy so that your service provider cannot read your messages.
Each of the aforementioned apps touts end-to-end encryption, but the way each app applies end-to-end encryption is quite different, and it's important to understand those differences when choosing an app based on your needs.
End-to-end encryption in Signal
Signal's end-to-end encryption methods are generally considered to be the gold standard among chat apps. Its open-source code enables anyone with the technical skills to review the source code and use it in their own chat app. However, having open-source code is a double-edged sword. There is a potential for hackers to look for security issues in the code and exploit them, although there are also "white hat" (good) hackers doing the same and looking to fix those security flaws before they get exploited. The pros and cons of open-sourcing an app’s code is a whole article in itself.
Signal's end-to-end encryption is always on, which is what you want to guarantee your privacy.
Signal's end-to-end encryption is only between the devices of the participants of a conversation and does not include a server in the middle. That means if your device is lost or damaged or if the Signal app on it is deleted/signed out, you will lose your messages and files forever, which for personal communication might be OK, but could be very problematic in a business context.
End-to-end encryption in Telegram
While Telegram offers end-to-end encrypted chat features, there are 3 significant shortcomings:
- End-to-end encrypted chatting in Telegram does not have end-to-end encryption by default. It is only Telegram's "Secret Chat" feature that is end-to-end encrypted, and that is buried several layers deep, by going into a person's profile and starting a Secret Chat with them.
- End-to-end encrypted chatting in Telegram is only offered for one-on-one chats - There is no end-to-end encrypted group chatting in Telegram!
- Secret Chats are limited to 1 device per participant, so there's no device switching. If you want to have a Secret Chat with a friend on a different device, you have to create and maintain a second Secret Chat with them. This can become confusing for keeping track of a conversation and the files you share between you - Which is not great for individuals or businesses.
From the above shortcomings, it's clear that Telegram is not as secure as you may believe it to be. That's not to say it's not a great app for your personal communications, but you should be wary of and plan for these issues if you intend to use it for transmitting sensitive data.
End-to-end encryption in Rolo Secure Chat
Rolo Secure Chat uses the same encryption technology as BlackBerry Messenger Enterprise (BBMe), and stores encrypted messages on BlackBerry servers. BlackBerry has been trusted by government organizations and banks for almost two decades to securely transmit messages and store them in the cloud.
Rolo Secure Chat applies BlackBerry end-to-end encryption and securely stores your encrypted messages on BlackBerry servers. This not only means that you can access your messages from multiple mobile devices, but you also you can maintain access to your past conversations, even if your devices are lost or damaged while guaranteeing the privacy of your conversations.
Is end-to-end encryption enough to protect you?
End-to-end encryption in instant messaging apps keeps communications between you and the people you chat with to your private chats, but there are still security risks. The content of private messages in mobile messaging apps can expose or damage your devices and data, whether or not that was the intention of the people you're chatting with.
Protecting yourself from malicious links
The easiest way to have your device exposed or attacked is by clicking on a malicious link - a link that takes you to a website that infects your device or otherwise pretends to be another website (such as your bank) and "phishes" your data, which they can later use to hack those accounts.
One of Rolo Secure Chat's extra features is its ability to protect you from malicious links by optionally scanning every link you receive/send and warning you of any potentially malicious content before clicking such links. This is quite important among security features because it protects you whether or not you're communicating with malicious actors.
Protecting yourself from other malware, viruses, and phishing
At present, there are no secure chat apps with built-in malware scanning (checking files you receive in your private messages have something bad in them that present you with added security risks.) That means that an individual could send you a virus or other malware such as ransomware through a secure chat app, and that can compromise your device and all its communications/data.
To minimize security risks and afford you more complete protection, requires "Endpoint protection". Endpoint protection typically covers all your devices from a managed control panel, protecting you against different types of security attacks, while antivirus software covers a single endpoint and only detects and blocks malicious files. It's quite likely that you have a Firewall or Antivirus/Antimalware running on your device, but these are not enough to eliminate all security risks.
A Firewall only blocks certain types of internet traffic from entering your device, but if you have allowed your secure chat app, a Firewall does little to protect you from malicious files or links you may receive from malicious actors.
Antivirus/Antimalware apps running on your device do provide extra security for your phones, Android phones, and computers, but there are still security risks because they only protect you against an online database of exploits that have already been discovered, and offer no protection against zero-day exploits (those which have been yet to be discovered and added to the database)
With these security risks in mind, we decided to strengthen Rolo Secure Chat's partnership with BlackBerry, by offering a bundle of Rolo Pro with BlackBerry Protect, which is their AI-based endpoint protection app for desktops and mobile devices. Cybersecurity experts SE Labs published a report about the effectiveness of BlackBerry Protect against multiple forms of real-world hack attacks. What is special about BlackBerry protect, is that its in-built AI recognizes security risks without having to check against an online database, so it protects against zero-day vulnerabilities, even if your device is offline.
You need to understand the security risks and not only choose a private chat app with the right security features to be your default messaging app but also think about how your connected device is protected, knowing that online security protocols alone are not enough. It is, therefore, best to add another layer of security to your private messaging app by installing a trusted endpoint protection app on your device.