Ever since Facebook’s billion-dollar acquisition of Whatsapp, privacy conscious users have been on the hunt for a new messaging app. Stiftung Warentest, which is a leading German consumer safety group, has tested out data protection for WhatsApp, as well as alternative messaging apps Threema, Telegram, BlackBerry Messenger and Line.
These tests were conducted on both iOS and Android versions of the app. Focus is on data protection, with general use, fanbase and other aspects of the messaging service ignored. Only one of the apps scored a ‘Not critical’ rating.
WhatsApp: Privacy rating: ‘Very critical‘.
– Does not use end to end encryption. Address book data transferred without consent. Phone number of user shared with third party, unencrypted.
-Any changes from the sale to Facebook are unclear as of now, however from the terms it seems pretty clear that user data can now be passed on or sold to the new owner, Facebook.
Telegram: Privacy rating “Critical‘
-End-to-end encryption is available, but only if users enable it, otherwise data is transmitted in the clear. App automatically saves all contacts without consent of users.
BlackBerry Messenger: Privacy rating “Very critical”
-Whether BBM uses end-to-end encryption could not be verified. The iOS version shares your first and last name with third parties, and user entered data (possibly including message content) is transmitted unencrypted. The Android version transmits encrypted user data, but in greater depth, e.g. username and password, D.O.B, first and last name, country of origin, email address and security question.
-BBM’s terms allow them to combine data collected from the app with other sources, to build a detailed and accurate profile of the user for advertising purposes. They also have rights to forward data to third parties.
LINE: Privacy rating “Very critical”
-End to end encryption not provided. The Android app transmits your IMEI number, unencrypted, to a third party. The iOS version transmits the IDFA, but users are able to change the IDFA or prevent transmission of this. Older iOS versions (before iOS 7), transmit the MAC address of the device, but this is encrypted and only transmitted to LINE.
Threema: Privacy rating “Not critical”
– End-to-end encryption between users. iOS version sends the user ID to Threema, but this is encrypted. Android version does not send user data to Threema or third parties.
-Threema is not open source, so complete tests could not be done on the encryption. Testers are able to state the app does not transmit user data unencrypted, but whether all communication is fully encrypted wasn’t testable.
There’s always the theoretical chance of a hidden association with the NSA, as people like to point out. Also, there’s no guarantee one of these apps will not be bought over in the future. But for now, it seems that Threema is a pretty good alternative to Whatsapp.