Mobile Technology

Apps to easily encrypt your text messaging and mobile calls

Apps to easily encrypt your te...
Free or inexpensive apps to secure your mobile communications (Image: Shutterstock)
Free or inexpensive apps to secure your mobile communications (Image: Shutterstock)
View 9 Images
TextSecure lets you text everyone in your contact list, not just those who use the app
1/9
TextSecure lets you text everyone in your contact list, not just those who use the app
Wickr messages disappear after a configurable amount of time and screenshots are disabled by default
2/9
Wickr messages disappear after a configurable amount of time and screenshots are disabled by default
CoverMe gives users a vault of secure media to add into texts
3/9
CoverMe gives users a vault of secure media to add into texts
GliphMe is a feature of Gliph that allows for anonymous conversations over the web to reach those who don't have the app installed
4/9
GliphMe is a feature of Gliph that allows for anonymous conversations over the web to reach those who don't have the app installed
OStel is an open standard for a secure mobile network integrated into various mobile and desktop clients
5/9
OStel is an open standard for a secure mobile network integrated into various mobile and desktop clients
Signal and RedPhone can work in the background while using the default dialer to secure calls with other users of the app
6/9
Signal and RedPhone can work in the background while using the default dialer to secure calls with other users of the app
Sound integration and multiple separate identities are two unique features of the text messaging app surespot
7/9
Sound integration and multiple separate identities are two unique features of the text messaging app surespot
Telegram offers two kinds of messaging depending on the level of security you require
8/9
Telegram offers two kinds of messaging depending on the level of security you require
Free or inexpensive apps to secure your mobile communications (Image: Shutterstock)
9/9
Free or inexpensive apps to secure your mobile communications (Image: Shutterstock)

Mobile phone users are becoming more savvy to the potential security risks of standard, unencrypted text messaging and wary of government intrusion into everyday communications. Some consumers require encrypted phone calls for information-sensitive business requirements and others just don't like the idea of others prying into their personal lives. Gizmag takes a look at a sampling of the apps available for iOS and Android (and sometimes desktop) to encrypt mobile communications, both text messaging and phone calls.

These options may not be for running a coup in a war-torn country (though Open Whisper Systems offered its products early to protesters in Egypt), or be compliant with the United States' Health Insurance Portability and Accountability Act (HIPAA) (though some of these apps may be and may specifically claim to be so). There are also separate options more appropriate for businesses, with prices to match, but for the ordinary user who's concerned about man-in-the-middle attacks in coffee shops, or government intrusion on an "everyday" level, these apps could be enough.

We also don't claim to evaluate the security algorithms used with each app, though most have fairly detailed FAQs for those wanting more information and many have open source algorithms.

One should also distinguish between secure messages that are archived for users to access later, as you usually expect with texts, and ephemeral messages specifically not stored in the cloud or on servers and that will disappear locally after a set amount of time. Some of these apps offer both, and some have settings to change how long messages last. Most apps specifically only allow you to message or call other users of the app, but even if an app allows you to message or call your whole contact list, the communication will not be secure end-to-end.

Keep in mind that no app can get around physical security. If you choose not to set a passcode, then someone with physical access to your phone can read your messages, or if you send racy photos with an app that disables screenshots, the end party can always circumvent that more clumsily with an ordinary camera. In other words, prudence is still necessary if you're truly concerned with privacy. That caveat in place, let's take a look at six text messaging apps and two phone apps that will help you secure your mobile communications.

Secure Text Messaging Apps

TextSecure and Signal

TextSecure lets you text everyone in your contact list, not just those who use the app
TextSecure lets you text everyone in your contact list, not just those who use the app

  • Unique feature: Message everyone in your phone list, even if they don't use TextSecure.
  • Security: Uses independently developed algorithms, including those implementing forward secrecy in which a new key is generated for each message.
  • Open Source.

TextSecure, created by former Twitter security researcher Moxie Marlinspike's Open Whisper Systems, is the only app we looked at that can be used to message anyone in your existing phone list, even to the point where it's a seamless replacement for the default text messaging client. Bear in mind, though, that end-to-end encryption will only exist in conversations with other TextSecure users, though you'll be informed when a conversation is insecure.
Some of the options to increase security include scanning encryption keys in-person with contacts to prevent man-in-the-middle attacks, and disabled screenshots by default. Also set by default is sending messages via data rather than SMS to avoid storing metadata with your cellphone provider.

In the future, Open Whisper Systems plans to release its text messaging service for desktop systems and Signal, its secure phone call app for iOS. You also have access to the same text encryption if you use CyanogenMod on your Android phone.

Available for free on Android (and announced for desktop and the Signal app on iOS).

Wickr

Wickr messages disappear after a configurable amount of time and screenshots are disabled by default
Wickr messages disappear after a configurable amount of time and screenshots are disabled by default

  • Unique feature: Ephemeral chats and photos which can be made to disappear in anywhere from 3 seconds to up to 6 days.
  • Security: Wickr has staked its claim with public independent assessments, as well as placing a large bug bounty on its "military-grade security," and champions its warrant canary, or a secret indicator to its user base when the company has received a secret government subpoena to release information.

Wickr is a client for those who want to know that their messages and photos are not readable after a certain amount of time, even by the receiving party. Metadata is stripped from photos before being sent, and messages automatically disappear a set amount of time after being read.
Users can also send audio, video, and PDF messages from their devices and Dropbox or Google Drive storage. Customize your experience by setting how you want people to be able to find you (if at all), shredding remains of deleted local files, and creating group chats of up to 10 people.

Available for free on iOS and Android.

Telegram

  • Unique feature: Choose between either ephemeral chats that are never saved anywhere or cloud-accessible messages for when you do want to return to the conversation.
  • Security: Telegram also had its own hacking bounty, which is sometimes controversial, but drives home the point that as a company, Telegram is not only interested in knowing about flaws in its application, but is willing to stake its reputation (and money) on it.

Telegram is described by its creators as WhatsApp, but encrypted, cloud-based, and faster. You can share media and messages to up to 200 people at once. Choose between secret chats that leave no trace on the Telegram servers, have a timer for deletion and cannot be forwarded, and cloud-based messaging that's still secure, but is available on the cloud to return to later.
Available for free on iOS and Android, and unofficially available on desktop and Windows Phone.

Gliph

GliphMe is a feature of Gliph that allows for anonymous conversations over the web to reach those who don't have the app installed
GliphMe is a feature of Gliph that allows for anonymous conversations over the web to reach those who don't have the app installed

  • Unique feature:Communicate with non-Gliph users via a unique group chat interface, and access BitCoin transfers, email cloaking services, and a user "name" that doesn't rely on real information.
  • Security: Gliph has an honest description of what its security entails, and when you might choose something else (i.e., if your life is in danger).

Gliph has a few unique features that might prompt you to choose it over other apps, if you have need of those things. It is more targeted as a tool to avoid exposing your information in public places, such as listing a Craigslist ad, posting online, or starting discussions on the web. GliphMe gets around requiring all messages to start and end with Gliph users by creating a web interface that allows people to jump into a conversation securely with a Gliph user.
As with some other apps, EXIF data is stripped from photos, and you can remove a photo from everywhere (the server and both your side and your recipient's) all at once.

Available for iOS, Android and desktop. Free for the main client, with cloaked email addresses available through in-app purchases.

surespot

Sound integration and multiple separate identities are two unique features of the text messaging app surespot
Sound integration and multiple separate identities are two unique features of the text messaging app surespot

  • Unique feature: Allows multiple identities that don't share keys, preferences, or contacts.
  • Security: As with some other apps, requires setting a password that cannot be reset or recovered, and allows users to view each other's public keys offline to verify that there's no man-in-the-middle attack occurring.
  • Open Source.

The surespot app has a few tools to independently manage different identities on one device, giving users the ability to separate business and personal communications. It also integrates voice chat and flexible photo control over unlocking, locking, and deleting photos from recipients' phones.
Available for free on iOS and Android, with US$1.99 to add voice integration.

CoverMe

CoverMe gives users a vault of secure media to add into texts
CoverMe gives users a vault of secure media to add into texts

  • Unique feature: The CoverMe Vault securely stores all sorts of media, and the app adds many features to hide your identity and number.
  • Security: CoverMe allows you to call and text CoverMe nonusers by purchasing a phone plan with them; however, only phone calls and messages with other users will be encrypted end-to-end.

Where TextSecure elegantly adds in the ability to text nonusers, CoverMe adds several bells and whistles to accomplish the same thing, but with additional charges. However, there are several features that might appeal to some users, including; a vault to store passwords, photos, docs, and more; the ability to hide the app on the phone (for example, for use if you live in a country that bans the encryption of one's internet communications); and the ability to hide contacts. If your friends don't use CoverMe, you can purchase private, anonymous phone numbers to contact others, but as with other apps, these communications won't be encrypted en route to your friend.
Available for free on iOS and Android, with premium features costing US$4.99 and additional fees for CoverMe VoIP phone number plans.

Secure Mobile Calling Apps

RedPhone and Signal

Signal and RedPhone can work in the background while using the default dialer to secure calls with other users of the app
Signal and RedPhone can work in the background while using the default dialer to secure calls with other users of the app

  • Unique Highlight: Use of the default dialer in Android makes secure calls without requiring forethought.
  • Security: RedPhone and Signal encrypt PUSH data from even Google's and Apple's eyes and only the most necessary metadata is used to route calls.
  • Open Source.

Eventually these two apps will be merged with their text messaging component TextSecure, but for now, bear with the two different names. Android users can make secure calls to iOS users.The apps still work via the default dialer even if you never open the app a second time, and if you make a call to a fellow RedPhone or Signal user, you'll be asked if you want to upgrade to a secure phone call.
RedPhone (Android) compatible with Signal (iOS), and announced development on desktop. Free download.

OStel

OStel is an open standard for a secure mobile network integrated into various mobile and desktop clients
OStel is an open standard for a secure mobile network integrated into various mobile and desktop clients

  • Unique Highlight: Open standard for secure phone calls means lots of different ways to use it.
  • Security: Each OStel client has novice or advanced settings, with advanced settings allowing for ZRTP, a protocol created by the PGP inventor and also used in RedPhone and Signal.
  • Open Source.

OStel is the public implementation of a defined standard for an Open Secure Telephone Network (OSTN), with a principle of "promoting the use of free, open protocols, standards and software, to power end-to-end secure voice communications on mobile devices." To make use of OStel, you'll need to create an account with OStel (no personal info required) and then download the appropriate app for your phone or desktop OS. Both ends must be using OStel, and users cannot be on landlines or use a SIM card.
Available on Android, iOS, desktop, and more – see full list. Pricing depends on platform, with some free.

What should you use?

Given that the highest level of security exists when both ends of a connection are using the same app, one could argue that you should use the app where you already have the largest existing contact list. But as I was installing new apps, though I occasionally was informed that an existing friend of mine already used the app, I generally had no contacts already using the service. In order to enjoy the level of security the app was meant to provide, I would have to recruit my friends and colleagues, and accordingly, most of the apps had fairly visible methods to do so.

Compounding the lack of user base in some of these apps is the large number of secure phone and text clients available even for free. Arguably the population of interested users is being split among each app and walled off from other users. I didn't even list secure VoIP calling plans that sell minutes for calling outside the user circle because, again, this seemed counterintuitive to being able to increase rather than decrease the number of one's contacts in a secure network, instead focusing on apps that are cheap enough to not be considered an additional mobile plan.

I was forced to accept was that, were I to choose an app for personal needs and not for a business or group setting where I could require all members to use the same app, I would choose the one that natively fit best into how I text and call. That way, I would enjoy the end-to-end security when it was available, but have to resign myself to local encryption otherwise.

My personal choice to meet this standard is the Open Whisper approach of making encryption seamless and transparent because I didn't have to change anything about how I communicated, and thus it was more likely that I (and others) would continue to use their apps. Similarly, OStel may also work for this purpose in the future if additional developers integrate the standard into more products.

However, I also came to the conclusion that there is no downside for choosing to encrypt my communications regardless of which app I chose, until there's a better default standard for mobile encryption to prevent against man-in-the-middle attacks, surveillance-friendly carriers and leaked phone metadata.

6 comments
Tinja Nurtle
try www.galaxkey.com
Packetwraith
Why didn't you review RokaCom (www.rokacom.com) ? It has secure/encrypted messaging and phone / video calls. It does both in one. Better yet, its encryption keys are created and stored on the users' device so someone would have to have access to your mobile device to decrypt anything.
plumcake
Take a llok at Amtel Plum (amtelplum,com). Secure texting and calling with an enterprise focus. Neat BYOD privacy solution with a separate dual business phone number for personal phones and tablets.
Kenny Nguyen
The app YouVeil gives you Top Secret encryption from end to end for SMS text messages. YouVeil can do text message in group, too, so that secretive organizations can use this Android app for encrypted communication and command center.
Gui Terras
Well, I don't really think this app is good, I prefer Helloooapp, just and swipe messages, We don't have to write anymore ;) itunes.apple.com/app/id954153672?at=10lIMc&ct=954153672 do you know if it safe?
AngelChanel
I like wecam The video is encrypted and u have text and location options too.