Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,621
16,759



The Electronic Frontier Foundation or EFF, a non-profit digital rights group, has investigated the security of various messaging apps and created a new Secure Messaging Scorecard, ranking messaging apps and tools like iMessage, FaceTime, BlackBerry Messenger, Skype, Snapchat, and more, based on seven different factors:

- Is a message encrypted in transit?
- Is it encrypted so the provider is unable to read it?
- Can you verify contacts' identities?
- Are past communications secure if keys are stolen?
- Is the code open to independent review?
- Is security design properly documented?
- Has the code been audited?

Unsurprisingly, the apps that score highest on the EFF's chart are those dedicated to secure messaging, such as iPhone apps ChatSecure, Signal, and CryptoCat, both of which scored checkmarks in all categories.

Apple's iMessage scored five out of seven checkmarks, earning points for encrypting messages in transit and encryption that's unreadable by Apple, but the messaging app was faulted for an inability to verify contact identities and the fact that Apple's code is not open to independent review.

effchart-800x546.jpg
FaceTime was scored in the same way as iMessage, also offering encryption but no contact verification/independent review capabilities. Outside of dedicated secure chat messaging apps, both FaceTime and iMessage scored higher than competing messaging platforms like Skype, WhatsApp, Viber, Snapchat, Kik, Google Hangouts, and BlackBerry Messenger.

Few of the competing messaging services offer encryption that prevents the companies offering the services from accessing messages, though all encrypted messages in transit. Most iMessage/FaceTime competitors also fail to secure past communications if keys are stolen, and few had properly documented security design. QQ, a highly popular Chinese messaging app, failed at providing any of the qualities the EFF was looking for in a secure messaging app, not even bothering to encrypt messages.

According to the EFF, Apple's iMessage and FaceTime products were the "best of the mass-market options," which is not much of a surprise given Apple's unparalleled focus on user privacy. Apple has a comprehensive privacy site that details all of its privacy policies and the security of various apps and services, including iMessage and FaceTime.

On the site, Apple specifically says iMessage and FaceTime calls "are your business, not ours." The company offers end-to-end encryption and Apple has no way to decrypt it. "Unlike other companies' messaging services, Apple doesn't scan your communications and we wouldn't be able to comply with a wiretap order even if we wanted to," reads the site.

Article Link: iMessage and FaceTime Ranked as Most Secure Mass-Market Messaging Options
 

Derekeys

macrumors regular
Sep 17, 2012
190
424
Philadelphia, PA
Whine Time

I want synced deleting!!! If I delete a message off my iPhone I want my iMac, iPad, and macbook to have deleted them as well.

:D


Edit: Or at least make it an option as others may like that it doesn't occur that way.
 
Last edited:

Glassed Silver

macrumors 68020
Mar 10, 2007
2,096
2,564
Kassel, Germany
This reminds me of the announcement when FaceTime was presented as open-source*...

*correction: open protocol

*sigh*

Glassed Silver:mac
 
Last edited:

ArtOfWarfare

macrumors G3
Nov 26, 2007
9,329
5,475
"Is security design properly documented?"

Huh? I don't understand how whether the security is documented or not actually improves the security.
 

Imory

macrumors 6502a
Feb 2, 2013
798
279
Wonderland
I want synced deleting!!! If I delete a message off my iPhone I want my iMac, iPad, and macbook to have deleted them as well. :)

:D

I actually appreciate the fact that it doesn't work like that. But having the option to achieve what you want wouldn't hurt.
 

Dave532

macrumors member
Feb 19, 2014
47
0
This reminds me of the announcement when FaceTime was presented as open-source...

*sigh*

Glassed Silver:mac

Not open source, but they said they'd make the protocol an open standard which would let anyone implement it.

I did hear they couldn't do this in the end for patent reasons, they violated someone's patent and had to pay for the rights to use it therefore the standard wasn't completely theirs to open.

However I've never seen a citation to back this up. Anyone got a link to prove/disprove this?
 

cube

Suspended
May 10, 2004
17,011
4,970
"Is security design properly documented?"

Huh? I don't understand how whether the security is documented or not actually improves the security.

Because if it is documented, independent parties can find flaws in the design. If it passes, the implementation can still be flawed however.
 

chrisbru

macrumors 6502a
May 8, 2008
806
168
Austin, TX
I want synced deleting!!! If I delete a message off my iPhone I want my iMac, iPad, and macbook to have deleted them as well. :)

:D

Amen. If I delete something, there is a reason for that - it defeats the purpose to delete something if it still exists on my iPad and Macbook too.
 

StarManta

macrumors member
Dec 10, 2003
31
0
Columbus, OH
TouchID could be used to fill the holes suggested here.

Imagine this use case: Jane and John both have iPhones and are chatting using iMessage. Jane wants to send sensitive information (boob pics) to John, but wants to make sure that John hasn't handed his phone to his friend Bobby at the time she sends it. She could flag the message as 'secret', and John has to use TouchID or his AppleID password to verify his identity before seeing that message.

Offtopic: I'd also like a private browser that is 'locked' with TouchID. I could keep all my porn windows open in Private mode, and no one could see them without me unlocking that specifically.
 

Recognition

macrumors 6502a
Jun 27, 2013
596
672
TouchID could be used to fill the holes suggested here.

Imagine this use case: Jane and John both have iPhones and are chatting using iMessage. Jane wants to send sensitive information (boob pics) to John, but wants to make sure that John hasn't handed his phone to his friend Bobby at the time she sends it. She could flag the message as 'secret', and John has to use TouchID or his AppleID password to verify his identity before seeing that message.

Offtopic: I'd also like a private browser that is 'locked' with TouchID. I could keep all my porn windows open in Private mode, and no one could see them without me unlocking that specifically.

Haha1 great ideas you got there!

On a slightly related note, I really love the 'delete last hour' of web browsing history!

More believable than a blank history page!
 

VulchR

macrumors 68030
Jun 8, 2009
2,584
12,596
Scotland
Yeah, the content is not important.

/s

No, there are some formats that just aren't right. Anybody with eyesight difficulties or dyslexia would not be able to read that chart, but a simpler format would be fine. It just not necessary to make life more difficult for those of us who struggle with reading. This is not aimed at you, but I wish the business community in general would get that through their rather thick skulls...
 

ChrisCW11

macrumors 65816
Jul 21, 2011
1,037
1,433
Lol, open source

The column "Is the code open to independent reviewers", how on earth can the open source community continue to claim that their code is safe and secure because of peer review when HeartBleed and a slew of other major security holes and exploits have been found in open source code and has been their for years or even decades?

Just because a million monkeys review your code doesn't make it secure.
 

0xyMoron

macrumors 6502
Oct 5, 2012
433
3
California
No, there are some formats that just aren't right. Anybody with eyesight difficulties or dyslexia would not be able to read that chart, but a simpler format would be fine. It just not necessary to make life more difficult for those of us who struggle with reading. This is not aimed at you, but I wish the business community in general would get that through their rather thick skulls...

Exactly. :)
 

ggibson913

macrumors 6502a
Sep 11, 2006
984
457
All of that security does me no good if the intended recipient owns an Android Phone or Windows Mobile phone. One big factor, all the other messaging apps are cross platform.
 
Last edited:

Glassed Silver

macrumors 68020
Mar 10, 2007
2,096
2,564
Kassel, Germany
Not open source, but they said they'd make the protocol an open standard which would let anyone implement it.

I did hear they couldn't do this in the end for patent reasons, they violated someone's patent and had to pay for the rights to use it therefore the standard wasn't completely theirs to open.

However I've never seen a citation to back this up. Anyone got a link to prove/disprove this?

Woops, sorry.
Thanks for the correction.

And yes, I'd like to know whether that's truly the case with the patent.

Once more, software patents would work towards enriching all of our lives. :rolleyes:

Glassed Silver:mac
 

orioncrystalice

macrumors 6502
Jan 21, 2014
321
117
Excellent features, true. But again, there may still be artifacts upon deletion, unless I'm incorrect and iMessage to iMessage leaves none, and FaceTime sessions leave none?
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.