Most of the popular messaging apps on both mobile devices and the web are trapped in a conundrum. On one hand, they can only attract new users and grow their platforms by maintaining their current user base. On the other hand, they are facing increased scrutiny over just how secure they really are.
The Push for a Secure Web
The recent emphasis on secure HTTP for web pages championed by Google has caused most providers of both mobile and web services to re-evaluate their offerings. One of the key concerns is whether or not a user’s data is actually secure and protected from outside access. While this is relatively easy to engineer through a standard web browser, with a mobile app, things get a little more complex.
If an app, for example, uses the same secure protocols as a web browser, then it can be relatively safe to assume it has some protection against intrusion. To the best of most technology experts’ knowledge, none of the popular web browsers have significant issues with HTTPS. If an app is either using its own communications protocols or incorporates some kind of proprietary encryption, however, how secure it is depends entirely on the skill and competency of its developers. In other cases, apps may include no security at all, in which case any information sent through them could be visible to any number of attackers.
The reason secure HTTP is effective is because it encrypts data from client directly to server. It doesn’t matter how many intermediate servers may relay the traffic from point to point. Only the server and client have the key to decrypt the information being sent. A messaging app using HTTPS can do the same thing, but an app that depends on other kinds of encryption might not.
The only way to be absolutely sure a conversation is secure is to establish end-to-end encryption that can only be deciphered at the server itself. A Virtual Private Network, for example, can only do this between a client and its proxy. Beyond the proxy server, information may not be secure, because the proxy server and the remote server likely do not share an encrypted connection.
Another thing to keep in mind when securing your digital conversations is the role wireless plays in your connections. Whether you are using your local cellular network or a Wi-Fi access point, you should be aware your mobile phone or device is essentially a very sophisticated radio that is broadcasting the information you transmit in all directions.
If that information is not secured by HTTPS or a virtual private network, for example, it can not only be intercepted by people nearby with the proper equipment and software, but it can also likely be read in real time. Granted, this is a relatively uncommon occurrence, but the danger of a password or other vital information being stored on someone else’s computer in real time should be a sobering revelation to the average technology user.
Securing your communications should be at the top of your privacy priority list. It is important that you also understand the technology you use. That knowledge can help you considerably.