It is common knowledge that “end-to-end encryption” supported social messaging apps are perceived to be safe from the prying eyes and ears of hackers. But are they? Don’t the apps bear any inherent weaknesses which hackers can exploit to our own anguish? This article attempts to investigate this question.
Almost all social messaging apps that claim to have “end-to-end encryption” offer some ruses of privacy and security to their users. That level of assurance boosts apps’ membership and encourages users to be open and free and carry out many operations that they wouldn’t if they knew the app was an unsecured source. Understandably, even crooks and the bad guys cash in on the same levels of security and privacy to commit their offences, hoping the security measures in those apps comprehensively mask their illicit activities. Such security safeguards allow the bad guys to avoid accountability for their crimes, depriving their victims of equal treatment before the law.
The real intent of “end-to-end encryption” was to fight surveillance and defend privacy, implying that while there are costs entailed, the calculations suggest the benefits accrued trump the accompanying costs.
By the way, how does end-to-end encryption work?
The encryption tools convert your writings, audio and images into something unreadable. Only the recipients of your messages decrypt the message, not even the app maker or his crew are able to read, listen or watch them. The encryption tools are so effective that governments have been trying to go around them by hatching up digital laws that would force app owners to share the messages for the purposes of tracking and nabbing the criminals, to no avail.
Encryption protects us from malicious users who may intercept our credentials or business and personal secrets, exposing us to cyberattacks and not excluding companies that aim to target us for unsolicited specialized advertising. Encryption is toothless to stop phone hackers or recipients of your messages from taking screenshots or sharing the content of your message. The lesson here is that the arraignment of phone hackers demands strong passcodes and careful about what we share with others. Once shared that content ceases being ours, it now belongs to the recipient of that message, and may use it in a manner that we didn’t authorize them to.
Another way to secure your messages is to turn on the “disappearing messages” functionality in your messaging app. You can set a timer ranging from a few seconds to a week or so when the messages will automatically be deleted. “View-Once media,” this mobile-only feature, automatically removes a picture or video once viewed. App-inbuilt codes such as two-step verification, App lock, and others enhance your app security once activated.
There is always a grey area involving backups. Your privacy is as strong as the weakest link, and the backup option is an area most hackers will test and probe for cyber vulnerabilities. Ensure you respond yes or no to whether activating the backup feature will not compromise the security of your app.
The storage of metadata defines how strong the encryption is. The less metadata stored, the stronger the encryption tends to be. Either way, there are pros and cons to having less or more metadata stored. Future access to the metadata encourages users to increase its storage capacity, and where privacy is paramount, the less metadata stored, the better. You will not want others to pry on your sensitive data, a trade-off worth entertaining in certain circumstances.
Retroactive data access is useful to many users, including cyber criminals and governments, whose purposes rarely work for the message creator. While metadata leaves little digital trails behind to investigators that furnish them with a digital footprint to commence their shovelling, they may want to know what was the motive behind that connection, which is akin to phones pinging without furnishing specific details beyond telephone numbers, mast particulars where they pinged, time of connection and dates without detailing the content of the messages themselves. That information suffices for criminal investigators to place a suspect in a crime scene, for instance.
The more an app has features the more the clutter of metadata is left behind. Most users enjoy more features but seldom consider the challenges imposed by those who may want to snoop on them. Signal has the least features; therefore, it is more likely to deter cyberattacks than WhatsApp or iMessage. Location sharing, for example, may be useful for meetups or group chats, but if your phone is hacked, it may leak sensitive information to people who may not be wishing you well.
However, out of convenience, most people will shift to popular apps, and so long as their phones are not under hackers’ possession, they are fine. Another matter worth considering is when apps that are free and don’t have overt advertising sources of revenue, how do they make money and support themselves? Most of these apps charge in their country of origin but keep them free elsewhere in order to widen the user base. This explains why there are all kinds of versions of the same app based on the country in which one installed it.
The encryption algorithm is open-sourced, and efforts to breach it, so far, have been unsuccessful. Still, that doesn’t mean in future the encryption will remain proof of cyberattacks proof. Most hackers, though, seldom bother to crack the end-to-end encryption because it is easier to break into phones and own them in a manner that true phone owners are oblivious to what is happening to their phones. As I have cautioned earlier, the chain is as strong as the weakest link, and so are the relationships between end-to-end encrypted phones and the phones themselves.
So the answer to the question posed on the title is regardless of the strength of apps’ encryption the hacking vulnerabilities of a phone itself is the real thing to watch out for. Beware of that and do something about it.
Read more analysis by Rutashubanyuma Nestory
