Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
  • Home

  • App picks

  • Best apps

Best apps

11 min read

The best secure messaging apps in 2024

By Harry Guinness · July 3, 2024
Hero image with the logos of the best secure messaging apps

Secure and private messaging isn't just for spies, whistleblowers, and revolutionaries. It's an important and powerful tool for keeping your identity and important information safe that everyone should take advantage of.

This isn't about keeping your bank heist plans or world domination plot secret; it's about making sure the things you write are only read by the people you want to read them. It doesn't matter how mundane your texts are—it's good practice to default to everything being super secure. That way, you don't have to do anything special when you want to share a password, credit card number, or anything else sensitive through a text message. 

The good news is that sending secure, encrypted messages isn't some James Bond fantasy. It's as simple as sending unsecured, unencrypted messages, so long as you use an encrypted message app that's designed from the ground up to keep your communications private. I looked at over 20 different texting apps that purport to be secure and found three standouts that keep your secrets (and dinner plans) completely safe.

I've been writing about cybersecurity and encryption for over a decade (and texting for a lot longer than that). Most of all, though, I'm an expert in handing things off to more qualified experts. To assess the security of the different encrypted messaging apps, I didn't just rely on my judgment. Instead, I used the assessments and opinions of security researchers and experts like Bruce Schneier and Brian Krebs. With that, here are our three favorite secure messaging apps. 

The 3 best secure messaging apps

  • Signal for the best secure messaging app available 

  • Threema for the best secure messaging app you pay for

  • WhatsApp for the best secure messaging app that everyone uses

What makes the best secure messaging app?

How we evaluate and test apps

Our best apps roundups are written by humans who've spent much of their careers using, testing, and writing about software. Unless explicitly stated, we spend dozens of hours researching and testing apps, using each app as it's intended to be used and evaluating it against the criteria we set for the category. We're never paid for placement in our articles from any app or for links to any site—we value the trust readers put in us to offer authentic evaluations of the categories and apps we review. For more details on our process, read the full rundown of how we select apps to feature on the Zapier blog.

The best encrypted messaging app is, first and foremost, actually secure. Everything else is kind of unimportant if criminals, governments, or tech company employees can potentially access your messages, whether it's through hacks, the legal system, or admin tools. No amount of laws that are meant to keep your data safe, or promises that it won't be used or can't be accessed, are enough to overcome the fact that if it is at all possible, people will do it.

The gold standard in secure communications is end-to-end encryption. This means that from the moment your message leaves your phone until it reaches your recipient, it's just strings of unintelligible data. It doesn't matter if someone gets access to your "message" while it's in transit—without the encryption key that only your intended recipient has, it can't be read. Even the tech company operating the whole system can't see the contents of your messages.

The underlying principle that enables end-to-end encryption is called public-key cryptography, and how it works is incredibly cool. To oversimplify things dramatically, every user has a pair of keys: a public key and a private key. Everyone can see someone's public key, but the private key is kept a total secret. To send someone an encrypted message, you encode it using their public key. To read it, they use the matching private key to unlock the message. Because of the math involved, the public key can't be used to decode it, which is why the system is so effective. (In reality, the most secure apps now use keys that regularly change, so even if someone intercepts one message, they can't read future messages.)

There are a couple of important related features that go with end-to-end encryption. On the most secure messaging app, you can verify that you're talking to the person you think you are, data is stored encrypted on your device, and you can reset your encryption keys at any time. When putting together this list, I was looking for a complete implementation of end-to-end encryption best practices. For example, X-formerly-Twitter has (laudably) tried to add end-to-end encryption to direct messages, but it has done so in ways that fall far short of these standards.

Another important aspect of a secure texting app is that it's open about how everything is encrypted—and it's all been verified. Using powerful algorithms properly is much more effective than trying to prevent bad actors from finding out how an app works (a technique called "security through obscurity"). Most truly secure apps are open source, which means that anyone who wants to can look at the code on GitHub and check that it does what the developers say it does. Another option here is that the app has been audited by reputable third-party security companies, although that's not as preferable. The best solution is both: an open codebase and third-party audits.

Beyond secure text messaging, there were a few other factors I was looking for:

  • As little history of privacy violations from the developers as possible. While bad people can build good apps, it's best if the interests of the users line up with the stated and demonstrated positions of the developers where security is concerned.

  • Nice to use. There are quite a few encrypted messaging apps available, so if you're looking for the best, you want one that's actually nice to use. All our picks are great texting apps—they also just happen to be super secure. 

  • Free (or at least cheap). Because of the political nature of messaging, many secure apps are built by non-profit foundations and activist-developers. It's great for us because you don't have to spend a fortune to get high-grade encryption.

I considered and tested more than 20 different secure texting apps. The most important part was verifying that they were always secure and had no unfixed problems. This eliminated about half the apps from the list, as they either weren't end-to-end encrypted or only were under specific circumstances. For the 10 or so apps that met my security criteria, I dug a bit deeper and used them for a few days to see how they worked. I do a lot of texting, so it was pretty easy to get a feel for whether the apps were a worthy SMS or Facebook Messenger replacement. 

And that was enough to cut the list down to just three great secure picks. 

The best secure texting apps at a glance

Standout feature

Pricing

Signal

Everything—it's the best secure messaging app out there

Free (though would like your donations)

Threema

Anonymous option and has an actual business model

From $5.99

WhatsApp

Used by almost everyone you know

Free


The best secure messaging app

Signal

Signal, our pick for the best secure messaging app

Signal pros:

  • Literally wrote the industry standard encryption protocol

  • A nice, modern messaging app

Signal cons:

  • You will have to convince people to use it

Signal is the benchmark secure text messaging app—it's the one that almost all the security professionals recommend. It's openly and unapologetically trying to keep conversations private, whether they're about the weather or resisting an authoritarian government. Crucially, Signal is run by the non-profit Signal Technology Foundation. It's entirely funded by donations, so there are no ads, trackers, or other privacy-sacrifices made in the name of monetization. (Though it does mean you're relying on the generosity and political priorities of billionaires, as Signal is not yet earning enough from small donors to cover its running costs.)

Signal developed and uses the open source Signal Protocol to encrypt everything. It's peer-reviewed, fast and effective, and, you guessed it, incredibly secure. It's such a good end-to-end encryption implementation that apps from major tech companies, like WhatsApp and Google Messages, use it for their encrypted messages. 

Aside from being the most widely respected secure messaging app, Signal is just the complete communication package. You can send text messages, pictures, videos, files, voice notes, stickers, and everything else you'd expect to individual contacts or chat groups. You can make end-to-end encrypted voice and video calls with groups of people. It even has stories. Really, the only negative is that the app lacks a bit of personality and customization. It's clean and minimal, but other messaging apps feel a bit more fun. 

Signal recently rolled out usernames. While you still need a phone number to sign up, you no longer have to share it with everyone you're messaging. It plugs one of the few holes in Signal's security, as it's much harder for government agencies to connect an anonymous username to a specific person than it is for them to connect a phone number.

Signal has exploded in popularity over the last few years, so there's a good chance some of your contacts already use it. If not, it's a pretty easy sell. It's free and as good as any non-secure option.

Signal pricing: Free, though would like your donations

The best secure messaging app you pay for

Threema

Threema, our pick for the best secure messaging app that you pay for

Threema pros:

  • Isn't linked to a phone number, email address, or anything else that can identify you

  • Has a real business model

Session cons:

  • $6 cost makes convincing people to join next to impossible

Signal is an incredibly secure app, but it has a few minor flaws that you can take issue with. It stores as little metadata about you as possible, but because your account is tied to a phone number, even if you no longer have to reveal it to other users, there's a tenuous connection. We highly doubt Signal would ever reveal this information willingly, but at least theoretically, an authoritarian government could get a list of every phone number with a Signal account, cross-check it with cell phone companies, and arrest everyone with Signal as a dissident. Far-fetched? Absolutely, but this is the kind of attack vector that security researchers have to consider. 

Signal also doesn't have a business model. It relies on donations from users and billionaires. Nobody expects it to close down anytime soon, but it does leave a small question mark hanging over it. And finally, Signal is based in the US—a country not known for its support of user privacy.

Threema basically solves all of these problems. You create a unique ID when you sign up so, unless you want it to be, it's not connected to your phone number or email address. It costs $5.99, and the enterprise version costs a couple of dollars per user per month depending on your plan. And the company and servers are located in Switzerland—a country with privacy laws so strong that dictators and autocrats around the world rely on them to protect their money and dirty secrets.

On top of all that, Threema is a great secure messaging app—both for individuals and companies that need a secure way to communicate. Its frontend apps are open source and use a well documented encryption protocol, and there have been multiple third-party audits. It has text and voice messaging, voice and video calls, and everything you'd expect of a messaging app. (Except Stories, but I'm not sure I care.)

The main problem: convincing your friends to pay for a messaging app isn't an easy challenge to relish. But if you (and they) can overcome the cost, it's well worth checking out. 

Threema pricing: From $5.99

The best secure messaging app that people already use

WhatsApp

WhatsApp, our pick for the best secure messaging app that people use

WhatsApp pros:

  • End-to-end encryption by default for more than two billion people

  • One of the best messaging apps available, regardless of its security features

WhatsApp cons:

  • Its parent company, Meta, has a bad history of protecting and respecting user privacy

  • New features undercut some of the security

WhatsApp, with more than two billion active users around the world, is by far the most widely used end-to-end encrypted messaging app. It's great to use, and all your text messages, pictures, voice messages, phone and video calls, files, and everything else you send are encrypted using the Signal Protocol between you and your recipient's devices. 

Or they're meant to be. 

WhatsApp is genuinely built to be a secure, encrypted communication platform. Its security audits and technical explanations check out. It uses one of the best encryption protocols available. It's the real deal. The problem is that it's owned by Meta (formerly known as Facebook), which doesn't have a great history of protecting and respecting privacy or its users.

Leaving aside the various scandals around Facebook and Facebook Messenger (which is only now moving to end-to-end encryption by default), Meta employees read private WhatsApp messages when users are reported, and the company has cooperated with and turned information over to prosecutors. Similarly, Meta AI is now integrated throughout WhatsApp. Any messages sent to it have to be decrypted on Meta's servers.

WhatsApp also collects a lot of metadata, like who you talk to, how often, and from where. It's a lot more metadata than Signal stores, though exactly how much more isn't public knowledge. It is still a bit troubling, as it can be used to reveal or construe information you might want to keep private.

With all that said, WhatsApp still makes our list of the best secure messaging apps for a few reasons. First, these situations are the extreme outliers. If your recipients aren't reporting your messages, or you aren't asking Meta AI to generate an image of you staging a military coup, they can't be read by anyone at Meta. That means it's still significantly more secure than messaging apps that don't use end-to-end encryption and in an entirely different league than SMS. It's also wildly popular, so there's a good chance your contacts are already using it. If you can't convince them to switch to Signal, using WhatsApp is the next best thing. 

There are also some parts of the world and situations where having Signal installed on your smartphone could be interpreted as a suspicious activity in and of itself. WhatsApp, however, is used by a significant chunk of the world's population. If you're traveling somewhere, and you're concerned about how authorities there will feel about your encrypted messaging app, go with WhatsApp. 

With that out of the way, it's worth noting that WhatsApp is near the top of our favorite texting apps for a reason. It is far and away Meta's best product—and one I use daily. 

WhatsApp pricing: Free

Why some messaging apps didn't make this list

Signal is the clear pick if you're looking for the best encrypted messaging app; Threema is useful if you want anonymity or a more apparent funding source; and WhatsApp is secure enough for daily use for most people and justifiably popular. But there are a few apps you might have expected to see on this list, so I wanted to run through some of the reasons they were excluded.

  • iMessage. Apple's iMessage is end-to-end encrypted, but it's not available on all mobile platforms. Also, I didn't love that encrypted iMessages and entirely unencrypted SMS messages are sent from the same app (and, if an iMessage fails to send, it can automatically be resent as an SMS). If you use it, your data is almost certainly safe, but these small issues were enough to keep it from the list. 

  • Telegram. Telegram doesn't use end-to-end encryption by default. It claims its MTProto Mobile Protocol is sufficient, but enough security experts and researchers have issues that I couldn't fully recommend it. There are also reports of activists using it being arrested, and Telegram keeps doing weird things like trialing programs that would expose users' phone numbers.

  • Facebook Messenger. Messenger doesn't yet use end-to-end encryption by default. Don't use it if you're security-conscious. (It's also not as nice as WhatsApp.)

  • Google's various messaging options. Google's different messaging services—Meet, Chat, and Messages—support different levels of encryption. The generally poor user experience (and Google's failure to settle on one messaging platform) was enough to keep them from the list.

  • SMS. SMS is a terrible, dated protocol. It's vulnerable to a variety of different hacks and scams. It's possible for bad actors to call your carrier, impersonate you, and have all your incoming messages (including 2FA tokens) forwarded to a new SIM card.

  • Session. While Session has been on the list in the past, it still hasn't rolled out voice calls, and its funding is increasingly tied in with cryptocurrencies. The app can also be a bit buggy.

So, there you have it. If in doubt, go with Signal. If you already use WhatsApp, you're probably ok. And don't touch SMS. Seriously, no SMS.

Related reading:

  • 5 security risks of generative AI and how to prepare for them

  • 7 security behaviors to protect yourself from hackers

  • The best password managers

  • Beeper vs. Texts: Which should you use?

  • The best universal texting apps

This article was originally published in June 2022. The most recent update was in July 2024.

Get productivity tips delivered straight to your inbox

We’ll email you 1-3 times per week—and never share your information.

tags
The 6 best texting apps in 2024
Up next

App picks

The 6 best texting apps in 2024

Keeping in touch with friends and family has never been easier. If you have an internet connection, you can send a message to anyone, anywhere, free of charge.

Related articles

Improve your productivity automatically. Use Zapier to get your apps working together.

Sign up
See how Zapier works
A Zap with the trigger 'When I get a new lead from Facebook,' and the action 'Notify my team in Slack'