End-to-end encryption under fire: how to keep your phone messaging as secure as possible

As a war is waged on end-to-end encryption, here are ways to keep your communications safe from prying eyes

WhatsApp, Signal and five other apps have voiced opposition to proposed UK legislation in an open letter. Photograph: Tero Vesalainen/Alamy/PA

How secure is your phone? That is a question that many people may be asking themselves as recent event put encryption and its role in our lives back in the spotlight.

There are good reasons why encryption exists. It is a layer of protection that helps keep unwanted eyes out of our business, makes sure personal information is safe and ensures your confidential information – bank account log ins and so on – can’t be intercepted.

The problem? That same technology also protects people with less-than-good intentions. It makes it more difficult for law enforcement to track down those who are breaking the law, or to find illegal material.

As a result, a war has been waged, both publicly and in the background, on end-to-end encryption as various governments have sought to break the technology.

READ MORE

In the UK, proposed internet safety legislation designed to take social media companies and platforms such as Facebook, TikTok, Instagram and YouTube to task and regulate them has also included a plan to force tech companies to break end-to-end encryption in private messages. Of course, it’s not as blatant as that. The government says it wants the communications regulator to compel platforms to use accredited technology, or try to develop new technology, to identify child sexual abuse content.

But the messaging companies argue that this is incompatible with end-to-end encryption. WhatsApp, Signal and five other apps have already voiced their opposition in an open letter, arguing the law could give unelected officials the power to “weaken the privacy of billions of people around the world”. In other words, if you build a backdoor for one, it’s a backdoor for all.

A leaked survey of EU member states showed strong support from Spain for banning end-to-end encryption altogether

The European Union has also wrestled with the issue of encryption. Last month, a leaked survey of member states showed strong support from Spain for banning end-to-end encryption altogether, while other EU countries were in favour of some form of scanning of private messages to find illegal child sexual abuse material.

There are still options out there if you need – or want – a fully encrypted phone. The Blackphone Privy 2.0, for example, is made by a company called Silent Circle and features an encrypted version of Android that the company claims is unhackable.

But people may well have thought the same of EncroChat. The service hit the headlines in recent years as police infiltrated the secure phone platform and gained access to messages that were subsequently used in the arrest of a number of alleged crime figures.

Give me a crash course in . . . the criminal messaging system bustOpens in new window ]

But the platform wasn’t originally designed to help people evade the law. In 2015, when the company put out the first version of its operating system, EncroChat was aimed at celebrities who were worried their phones could be compromised. However, as rivals were shut down, it quickly became a favourite with criminal gangs – until it too fell.

For most people, a few small changes could make your phone much more secure.

“The reality is that even if you look at iPhones, they come with inbuilt encryption,” says Raluca Saceanu, chief executive of security specialist Smarttech247. “The most important thing to remember is that you can make that encryption even stronger by adding a passcode or using biometric measures such as FaceID. And then when you use authentication like that, the iPhone uses a dedicated security chip called Secure Enclave to protect the data.”

For Android users – who have the ability to allow downloads from unknown sources – keeping unknown apps off your phone is important

No matter how many high-end security features you have on your phone, what else you choose to install is just as important – in other words, be careful about the apps you download. If they don’t support end-to-end encryption, you are poking holes in your own suit of armour.

Basic mobile security hygiene will go a long way to keeping your data secure. That means downloading only trusted applications to your device, ensuring the chat apps you use offer end-to-end encryption, and making sure that you have a passcode and Face ID on your phone. Changing passwords regularly also helps.

For Android users – who have the ability to allow downloads from unknown sources – keeping unknown apps off your phone is important. “The app doesn’t necessarily have to spy on you. But it could drop silent malware, it could intercept your communication to a certain degree, or equally try to trick you into giving credentials,” says Saceanu.

“Anything that is connected to the internet is vulnerable and has to be taken as vulnerable, and that’s important to remember,” says Saceanu. “At the end of the day, nothing is unhackable, and if you’re worried about your privacy and your own data, please store it in a place that is secure.”

If you are on the hunt for a more secure messaging app, you have options.

WhatsApp

This illustration photograph taken on April 11, 2023, shows the US instant messaging software Whatsapp's logo on a smartphone screen in Moscow. (Photo by Kirill KUDRYAVTSEV / AFP) (Photo by KIRILL KUDRYAVTSEV/AFP via Getty Images)

Meta-owned WhatsApp offers end-to-end encryption on chats and calls, which means that only the intended recipient can see the content of the messages. It keep everything visible too; when someone reinstalls WhatsApp or changes to a new phone, you will get a notification in the chat that your security code has changed, giving you the chance to compare codes to ensure encryption is still in place.

The weak link could be your chat backups. If you are in the habit if saving everything to iCloud or Gmail every day, be sure to encrypt the backups to prevent anyone else getting sight of them.

Signal

Signal has in the past been given the seal of approval from Edward Snowden, security expert Bruce Schneier and ex-Twitter boss Jack Dorsey

Signal, often touted as an alternative to WhatsApp, was cofounded by WhatsApp co-founder Brian Acton after he left the company following disagreements over user privacy. It’s a simple, secure messaging app that offers text, voice and video messaging, with group chats and the ability to send files to recipients. You can use it on mobile devices and desktops, including Linux, and it is managed by a not-for-profit organisation, funded by grants and donations. It has in the past been given the seal of approval from Edward Snowden, security expert Bruce Schneier and former Twitter boss Jack Dorsey.

Telegram

Telegram: end-to-end encryption isn’t enabled by default. Photograph: Buda Mendes/Getty

Telegram’s free cloud-based messaging service will work across multiple platforms, including smartphones, tablets and computers. It offers you everything from text chats with your friends and family to voice chats. It was founded in 2013 and has about 550 million active monthly users. If you want to stay under the radar, you can add a username rather than allow people to search for you using your mobile phone number.

However, end-to-end encryption isn’t enabled by default; you have to start a “secret chat” with the recipient that will also clear messages automatically and disable forwarding of messages.

Wire

Berlin-headquartered Wire describes itself as a collaboration platform where you can send photos, videos and voice messages, share files and links. It is used by everyone from G7 governments to global organisations.

It has end-to-end security, so your data is protected, and you can avoid man-in-the-middle attacks – where someone pretends to be your contact and intervenes in your conversation – by verifying the fingerprint Wire has assigned to your recipient’s device. Disappearing messages are also an option, with a timer that ranges from 10 seconds to four weeks.

Wire is a for-profit business, but it doesn’t monetise your data, and personal users can create a free account.

Threema

On Threema, everything is encrypted, including group chats, media files and status messages, and it generates as little data on the servers as possibley. Photograph: Kirill Kudryavtsev/AFP/Getty

Secure messaging app Threema does things differently. It costs around €6 to download, but you can stay completely anonymous, as it doesn’t require a phone number or email address to set up. Users are assigned a randomly generated ID, contact synchronisation is optional, and Threema’s apps are open source, so if you know your code, you can check it out and evaluate it for yourself. It is based in Switzerland, where it runs its own servers.

Everything is encrypted, including group chats, media files and status messages, and it generates as little data on the servers as possible. Once your messages are delivered, they are deleted from the server.

Element

Element, a secure messaging app and team collaboration in one, uses end-to-end encryption and decentralised chat to keep your messages safe from prying eyes. It also allows self-hosting, so you can keep control over your data – if you have the skills, of course – or choose another host, giving you total control over your data. Group video chat and screen sharing are also included, which are both important for remote working.