Here are the top OTT messaging apps ranked by privacy protection

messaging apps encryption
Credit: Bakhtiar Zein/Shutterstock.com

ITEM: If you want to keep your OTT messages private, don’t use Skype, Snapchat or anything from Tencent.

That’s the warning this week from Amnesty International, which ranked 16 popular messaging apps from 11 companies based on how well they protect online privacy.

Amnesty International says it looked mainly at whether messaging apps providers use end-to-end encryption that prevents anyone other than the sender and the recipient from seeing the content. On that specific metric, here’s how everyone fared:

messaging apps
Source: Amnesty International

When Amnesty International factored in all of their privacy criteria – which includes whether encryption is the default setting, whether users are proactively notified when a message is not encrypted end-to-end (or at all), how transparent the encryption process is and whether the company publishes regular and detailed reports explaining how messages are encrypted and how user data is protected from, say, government surveillance – the rankings look like this:

COMPANY

SCORE (OUT OF 100)
Facebook 73
Apple 67
Telegram 67
Google 53
Line 47
Viber 47
Kakao 40
Microsoft 40
Snapchat 26
BlackBerry 20
Tencent 0

To give you an idea, compare the summary of top-ranked Facebook and bottom-ranked Tencent (from the press release):

Facebook, whose instant messaging apps Messenger and WhatsApp together have 2 billion users, is doing the most to use encryption to respond to human rights threats, and is most transparent about the action it’s taking. WhatsApp is the only app where users are explicitly warned when end-to-end encryption is not applied to a particular chat, but Messenger does not apply end-to-end encryption as a default, and does not warn users that regular conversations use a weaker form of encryption. […]

Tencent owns the two most popular messaging apps in China, WeChat and QQ, and is bottom of our message privacy scorecard, scoring zero out of 100. Not only did it fail to adequately meet any of the criteria, but it was the only company which has not stated publicly that it will not grant government requests to access encrypted messages by building a “backdoor”.

Amnesty International says it’s releasing this scorecard to raise awareness of the importance of privacy in a world where everyday communications are targeted by cybercriminals, malicious hackers, and government spies:

Young people, activists and journalists who share personal details over messaging apps are especially at risk.

Many of us trust these apps with intimate details of our personal life. Companies that fail to take basic steps to protect our communications are failing that trust.

Obviously that’s not always easy for the aforementioned companies – particularly Tencent, which is based in a country where media censorship is a daily reality (as is jail time for people who defy that censorship).

Also, one reason many digital service providers only go so far with encryption and privacy is because of a lack of legal requirements or business incentives. If the law doesn’t require end-to-end encryption and transparency reports, and if customers aren’t demanding them – or churning specifically because of privacy concerns – then companies have no real reason to invest in encryption of privacy policies any further than they already have.

However, that’s changing – customers are much more aware about privacy and personal data collection than they used to be (especially in countries where communications are routinely monitored and censored), while more governments worldwide are at least making an effort to codify data privacy regulations and accountability. This is encouraging, since customers and regulators have far more influence over messaging privacy policies than NGOs. (Sorry, but I rather doubt any of the companies above will be inspired by the Amnesty International list to try for a higher score.)

If nothing else, that awareness is going to grow as the communications industry overall (telecoms, OTT, broadcast, etc) adopts big data analytics and location-based technologies that enable, say, driverless cars and augmented reality apps like Pokemon Go. If DSPs and OTTs ever hope to make any money from these services, they’re going to have to get the privacy parts right – ideally to the point of being as proactive as Amnesty International is demanding.

If they don’t … well, there’s always the fallback of devastating and potentially embarrassing headlines recounting consumer privacy horror stories. That might work too.

1 Comment

What do you think?

This site uses Akismet to reduce spam. Learn how your comment data is processed.