Are Your Messages Really Secure? How to Use Encrypted Apps Safely

Political media were sent into a tizzy after Jeffrey Goldberg, editor-in-chief of The Atlantic, published a story on March 24 revealing that weeks earlier, he had been accidentally added to a group chat on encrypted messenger app Signal. What made this group chat remarkable was that it featured several senior officials from the Trump administration, including Vice President JD Vance and Defense Secretary Pete Hegseth, discussing plans to bomb targets in Yemen. The incident instantly ignited fiery criticism over the Trump administration’s security practices. Former transportation secretary Pete Buttigieg wrote on Threads that “from an operational security perspective, this is the highest level of fuckup imaginable.” So, what are encrypted messaging apps, when should you use them in your business, and how can you prevent screwups like this epic one from the White House? Here’s a brief guide. What are encrypted messaging apps? Encrypted messenger apps enable people to send text messages that are protected with end-to-end encryption, a process in which an outgoing message is scrambled into gibberish, sent over the internet, and then unscrambled on the recipient’s device. This process is achieved by using “keys,” which are lines of code that encrypt and decipher text; they prevent anyone other than the sender and recipient from reading messages, even the platform being used to send them. Two devices with matching keys can securely pass messages to each other. Many messaging apps offer end-to-end encryption as table stakes: Apple’s iMessage added end-to-end encryption in 2011, and WhatsApp switched to the security measure in 2016. What makes Signal unique is that it’s a nonprofit powered by an open-source protocol, funded by grants and donations. This means that, unlike 23andMe for example, there’s no risk of Signal getting acquired by a profit-seeking company. A good example of a form of smartphone-based communication that’s not end-to-end encrypted? An old-fashioned SMS text. In summary, if you want to avoid the snooping eyes of a third party, consider using an app with end-to-end encryption, like iMessage, WhatsApp, or Signal. What are the best practices for using these apps? Just because you’re using a messaging app that offers end-to-end encryption, it doesn’t mean that your conversation is totally secure. “We should all be very careful not to assume that encryption equals security,” says Matt Howard, senior vice president and chief marketing officer at data security platform Virtru, which helps enterprise clients (including the Department of Defense) control the flow of data within their organizations. Using end-to-end encryption is necessary for keeping your communications secure, he says, but it’s just the start of a healthy security strategy. The most important security measure you can take, according to Howard, is to ensure all of your devices have strong password protection and multifactor authentication. “Oftentimes, the importance of basic hygiene around passwords is overlooked,” he says, adding that poor password hygiene is a leading cause of data breaches. Howard also says that when you use end-to-end encryption services like Signal, you should be intentional about your data retention policies. Apps like Signal and Discord allow users to set messages to auto-delete after a certain period of time. But your business may want to preserve encrypted text for future records or to stay in compliance with any external vendors you may be working with. There are other common-sense steps to take too. For example, if you’re looking at your phone in a public place, all the encryption in the world isn’t going to stop someone from potentially reading your messages over your shoulder. And a screenshot from an otherwise private conversation could be shared more widely, too. One more piece of advice: Be deliberate when adding people to the conversation. When sharing sensitive information with others, Howard says, “just make sure you know the identities of the people you’re choosing to share it with—maybe double check the people who have been invited to the group chat before you hit send.” BY BEN SHERRY @BENLUCASSHERRY