27674385606
AVG Signal Blog Privacy Privacy Tips The Most Secure Messaging Apps
Safest_Encrypted_Messaging_Apps_for_Android_and_iOS-Hero

Written by Ivan Belcic & Caroline Corrigan
Published on May 26, 2022

What are secure messaging apps?

Secure messaging apps are private chat apps that use end-to-end encryption to secure data across the entire journey from sender to receiver. The data is encrypted when sent, then decrypted at its destination — at no point during this journey can anyone access the data.

End-to-end encryption also prevents secure messaging apps from storing copies of your communications on their servers. In the event of a data breach, any leaked conversations will still be secured.

Best encrypted messaging apps


Private messaging app

Compatibility

Cost

Apple iMessage

iOS, macOS

Free

Dust

iOS, Android

Free

Facebook Messenger

iOS, Android

Free

Google Messages

Android

Free

Line

iOS, Android, macOS, Windows

Free

Signal

iOS, Android, macOS, Windows, Linux

Free

Silence

Android

Free

Telegram

iOS, Android, macOS, Windows, Linux

Free

Threema

iOS, Android

$3.99

Viber

iOS, Android, macOS, Windows

Free

WhatsApp

iOS, Android, macOS, Windows

Free

Wickr Me

iOS, Android, macOS, Windows, Linux

Free

Note: All messaging apps on this list use end-to-end encryption.

The most secure messaging apps for Android and iPhone

The most secure messaging apps for Android and iPhone are texting apps that include end-to-end encryption, are encrypted by default, store minimal (or no) data, don't track your phone, and are built with open-source code. Many of the most secure messaging apps for mobile are also available as desktop applications.

Apple iMessage

Apple’s iMessage is the most popular texting app for iPhone, and it’s supported by the Messenger application on iOS version 5.0 and later. Letting users send texts, documents, videos, photos, contact information, and group messages over the internet, iMessage is very popular among iPhone users. Keeping your iPhone safe is one thing, but is iMessage actually secure?

Price: Free

Compatibility: iOS, macOS

Security features: End-to-end encryption, self-destructing messages, messages deleted from servers automatically

iMessage only encrypts messages between iPhone users. On other devices, it functions as a typical unencrypted texting app. FaceTime — iMessage’s partner app — encrypts voice and video calls. In later iMessage versions, users can control how long each photo, video, or message will appear before it disappears (self-destructs), and how many times the viewer can see the message.

Security risks: Known encryption weaknesses, iCloud backups

In 2019, researchers from Project Zero presented six high-level exploits that allowed them to use iMessages to take over a user’s device. And in 2021, the Pegasus spyware was shown to exploit an iMessage vulnerability. However, Apple is quick to patch vulnerabilities when they appear.

If you back up your iMessages to iCloud, these messages are encrypted using a key controlled by Apple, not you. While Apple has refused to create “back doors” into their system or weaken encryption, they and other tech companies do have a history of cooperating with authorities and turning over information stored on the cloud.

Dust

A discreet messaging app, Dust lets you send private messages, photos, and videos (no voice or video calls) called “Dusts” to your contacts that disappear shortly after being read. “Blasts” are another type of message that can be sent to multiple recipients at once, but received privately. You can also start group chats.

Price: Free

Compatibility: iOS, Android

Security features: End-to-end encryption, no permanent storage, screenshot alerts, self-destructing messages (called Auto “Dust”)

Rather than storing messages on your phone or on Dust’s servers, they’re sent to the app’s RAM until they are accessed by the receiver. Messages can be erased automatically within 24 hours or as soon as they’re read, and you can even erase your messages off of other people’s devices.

Security risks: Closed-source encryption protocol

Facebook Messenger

Facebook’s secure texting app is available for both iPhone and Android phones, and is a convenient way to keep up with friends and family thanks to its sheer popularity. Its user base alone makes it one of the top chat apps for iOS and Android.

Price: Free

Compatibility: iOS, Android

Security features: End-to-end encryption, self-destructing messages

In 2016, Facebook added its Secret Conversations feature so you can send secure messages with the Signal end-to-end encryption protocol (also used by WhatsApp). While Signal and WhatsApp have end-to-end encryption by default, Secret Conversations must be manually activated.

Security risks: Encryption not enabled by default, privacy concerns

News broke in 2018 that Facebook had been collecting information about the calls and texts of its Android users through a permission that allows the app to import phone contacts. They were caught doing it again a year later. Concerns about data collection overreach are still piling up — with plenty of reasons to believe Facebook is helping itself to your data.

Google Messages

The default messaging app on Android devices, Google Messages is now introducing end-to-end encryption via the Signal protocol — but only on direct conversations between two users. Group chats won’t be covered with end-to-end encryption, nor will the feature be enabled by default.

Price: Free

Compatibility: Android

Security features: End-to-end encryption, open-source encryption protocol

Security risks: End-to-end encryption off by default, encryption possible only with online messages

End-to-end encryption applies only to messages between two people who both have encryption activated. Even then, encryption applies only to direct messages sent online — not to SMS messages or group chats.

Line

Line is the leading messaging app across much of East and Southeast Asia. Line’s ecosystem includes not only encrypted messaging but VoIP calling, games, security tools, media portals, healthcare consultancy, and even mobile phone plans.

Price: Free (includes premium in-app services)

Compatibility: iOS, Android, macOS, Windows

Security features: End-to-end encryption, antivirus add-on

Android users can install a security add-on that claims to detect malware or other malicious activity on phones, but results are mixed at best. You’re much better off protecting your phone with a dedicated Android security app from a reliable security partner instead of using a private messaging app alone.

Security risks: Incomplete encryption, encryption weaknesses

Known in the app as “Letter Sealing,” end-to-end encryption must be manually activated. Line’s November 2020 encryption report shows end-to-end encryption on messages only — not for other forms of communication such as voice messages or stickers. As several cybersecurity researchers discovered in 2017, Line’s encryption methods at the time left user data open to potential exploit by clever hackers.

Signal

Signal has been touted as the most secure messaging app by security experts and government organizations worldwide. Available as a free instant messaging app on iPhone, Android, and desktop computers, Signal provides end-to-end encryption via its Signal protocol: the gold standard of mobile encryption. It’s easy to see why Signal is often cited as one of the best iPhone security apps.

Price: Free

Compatibility: iOS, Android, macOS, Windows, Linux

Security features: End-to-end encryption, PIN access, open-source code, self-destructing messages, minimal data storage, password security

Signal’s safe chat app encrypts messages, voice calls, group messages, and video calls. You’ll set a PIN that’s used to set Signal up on new devices, and a password that allows you to lock the app. And, unlike many other messaging apps, Signal only stores the metadata required for the app to work, such as your phone number, random keys, and profile information.

Security risks: Links to phone number

As arguably the most secure messaging app, Signal has virtually no security risks — though your account is linked to your phone number. As long as the app’s developers continue to fix vulnerabilities quickly, Signal will remain at the top of the messaging apps food chain.

Silence

Formerly known as SMSSecure, Silence is a secure messaging app that encrypts messages locally on your device as well as in transit. Managed by volunteers who maintain the app’s open-source code, it may be one of the best privacy apps for Android, but there’s no iOS version.

Price: Free

Compatibility: Android

Security features: End-to-end encryption, local encryption, open-source code, no personal data required, SMS-based messages

Silence encrypts messages locally on your device — if someone else gets your phone, your communications will be safe. No email address or any other personal data is required to use Silence. And, if you lose internet access, you can still send and receive encrypted messages.

Security risks: Limited user base

Silence isn’t supported on iOS or desktop, and a relatively small Android user base means that the majority of your communications will need to be sent via another secure messaging app.

Telegram

With over 500 million users monthly, the secure messaging app Telegram has steadily grown in popularity since its debut in 2013. It’s known for its unique group chat feature that can support up to 100,000 members.

In 2018, Russia banned Telegram after the encrypted messaging app refused to hand over its encryption keys. Telegram has also been criticized due to its status as the preferred messaging app of ISIS. Events like these fuel the ongoing debate about when and if secure messaging apps should cooperate with law enforcement at the expense of user privacy.

Price: Free

Compatibility: iOS, Android, macOS, Windows, Linux

Security features: End-to-end encryption, passcode lock, two-step verification (2FA), open-source code, self-destructing messages, remote logout, account self-destruct

Telegram’s suite of privacy features includes two-step verification, requiring you to use both an SMS code and a password to log in. You can also set up a recovery email address in case you forget your password — just make sure to avoid common password mistakes. And, if you do forget your password or stay inactive for 6 months, your account will automatically self-destruct — wiping clean all of your messages and data.

The company also hosts a hacking challenge, which lets hackers attempt to break their encryption and decipher messages — with a $300,000 reward on the line. This helps ensure that any potential vulnerabilities are found and fixed.

Security risks: Encryption off by default, chat data logging, proprietary encryption technology

Your chat data is saved on Telegram’s servers unless you turn on Secret Chat. The company claims this is in case you lose your device and want to recover your messages, but from a security standpoint, it’s a big no-no. Telegram also created its own MTProto protocol instead of using one that’s already proven secure — questions have been raised around the lack of transparency of this protocol.

Threema

Unlike most of the secure messaging apps featured here, Threema isn’t free. It comes at a one-time fee of $3.99. In addition to its private personal messaging app, Threema offers a suite of enterprise solutions for organizations wishing to shore up their internal communications.

Price: $3.99 (individual messaging app)

Compatibility: iOS, Android

Security features: End-to-end encryption, minimal data collection, open-source code, no personal data required, hidden chat app

All messages are deleted from the server and contact lists are stored locally on your device. Even Threema’s website is free of tracking cookies. You can use Threema anonymously and protect private conversations with a PIN, which makes it one of the top non-traceable text message apps.

Security risks: None

If you don’t mind the price point, Threema is a highly-secure messaging app — with a heavy emphasis on privacy.

Viber

One of the most popular secure messaging apps for Android and iOS, Viber has over a billion users worldwide. Viber secures messages, calls, group chats, and files via end-to-end encryption using its own encryption protocol.

Price: Free

Compatibility: iOS, Android, macOS, Windows

Security features: End-to-end encryption, disappearing messages, private chats, hidden phone numbers

Viber allows you to hide chats from your home screen and protect them with a PIN. If your phone is stolen, your confidential chats will still be safe. You can also start new chats without revealing your phone number, although Viber requires it when signing up.

Security risks: Encryption isn’t open-source

While Viber’s encryption protocol is based on the popular, open-source Signal protocol, it isn’t open-source itself. That means you’ll just have to trust Viber with your security.

WhatsApp

With over 2 billion users, WhatsApp is one of the most popular secure instant messaging apps for Android and iOS. Its massive user base is definitely one of WhatsApp’s strong points, along with its iOS and Android compatibility and ad-free experience. You can easily send text messages, photos, as well as short video and voice messages. But are WhatsApp chats private?

Price: Free

Compatibility: iOS, Android, macOS, Windows

Security features: End-to-end encryption, encryption verification, two-step verification (2FA), data not stored

WhatsApp uses a super-secure encryption protocol developed by Open Whisper Systems — the company behind secure messaging app Signal. Only the sender and receiver have the keys to decrypt messages sent via WhatsApp. The app also has a Verify Security Code screen that lets you confirm that your calls and messages are end-to-end encrypted. The code is presented as both a QR code and a 60-digit number.

Security risks: Unencrypted backups, phone number required, Facebook data sharing

WhatsApp added encryption protection to iCloud backups in late 2016. But until recently, Android phone messages backed up on Google Drive weren’t similarly protected. In September 2021, WhatsApp announced that encrypted cloud backups would be coming for all iOS and Android users later in the year.

WhatsApp was bought by Facebook in 2014 and has been sharing user data with the social media giant since 2016. In 2021, WhatsApp forced users to share more data with Facebook if they wanted to continue using the secure messaging app.

Wickr Me

Wickr offers a free secure messaging app for personal use (Wickr Me) as well as various tiers of premium solutions (Wickr Pro and Wickr Enterprise) for businesses. Though it began as an independent app, Wickr has since been acquired by Amazon.

Price: Free

Compatibility: iOS, Android, macOS, Windows, Linux

Security features: End-to-end encryption, screenshot detection, screen overlay protection, third-party keyboard blocking, secure shredder, anonymous signup

On Android, Wickr can detect screen overlays and stops working when an overlay is detected — helping to protect the app from TapJacking. And on iOS, Wickr lets you block third-party keyboards, preventing them from recording what you type. The Secure Shredder feature also adds an extra layer of security by ensuring your deleted files can't be recovered with special tools.

Security risks: None

Wickr is generally considered almost foolproof from a security standpoint. Though it was previously criticized for keeping its code closed-source, Wickr released its cryptographic protocol on Github in 2017 — making it one of the most secure messaging apps for Android, iOS, and desktop devices.

Which messaging app is the most secure?

In our experience, Signal is the most secure messaging app. Its open-source Signal Protocol is the industry standard for end-to-end message and voice encryption. As an independent, donation-funded company, Signal isn’t incentivized to monetize data. And its rapidly growing user base means that people you know are likely already using it.

For another option, consider Threema. Threema’s dedication to privacy means it doesn’t collect any of your personal info like your phone number or email address — not even on its website via browser cookies. Threema’s downside is its limited popularity — you may struggle to find other people you know who are using it.

What makes messaging apps secure?

End-to-end encryption is the defining feature of secure messaging apps, but it’s not enough on its own to do all the work. Other important security features include default encryption, open-source code, and minimal data collection, if any at all.

These features and capabilities work together to secure your messages, and they prevent others from tampering with the app itself to compromise your security or personal information.

End-to-end encryption

End-to-end encryption means your private chat messages are scrambled, and only the sender and receiver of the messages have the “keys” to read them. With end-to-end encryption, no one besides you and the person you’re talking to can decipher your messages.

An illustration showing how end-to-end encryption works in secure messaging apps.

After whistleblower Edward Snowden revealed the NSA’s global surveillance program, the importance of encryption and online privacy was made clear. Since then, many companies have added and improved encryption in their software. When checking an Android app for safety or evaluating an iOS app, look for end-to-end encryption as a minimum if you’re using it as a secure messaging app.

Default encryption settings

The most secure messaging apps have end-to-end encryption enabled as the default (or only) setting. Others require you to go into the settings and activate the encryption for communication, while others encrypt messages only in certain scenarios. Look for a private chat app that has end-to-end encryption set as the default.

Open-source code

Open-source code indicates the integrity of encrypted messaging apps, since it means that anyone can inspect the code for exploitable vulnerabilities. By opening an app up to outside experts, open-source code allows apps to be independently verified for security.

Minimal (or no) data collection

Some messaging apps may collect metadata, background information about you and your messages — including your contacts, the frequency and duration of your conversations, device information, IP address, phone number, and more. Look for a secure messaging app that doesn’t collect your data as part of its user agreement.

Setting up a VPN app on your mobile device can prevent the collection of some types of metadata. Otherwise, this metadata forms a digital footprint that companies use to target their ads more effectively. And in the event of a data breach, your collected data may be vulnerable.

Keep your data safe by encrypting your entire internet connection with a VPN. It’ll hide your IP address and real-world location to prevent anyone from identifying you or monitoring your online activities. Protect your online privacy and secure all your data with AVG Secure VPN.

Worst private messaging apps

If you’re on the hunt for the best encrypted messaging app, there are also a few apps to avoid. The following messaging apps will not protect your data with end-to-end encryption.

  • GroupMe

    As the name suggests, GroupMe is an app dedicated to group messages — but those messages aren’t end-to-end encrypted. GroupMe lets users receive messages via SMS, but apps can’t encrypt SMS messages — this may be why GroupMe has never implemented end-to-end encryption. If you use GroupMe, be sure never to reveal any sensitive personal data.

  • Instagram

    Instagram isn’t usually thought of as an instant message (IM) app, but Instagram DMs (direct messages) are a popular way to communicate. Sadly, they aren’t end-to-end encrypted. If you begin a conversation over Instagram and want to secure it, migrate the chat to one of the private messaging apps listed above.

  • Kik Messenger

    Kik is a free mobile messaging app for iOS and Android, but it’s missing several critical encryption features. While messages are encrypted in transit, they’re not fully protected with end-to-end encryption.

Encrypt all your data with a VPN

Online security and privacy extends well beyond your preferred messaging app. Even if you’re already using one of the best private messaging apps listed above, there are still ways your data can leak online. Public Wi-Fi exposes your data, and your internet service provider (or employer, or school) can monitor your online activity.

A VPN places your online privacy securely in your hands to protect your internet traffic from anyone trying to see what you’re doing. By encrypting your entire internet connection, AVG Secure VPN keeps your data safe and private on its way to wherever it’s going: a banking or shopping site, an online game, or even your favorite messaging app. Protect all your personal data with AVG Secure VPN.

Get private, encrypted messaging with AVG Secure VPN

Free trial

Get private, encrypted messaging with AVG Secure VPN

Free trial
Privacy Tips
Privacy
Ivan Belcic & Caroline Corrigan
26-05-2022