📱 Text Message over E2EE Apps

TYPE	AUDIENCE	PRIORITY	COMPLEXITY	EFFORT	COST	UPDATED
Conduct	🧑	⭐⭐⭐⭐⭐	⭐	🧑	🆓	`2021-06-12`

Rationale

As explained in 📱 Avoid Text Messages over SMS, plain text messages are insecure and can be intercepted and redirected. We should therefore use secure communication channels instead.

Instructions

What you should know

E2EE is short for End to End Encrypted, and it means that only the people on the devices who are in the chat can read and write message in the chat. Anyone who tried to intercept the messages before they arrived on the other chat participant's phone would just "see" meaningless digital noise.
Though many apps support "encrypted chats", not all of them are E2EE ... or don't support it by default. So below we'll recommend which apps to use based on whether their chat messages are encrypted end-to-end by default.
Not supporting E2EEdoes not mean that the call is completely insecure or unencrypted. But it does means that another party (typically the platform itself) has access to your calls. So, while you may trust Microsoft (i.e. Skype and Teams) with your voice calls, there were reports in 2020 where Microsoft allowed its workers in China to listen to calls to monitor the audio quality. The chances are slim that your calls will end up in the wrong hands without E2EE, but it's not impossible. By using E2EE you remove this particular risk, that's why we recommend using it where possible.

What you should do

Pasted image 20210612234649.png

1. Use Signal for your Text Messages

Whenever possible, send your text messages over Signal. Follow the guides to 📱 Setup Signal and 📱 Safely use Signal.

Pasted image 20210613011759.png

2. Other Text Message apps defaulting to E2EE

Signal is the preferred method for text messaging. However, other apps also offer E2EE text messaging by default. The following list of platforms also don't have the encryption keys to read your messages:

Apple Messages - but it's only available on Apple devices.
Line - its E2EE implementation "Letter Sealing" is turned on by default, but can be turned off.
Rakuten Viber - both 1-on-1 and group chats are E2EE.

Other smaller apps which meet these criteria are Wickr, Threema, Wire, and Silence.

Pasted image 20210613010212.png

3. Do not use these text message apps for sensitive conversations

The following apps either don't support E2EE text messaging, or don't have the option set by default. These apps are best avoided when discussing sensitive information over text:

Facebook Messenger - Offers "Secret Conversations", but doesn't offer E2EE by default.
Facebook WhatsApp - Widely available and although it does offer E2EE for both messages and calls, as the recent privacy policy controversy underlined, Facebook's future commitment to privacy is uncertain.
Google Hangouts/Talk/Chat - Does not support E2EE.
KakaoTalk - Offers "Secret Chat", but doesn't offer E2EE by default.
Microsoft Skype - Offers "Private Conversation", but doesn't offer E2EE by default.
Microsoft Teams - Microsoft announced it would bring E2EE to Teams, but it will likely only be opt-in and for 1-on-1 messaging.
SalesForce Slack - Slack will not supported E2EE.
Telegram - Offers "Secret Chats", but doesn't send messages with E2EE by default. Calls are always E2EE.
WeChat - No Chinese app will offer E2EE as it isn't permitted by law.

Source : ExpressVPN, Slack, Microsoft, PentaSecurity, Kaspersky