Whereas people frequently use any number of messaging and communications tools in their private lives, work is a different matter. At the office, phone calls, e-mails and face-to-face meetings are largely still standard practice in many industries, at least when it comes to private businesses. Government agencies seem to lag far behind. This seems especially true of offices and agencies that deal with sensitive or even secret information.That is because such agencies not only depend on the functionality of messaging apps but also on their ability to protect data as well as comply with privacy laws. Still, no government — not Germany, nor any others in the EU — had mastered this complex problem before the new COVID-19 pandemic forced the world to begin video conferencing. Now, digitalization has been catapulted forward by the need for such tools in this time of social distancing. So what apps are on the market and what are their pros and cons?
Security Is Not Privacy
Watch video 12:01
Why tracking personal data to fight coronavirus could be problematicFrom WhatsApp to Signal WhatsApp is undoubtedly the benchmark messaging app of the day. European Union politicians concluded much of their Brexit negotiations using the tool; it even gave rise to a new term within the European Commission — "WhatsApp diplomacy." However, in February, the European Commission suddenly instructed employees to switch to the popular messaging app Signal due to growing security and data privacy concerns with WhatsApp. Numerous reports have emerged in recent years that WhatsApp's end-to-end encryption may not be sufficient to ensure the privacy of users' data or prevent hackers from using the app to install spyware on devices.
Read more: Jeff Bezos, blackmail and the Saudi crown prince But what is different about Signal? Unlike WhatsApp, Signal is not a commercial program developed by a communications company, but rather one developed by data privacy activists and cybersecurity experts. Signal's program code is open source and available to all online, allowing it to be constantly updated and improved.
Beyond that, for more than a year now, Signal has been employing the principle of the sealed sender, which hides a message's metadata — information on the sender, recipient and time attached to every message. Signal also claims that is the reason it does not store the IP address of a message's sender.
Threema is a similar messaging tool. It, too, encrypts messages end-to-end and forgoes the collection of metadata. Yet Threema goes a step further. The app does not require users to create a profile with their e-mail address or telephone number. Instead, it simply assigns users an anonymous ID. Threema's program code, however, is not entirely open source.
Watch video 04:44
Secure alternatives to Google & Co.Viber, ICQ and Zoom But security is not the only criteria an app is measured by. One can see this when looking at the messaging app Viber. It also features end-to-end encryption on its free voice-over IP (VoIP) and instant messaging (IM) app. And after numerous complaints, that same encryption was also applied to Viber's picture and video services. Yet, those security lapses were not the most grievous problem with the app according to critics. Rather, Viber's approach to data privacy raised the ire of observers.
Decompiling the app also allows an adversary to understand how the app detects jailbroken mobile devices, which, once vulnerabilities (such as API keys, private keys, and credentials) are found in the source code, results in theft of money through banking trojans, username/password theft or account takeover using overlay screens, and the theft of confidential data."
Security concerns have also plagued Zoom, which was initially hailed as a corona-era godsend. The video conferencing app's popularity skyrocketed when the virus put the world on lockdown because it promised to deliver what the world needed: uncomplicated interconnectivity. The stable and easy-to-use app also boasts the ability to allow up to 100 people to participate in video conferences.It now seems, however, that praise of Zoom was premature. Security gaps were so grave that stories of unauthorized third parties hacking into video conferences began to make headlines. Before long the FBI even issued an espionage warning about the app when it was found that strains of its encryption code had been routed through servers in China. Last week it was also reported that tech giant Google officially prohibited employees from downloading the app onto their work computers over security concerns.
Watch video 05:00
The commercial potential of data
Governments developing their own apps
Unlike private users, governments have other options: Namely, they are free to contract companies to develop bespoke communications tools that only they can use. This seems to be a trend at the moment. Around the time when the European Commission instructed employees to switch to Signal this February, reports also emerged that the European diplomatic corps had also begun work on its own bespoke messaging service.In late March, the German Chancellery also confirmed that it had begun testing a messaging app from the Berlin-based company Wire. The company not only touted the app's technical and security advantages, but also its ability to guarantee adherence to strict EU data privacy rules by virtue of Wire's location within the EU. Ulrich Kelber, Germany's data protection commissioner, specifically instructed authorities to pay close attention to that particular issue when looking for safe communication options.
Such concerns have also led the Hanover-based company stashcat, which provides communication tools to state police in Lower Saxony, to tout its own expertise when it comes to security and data protection. German telecoms trade media has reported that Germany's Ministry of Defense and its army, the Bundeswehr, have been testing stashcat messaging tools since the coronavirus pandemic broke.
No way to fully protect oneself
So which messaging tool offers 100% security? The answer is as simple as it is unsettling: None. As hackers and cybersecurity experts have said all along, there is no such thing as 100% security. Instead, users must be content with programs that offer trade-offs on security and privacy.
Beyond that most basic concern, individual apps all have a number of unique advantages and disadvantages. For even the most secure apps are of little value if no one else is using them, if they are too expensive, or if they function poorly — the reasons why most small companies have the hardest time competing with giants like Google, Apple and Facebook.
Thus, as not all messaging apps that work well for individuals can do the same for authorities and big companies, and as individuals cannot afford to develop their own apps, one reality will likely dominate the near future: Most individuals will use one or more apps for private communication, one for work, one for groups, one for video calls and yet another just to try out.
This article has been amended to remove factual errors.