A client has requested recommendations for secure chat tools which are compatible with Android and iOS devices and have group chat support.
Edit me

Secure Chat Tools for mobile devices

Recommendations on secure mobile chat tools for iOS and Android

Problem

Chat tools for mobile devices are numerous. We should make sure that the secure chat tools we recommend meet all of the following requirements (or, if they don’t, that their features meet the client’s needs and match their threat model):

  • Group Chat Support
  • End-to-End Encryption
  • Mature and maintained open source encryption protocol
  • Possibly all components should be open source (client-side and server-side)
  • Allows communication over mobile networks (3G/4G) or Wi-Fi
  • Sends notifications
  • Interoperability between iOS and Android

Solution

There are many chat apps that are available for iOS and Android, but only a few meet all of the above requirements. To decide what tools to recommend, we should compare the features of each tool with the client’s threat model and needs - although the preference should be for fully open source tools, sometimes the client might have other needs that are not met by the available free and open source software.

Free and open source centralized tools

Signal

Among all apps, Signal meets all of the above requirement and does not store metadata.

Signal is an Android, iOS and desktop app that offers end-to-end encrypted instant messaging, group chat, and 1:1 voice calls.

The encryption is based on the Signal protocol, and software is open source both client- and server-side.

Let the client know about relevant Signal Features:

  • End-to-end encryption for IM, group chat, voice messages, file sharing, and 1:1 voice calls
  • Ability to verify the identity of other users (using key or QR code)
  • Open source (GitHub link)
  • Intuitive design
  • Also allows users to send regular SMS messages (on Android, unencrypted)
  • Allows message attachments
  • Notifications
  • Possibility of setting a timer for disappearing messages

Instructions for installing and using Signal:

  • Android

    On Android devices, Signal can also be installed without the Play Store. This is recommended only if the client can verify the .apk file. The .apk file and its SHA256 fingerprint can be found in this page

  • iOS

  • Signal can be used through a desktop app, but it first needs to be registered on a phone. Once it’s been registered, the client can download the desktop app here, install it, and link it to their account. Instructions for linking an account to a desktop app can be found here.

  • Signal’s support pages
  • Signal’s declaration on metadata

  • For tips on how to use Signal more securely, read Martin Shelton’s “Locking Down Signal: A Guide for Journalists.
Warnings and recommendations
  • Signal can only be registered through an existing phone number, which becomes the user’s identifier. If the client does not wish to use their personal phone number or to share it with their contacts, they can register Signal with a burner SIM card (if available in their country), or with an online phone service. To explain how to do this, we can find instructions in this tutorial.

  • Signal can also be used for voice calls, but not through the desktop app.

  • Signal is censored in Egypt, Qatar, and the United Arab Emirates. In other countries it cannot be registered, but can be used if registered abroad.

Wire

Wire is a cross-platform, encrypted instant messaging client available for iOS, Android, Linux, Windows, macOS and web browser clients. It can be used to make voice and video calls, and to send text messages and files.

It requires a phone number or email address for registration. If the client needs anonymity, they can create e new email account with the Tor Browser and use that account to register on Wire.

Wire is free for personal use and offers additional group functionalities for paid accounts. For registering an account for personal use, clients should visit this page.

Features:

  • End-to-end encryption for IM, group chat, voice messages, file sharing, voice calls, and 1:1 video calls
  • Ability to verify the identity of other users’ devices
  • Open source (code on GitHub)
  • Intuitive design
  • Allows message attachments and drawings
  • Notifications
  • Possibility of setting a timer for disappearing messages
  • Possibility of deleting messages in the recipient’s devices
  • End-to-end encrypted group video calls (can only be initiated by a user with a paid account)
  • Secure guest rooms - users with premium accounts can create rooms that others can join without downloading anything or creating an account

Wire uses open source software both client- and server-side. The servers are based in the European Union, but the company is based in the United States. According to Wire’s Privacy Whitepaper [PDF], Wire maintains the following metadata about conversations on the backend servers (this metadata is encrypted using transport encryption between the clients):

  • Creator: The user who created the conversation.
  • Timestamp: The UTC timestamp when the conversation was created.
  • Participants list: The list of users who are participants of that conversation and their devices.
  • Conversation name: Every user can name or rename a group conversation.

The transparency report [PDF] shows that between until 2017 Wire didn’t receive any data handover requests, but in 2018 they received one formally correct request that affected 8 user accounts.

Free and open source Self-Hosted/Federated Tools

Riot/Matrix

Riot is an open source client for the Matrix network, an open network for federated, end-to-end encrypted communication. Riot focuses on collaboration for teams and communities, and is available on web, desktop, iOS, and Android.

What makes this solution different is the concept of Homeservers. A Homeserver manages messages for users, recording them when they are received and providing them to users when they connect. Homeservers federate to communicate amongst each other. This means anyone can run a Homeserver and connect it to the greater network of Matrix, providing a distributed approach to building a chat network.

Features:

Riot can be a good solution for groups that want to self-host their internal chat instance. On the other hand, we must warn clients that it produces a lot of metadata, and, if their Matrix Homeserver is federated with others, this metadata will be shared with all the other servers, that clients cannot control.

It must also be noted that Riot/Matrix might not be the best solution for threat models where the state of Israel is considered one of the main adversaries, given that some of Matrix core developers worked for a company that has tight links with Israel. For more information see this Wikipedia page.

Some further potentially useful background is some analysis of privacy and data collection practicies of Matrix.org.

XMPP

XMPP is an open communication protocol for instant messaging based on a federated model. Clients can create an account on one of the many available XMPP servers, or, if they’re activists, can also choose to create an account on one of the Jabber/XMPP providers listed in this page.

Once a Jabber/XMPP account has been created, it can be used on several clients for desktop and mobile devices. XMPP conversations can be encrypted with OTR or OMEMO.

Since OTR does not allow for group encryption, and OMEMO’s group encryption is still unreliable, XMPP is only recommended for 1:1 conversations.

OMEMO

On mobile devices, it is best to use OMEMO, which allows for receiving messages that are sent while the user is offline. This also means that if a malevolent actor has access to a user’s device, they will be able to read all the messages that are sent to them.

Features:

  • Offline Messages / Backlog
  • File Transfer
  • Verifiability
  • Deniability
  • Forward Secrecy
    • Encrypted group chat (please note that this feature is unreliable, especially if different clients are being used to access the group chat)

The XMPP clients for mobile devices that allow for OMEMO encryption are Conversations and Pix-Art Messenger for Android and ChatSecure for iOS.

OTR

If, given the user’s threat model, it is more indicated to establish a different encrypted session for each conversation, and it is not crucial to encrypt group chats or receive messages that are sent to the user while they’re offline, we should recommend the usage of OTR instead of OMEMO.

Features:

  • Encryption of 1:1 messages
  • Authentication of contacts
  • Deniability
  • Perfect forward secrecy

XMPP clients for mobile devices that allow for OTR encryption are Xabber and Pix-Art Messenger (see above) for Android and ChatSecure for iOS (see above).

Mattermost

Mattermost is an open source, self-hosted Slack-alternative. It is a useful tool for team communications, that can be searched, accessed from various platforms, and connected to other services, like Gitlab, monitoring systems, or Request Tracker.

Mattermost conversations are not end-to-end encrypted, but a group can self-host their instance behind a VPN.

Features:

Proprietary tools

Threema

Threema is a proprietary end-to-end encrypted instant messaging application for iOS, Android, and Windows Phone. It uses the open source NaCl library for encryption, which is open to independent audits. For more information on Threema’s security, see this page.

Features:

  • text and voice messages
  • voice calls
  • File sharing
  • Polls
  • Silently agree or disagree to received messages
  • Hide confidential chats and password-protect them with a PIN or fingerprint
  • Can be used on tablets and devices without SIM card
  • Verify your contacts via QR Code
  • distribution lists
  • no phone number required
  • Optional contact sync
  • Quote text messages
  • Located in Switzerland
WhatsApp

Although WhatsApp is not open source, it is a very popular app and offers end-to-end encryption based on the Signal protocol.

The app can be configured to improve its security and privacy settings. To reduce risk and increase privacy when using WhatsApp, we should recommend the client to configure the following settings:

  • Settings -> Account -> Privacy

    Last Seen: My Contacts

    Profile Photo: My Contacts

    Status: My Contacts

    Read Receipts: OFF

  • Settings -> Account -> Security

    Show Security Notifications: ON

  • Settings -> Chats

    Save Incoming Media: OFF

    Chat Backup -> Auto Backup: OFF

  • Settings » Notifications

    Show Preview: OFF (unfortunately, this still displays the sender’s name)

These settings are a reasonable middle ground for reducing the amount of data that the app creates locally, and minimizing what is exposed as clear text on iCloud/Google Drive.

WhatsApp can be downloaded from the Play Store for Android and from the App Store for iOS. - WhatsApp website - the grugq, Operational WhatsApp (on iOS)

Facebook Messenger

Facebook Messenger is a messaging app and platform with standalone iOS and Android apps.

Facebook Messenger can also be used for end-to-end encrypted communications, but this feature is not the default. Secret messages can be used for sending messages, pictures, stickers, videos, and voice messages. It cannot be used for group messages and voice or video calls.

Wickr

Wickr is a freemium proprietary instant messaging platform that allows users to exchange end-to-end encrypted and content-expiring messages, including photos, videos, and file attachments and place end-to-end encrypted video conference calls. The software is available for the iOS, Android, Mac, Windows 10, and Linux operating systems. The company is located in the US.

Features:

If the client’s main requirements is anonymous set-up (i.e. no phone number or email account used in setup) and they require self-destructing messages, we can recommend Wickr as the most suitable app for their needs.

Telegram

If possible, we recommend not using Telegram, as the server-side software is not open source and also because it has developed its own cryptography instead of using mature and tested cryptographic protocols that already existed.

Nevertheless, its usage is very wide-spread, especially in some regions like FSU, so we have gathered some tips to make the usage of Telegram a bit more secure.

  • Enable 2-factor authentication:
  • Use a username and share it instead of the phone number
    • Usernames can be changed. Phone numbers can’t.
    • However, any usernames are searchable and anyone can send you messages via t.me/username

Telegram provides groups and user-to-user chat. Both types can be secured, though only user-to-user chat can be end-to-end encrypted.

  • User-to-user chat is not end-to-end encrypted by default. To encrypt it, you need to enable a feature called Secret Chats:
    • Read more on Secret Chats here.
    • The Secret Chats feature encrypts communication between two users. The admins of Telegram can’t read it.
    • If you delete a message, the copy on the other side will be deleted too.
    • You can set a timer after which a message will be deleted.
    • These two features are useful in case the device is seized or stolen.
    • You can enable notifications to learn if the other side takes screenshots. But this is not available on all platforms (especially Android).
    • A Secret Chat can be started as follows:
      • iOS: Start a new message (tap the icon in the top-right corner in Messages). Then click “New secret chat”.
      • Android: Swipe right to open the menu, then click “New secret chat’”.
  • If you are managing a Group on Telegram:
    • Groups are private by default. They can be turned to public.
    • Group Permissions: It’s useful to restrict all members from posting specific kinds of content if inappropriate.
    • The administrator can delete inappropriate content.

Tool Open source Default E2E Group chat Encryption protocol Anonymous sign-up Email sign-up Phone sign-up Self-destructing messages Remote message deletion Metadata Collection Paid Jurisdiction Self-hosted Usability
Signal Yes Yes Yes Signal No No Yes Yes No No No USA No Good
Wire Yes Yes Yes Proteus No Yes Yes Yes Yes Yes Freemium Switzerland No Good
Riot Yes Yes Yes Matrix Yes Yes Yes No No Yes No - Yes Medium
XMPP+OMEMO Yes No Unreliable OMEMO No Yes No Conversations: yes No Depends on the provider No - Yes Medium
XMPP+OTR Yes No No OTR No Yes No No No Depends on the provider No - Yes Low
Mattermost Yes No Yes No encryption No Yes No No Yes No No - Yes Good
Threema Only encryption protocol Yes Yes NaCl Yes No No No No No No Switzerland No Good
WhatsApp Only encryption protocol Yes Yes Signal No No Yes Yes Yes Yes No USA No Good
FB Messenger Only encryption protocol No No Signal No Yes No Yes No Yes No USA No Good
Wickr Me Only encryption protocol Yes Yes Wickr Yes No No Yes Yes No No USA No Good
Telegram Only client Only groups. Not 1:1 chats Yes MTProto (home-grown) No No Yes Yes Yes Unknown No Dubai No Good

Comments