A recent study by Positive Technologies has shown that over three quarters of all mobile apps have security issues, including Android apps which tend to have slightly higher risk levels. The most common issue has to do with secure data storage, meaning apps can put your sensitive data at risk.
Inevitably this shocking news is a call to action for mobile app developers to take a hard look at the security features in their products, but end users should also be making informed choices to protect themselves.
With security concerns continuing to grow, as shown by a never-ending list of such attention grabbing headlines, it's never been a better time to choose a secure messaging app. In the end, you should take a hard look at all apps you are using, but given that amount of information and data you likely pass through messaging apps, this may be the best place to start.
While this may seem like a simple endeavor, making an informed choice takes time and research. Many customers will get caught up in the promises secure messaging apps make regarding security features in the software itself (e.g.- "total encryption"). But in order to make the best decision regarding your messaging it's important to take into account a wider range of considerations:
- What security features does the app have?
- Where is the parent company legally based?
- What does the company do with metadata?
- Does the company have a history of cooperating with intelligence agencies?
- Does the company publish reports on transparency?
These are a few of the questions you should be researching before settling on a secure messaging app. By answering these questions you will have a much more holistic view of not only the security features, but also the security environment and business is operating in and their performance in security matters.
Why it Matters
Mobile malware is on the rise, with an increase in the number of new malware variants increasing dramatically in recent years. Given the increased number and range of threats, it's important to take a serious look at your security. The amount of personal information passing through mobile apps is continuing to grow, leaving you even more vulnerable.
Apart from malevolent actors trying to access your personal data for personal profit, there is also the very real threat of spying from intelligence agencies, foreign governments, and other actors. All of this leads to the conclusion that users need to take a more critical approach when using apps.
What to Consider When Choosing
There are many different factors to consider when making your choice of secure messaging app, as with any mobile application. In order to provide some structure to the research process, and not overwhelm you, you'll find the main categories that you should take into consideration below.
1. Security Features
While security features aren't the only thing you should take into account, they are of course a key consideration. How an app encrypts data that passes through is the first thing you should consider, as without strong encryption, none of the other categories much matter.
When looking into security features it's important to consider all of the different ways you will use the app: how you message, how you send files, how you share other content, etc. Make sure that the app encrypts all of these features at the very least.
2. Data Processing and Handling
For the highest levels of security, the most secure apps should also take a strict stance on not collecting and processing user data. Check a company's policy in this regard and see where they stand on data processing and handling.
3. Location of the Company
While the location of a company's offices and infrastructure may seem like a strange consideration when choosing an app, the legal jurisdiction a company falls under has large implications for your data security, as shown by the ongoing trade war disputes between the US and China around Huawei
Companies located in countries with strong data protection measures, such as EU countries that fall under the GDPR regulations, are less likely to divulge personal data to governments. On the other hand, a company based in a country that doesn't have such protections could be forced to turn over data for a range of reasons, meaning your data may not always remain private.
4. History of Transparency
Unforeseen incidents happen, even with the most secure apps. It's not realistic to expect a secure messaging app to have a perfect record, but it is realistic to expect them to act appropriately and transparently if there is a breach.
By being open with users regarding threats, whether potential or otherwise, a company demonstrates a commitment to protecting its users. Choosing an app that has a demonstrated record of honesty and transparency will help ensure that in the case of a security issue you will be promptly informed.
5. History of Breaches
As mentioned above, even the most secure apps sometimes face cybersecurity incidents. It's important to be aware of a company's history in this regard. If an app has consistently had security issues in the past, this may not be a good indication for the future.
You may also want to consider whether a company has a history of providing data to intelligence agencies. Not all users will be concerned with this, but if you are, looking into this aspect of a company's security history can also help you in your messaging app choice.
No messaging app is or will ever be 100% secure. That doesn't mean that they are all created equally though, and taking the time to do the research before making a final choice will quickly point out several differences.
There are certainly other considerations you can add to the list, however the above categories will help you cover the main security areas. Given the large number of security risks in mobile apps, taking your personal cybersecurity seriously is always time well spent.