Open in app

Sign in

Write

Sign in

5 Messaging Alternatives to WhatsApp

Nicholas Hui (Tech Neck Nick)
11 min readJan 18, 2021

Update (16/1): WhatsApp has delayed the rollout of these privacy updates by 3 months as a result of user backlash.

On 4th Jan, WhatsApp announced upcoming updates to their privacy policy (effective February 8th).

These updated terms allow for greater sharing of information such as profile data and contacts between Facebook’s other apps Instagram and Messenger.

Additional data to be shared includes:

“battery level, signal strength, app version, browser information, mobile network, connection information (including phone number, mobile operator or ISP), language and time zone, IP address, device operations information, and identifiers (including identifiers unique to Facebook Company Products associated with the same device or account).”

‘WhatsApp Tells Users: Share Your Data With Facebook Or We’ll Delete Your Account’ (Forbes)

WhatsApp has been sharing data with Facebook for years. Back in 2016 WhatsApp started sharing phone numbers, device and operating system information with Facebook. It was an unpleasant surprise to many when Facebook started recommending profiles of WhatsApp contacts.

WhatsApp’s assurance during the 2014 takeover to know “as little as possible” has staled. Facebook’s lip service resulted in a 110 million euro fine for misleading information about their ability to link accounts between the services.

Quick summary of characteristics that indicate a more secure messaging app:

  • End-to-end Encryption: The most secure way to transfer data, and a must for any messenger to be secure. Servers cannot read your message. No one can read the message. (Essentially true. Article won’t touch on circumvention methods.)
  • Open Source: The original source code is made publicly available: this can apply to the messaging app, the servers, or the encryption protocol. Think of it as an open book, where everything is visible. All functionalities are bare for all to see, making it transparent about vulnerabilities.
  • GDPR Compliant: GDPR requirements are some of the most stringent data security regulations out there, implemented by the EU since 2018.

For the discerning reader, here’s a handy cross-comparison between the top 12 messaging apps.

1. Signal (Best in Class)

By far the best messaging app alternative to WhatsApp: Signal is a free, open-source, and not-for-profit private messenger app. Recommended by Elon Musk and Edward Snowden, Signal is widely used by journalists and whistleblowers to safely send and receive text messages, media and attachments. Signal Foundation is a nonprofit organisation founded by Moxie Marlinspike and WhatsApp co-founder Brian Acton, which runs entirely on donations and grants.

Signal’s security and encryption are among, if not the best in the industry. Signal uses their own proprietary Signal Protocol: this protocol has also been implemented in WhatsApp, Facebook Messenger, Skype and Google Allo (and many others) since 2018.

Messages are only stored on your device and not on servers. The app, server and protocol are completely open source and peer reviewed regularly. Signal also features disappearing messages and even encrypted stickers. You can also lock the app with a PIN, passphrase or biometric authentication (fingerprint, TouchID or FaceID).

It can also function as a text messaging app (on Android), so you can manage and send SMS messages from it as well (unencrypted of course — see Silence for encrypted SMS sending).

Signal gained significant popularity during the George Floyd protests, and BLM groups have used it for years as their messaging app of choice. Signal has also added a feature to blur people’s faces to protect their identities, in response to federal efforts to monitor protestors.

Signal’s encryption standard, exhaustive security and high trustworthiness (owning to its non-profit status) put it far ahead of its peers. The exceptional security level does come with slight inconveniences.

Platforms: Android, iOS, Mac OS X, Windows, Linux, Chrome (extension)

✓ Free
✓ Open source and audited
✓ End-to-end encryption messaging, voice & video calls
✓ GDPR compliant
✓ Transparency reports
✓ Disappearing messages
✓ Screen Lock

+
Successor to privacy-oriented apps (RedPhone & TextSecure)
Not-for-profit and supported by donations
SMS/MMS Support (Android only)
App, servers and protocol are completely open source


Requires phone number for registration
Single device only (can be mirrored on desktop client/chrome extension)
Updates must be installed immediately, otherwise messages cannot be sent

2. Wire (Collaboration-focused)

Wire is end-to-end encrypted, and free for personal use while also offering paid enterprise options. The app’s features reflect this focus on the enterprise market by offering more ways to communicate and collaborate.

Wire uses a variant of the Signal Protocol for encryption (Proteus). Like Signal, Wire’s app and server are both completely open source, accompanied by published transparency reports, and have undergone many third-party audits and testing. Wire is also compliant with GDPR requirements.

Wire allows short video messages to be sent, as well as a drawing board feature — which can also annotate images. While disappearing messages are also available, they only allow 10-second or 5-min timers. Wire is more flexible when it comes to registration: you can use either an email address or a mobile number.

Behind the Wire business paywall are a number of additional features focused on collaboration: group messaging, video and audio calls with more users than in the free plan, guest rooms, member roles, and on-premises & private cloud capabilities.

Wire’s additional communication features make it a great option even as a personal user, and a strong competitor to Zoom. The company indicated a more corporate focus since 2017 — you can bet on sub-par support unless you’re a premium user.

Platforms: Android, iOS, macOS, Windows and popular browsers

✓ Free*
✓ Open source and audited
✓ End-to-end encryption messaging, voice & video calls
✓ GDPR compliant
✓ Transparency reports
✓ Disappearing messages
✓ Screen Lock

+
Better collaborative features (conferencing, video messages, drawing board)
Can be used on multiple devices (7 permanent, 1 temp)
App, servers and protocol are completely open source


Relatively new software — occasional bugs, UI sometimes clunky
User reported sync issues
Many collaborative features locked behind paywall

3. Threema (Anonymity — paid)

Threema is the only paid messaging app on this list ($4.99AUD), but it’s also one of the best options for true anonymity.

Registration begins with a randomly generated ID (no mobile number or email address required). If you forget your password, you’ll need to make a new account — for free, provided you’re using the app store account that made the purchase (or have your license key).

Threema’s messages are stored locally on your device, and don’t go anywhere near company servers. The Private Chat feature allows you to set PIN codes for individual chats, adding an additional layer of security even if your phone is stolen or lost.

Threema has passed numerous security audits on a regular basis since launch, and is GDPR compliant. Threema has an edge over competitors with 2FA (2 Factor Authentication) and Screenshot Protection features, which many privacy-oriented users appreciate.

It also includes group chat poll functionality, which is not commonly offered. You may also create distribution lists, and there’s also an agree/disagree option for messages (think thumbs up/down in FB Messenger) available in individual chats.

In late 2020 they announced their transition to open source, but only for the client-side apps (and not their servers). It also lacks disappearing messages, a feature included by most apps on this list.

Platforms: Android, iOS, Windows Phone, browser/web-client (Android Only)

✓ Paid
✕ Audited only (Transitioning to partial open source for app only)
✓ End-to-end encryption messaging, voice & video calls
✓ GDPR compliant
✓ Transparency reports
✓ No disappearing messages
✓ Screen Lock

+
True anonymity — random ID generation
2FA and Screenshot Protection
Group Chat Polls
Distribution Lists


No option to recover account if password forgotten
Messenger app is still transitioning to open source (client-side app source code only)
Single device only (can be mirrored on web client)
Private chats not available on iOS

4. Wickr (Anonymity for free)

Wickr’s strength in one word: anonymity. Like Threema, sign-up can be done without associating an email or mobile number — by creating a username instead. Similarly if you lose your password, you’ll have to make a new account. Of this list, Wickr is also the one I’ve used the longest (for almost four years).

Despite launching back in 2012, they were slow to publish their source code on GitHub (2017). While Wickr have yet to make their app open source, they have been audited by third-parties numerous times over the years.

In addition to the standard disappearing message timer, Wickr also has a ‘burn-on-read’ (BOR) functionality that isn’t offered by other apps in the same category. This feature, along with the anonymous registration, are the main reasons I’ve chosen to use Wickr.

With their paid Professional and Enterprise solutions, Wickr’s API allows for custom integration with a range of in-house applications include internal databases, email systems as well as CRM (SalesForce, Jira, Zendesk).

Platforms: Android, iOS, macOS, Windows, Linux

✓ Free
✕ Audited only (App code publicly visible on GitHub, nothing is open source)
✓ End-to-end encryption messaging, voice & video calls
✓ GDPR compliant
✓ Transparency reports
✓ Disappearing messages
✓ Screen Lock

+
True anonymity — no phone number or email for registration
Burn-On-Read messages and attachments
Paid options allow custom integrations with 3rd-party apps


No option to recover account if password forgotten
One device per user account
Security measures prevent syncing across multiple devices
Free plans limited to 10MB file limit, 1GB file transfer

5. Silence (Encrypted SMS on Android)

Silence is different from the other (internet) messaging apps listed, as it is purely an SMS service app (Android Only). It doesn’t require an internet connection to work. Of course, you’ll still need internet to download it from the Google Play Store.

Silence is a spin-off from Signal, and differs from your default SMS app by offering their gold-standard Signal encryption Protocol.

Normal SMS messages aren’t encrypted: Silence provides an additional layer of security by starting “Secure Sessions” (which only works if both sender and receiver have Silence installed). Regular unencrypted messages can be sent to receivers who aren’t using the Silence app, where it’ll function just like any other SMS app.

If one of the users uninstalls Silence during an encrypted session, they will receive incomplete messages. The other user will then have to disable the encryption for the messages to reappear normally.

There’s no automatic function to work around this, and this was one of the reasons why the original TextSecure devs dropped support for encrypted SMS messages from the app.

As it is an SMS app, it’s not possible to have features like disappearing messages or screen lock.

Like Signal, Silence is completely open source and funded by donations. Development is still pretty active — it’s frequently patched and occasionally adds new features.

Platform: Android Only

Free
✓ Open source and audited
✓ End-to-end encryption messaging
✓ GDPR compliant
✓ Transparency reports
✕ Disappearing messages
✕ Screen Lock

+
Encrypts SMS messages with Signal Protocol
Doesn’t require an internet connection to work
Development is ongoing & active
App, servers and protocol are completely open source


Android Only
Mid-session uninstall by one user in chat leads to malformed messages

(Dis)honorable Mention: Telegram

The security of Telegram has long been scrutinised by security experts, for good reason. Nothing is open source: not the app, not their servers, nor their protocol.

Cybersecurity expert analyses on Telegram’s first in-house protocol (MTProto 1) have revealed spaghetti code, questionable security decisions, highly non-standard modes (e.g. IGE) and highly discouraged models (e.g. MAC-and-Encrypt). Telegram’s reliance on SMS verification allowed German intelligence services to obtain live copies of Telegram messages.

…our survey shows that Telegram has had serious and simple issues in the protocol (e.g. modified buggy Diffie-Hellmankey exchange) that any knowledgeable security expert could penetrate.

Saribekyan, H. & Margvelashvili, A. (2017). ‘Security Analysis of Telegram’ (MIT Security Analysis)

My attempts to locate security analysis of Telegram’s newer MTProto 2.0 have not been fruitful. I’m sure you get the idea: Telegram’s proprietary encryption has been substandard in the past, and there are currently no supporting analyses that can shed light onto how it fares today.

But let’s say we give the quality of encryption the benefit of the doubt.

Here we have a whole other problem: encryption is off by default, and only works in secret chats between 2 people. Group chats cannot be encrypted — I repeat, cannot. This is bad enough as it is, but it gets worse: Telegram group chats can fit up to 200,000 people.

Clearly this became an even bigger problem when Telegram had a bug that caused phone numbers to be publicly viewable in group chats, resulting in countless HK protestors being identified in 2019.

Clearly not looking good at this point — but in 2020, the user IDs and phone numbers of 42 million Iranian users were leaked by a third-party version of Telegram, on a database that wasn’t even protected by a password — exposed for for 11 days before taken offline.

Just last Monday (4/1/21), independent researcher Ahmed Hassan revealed that Telegram’s People Nearby feature can be tricked into revealing the locations (and possibly home addresses) of nearby users by using GPS-spoofing. After privately reporting it to Telegram developers, they said they have no plans to fix it.

Breaches and security issues aside, Telegram has partially cleaned up their act. While they were one of the messaging apps banned in workplaces for not being GDPR compliant in 2018, they have since updated their policy to be compliant and also added semi-annual transparency reports.

✓ Free
✕ Neither app, servers or protocol are open source (no recent audits in 5yrs)
✕ End-to-end encryption default off, only available for secret chats of 2 users
✓ GDPR compliant
✓ Transparency reports
✓ Disappearing messages
✓ Screen Lock

+
2 Factor Authentication
Group chats of up to 200,000 members


Group chats of up to 200,000 members cannot be encrypted
End-to-end encryption protocol highly questionable in the past (current security unverified)
End-to-end encryption default off (only available for secret chats between 2 users)
Numerous high-profile breaches and security flaws + bugs
Nothing being open source, no recent audits
Owned by Facebook

This article was originally posted on my blog, technecknick.com

WhatsApp
Secure Messaing App
Messaging Apps
End To End Encryption
Open Source

--

--

Nicholas Hui (Tech Neck Nick)

Written by Nicholas Hui (Tech Neck Nick)

9 Followers

The writer is an IT postgrad student (Cybersecurity major), linguist, writer and dancer. Technecknick.com

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams