Are Apps like WhatsApp and Signal Really Secure?
You’ve probably heard of the Vault 7 leak by now, which deals with an incredible amount of exploits used to see and steal what you think is private information. This isn’t just limited to Android, but extends to Windows, Apple products, and even vehicle control systems. These are all exploits found, and in some cases even purchased by the CIA.
So what does all of this mean for you and other Android users? If you’ve been using apps like WhatsApp or Signal that use a specific type of encryption, do you know if your information is still secure? Depending on the type of encryption your messaging app uses, you don’t have anything to fear.
How Big is the Vault 7 Leak?
The US hasn’t had a leak of information on this scale since Edward Snowden’s report on the NSA, and Vault 7 leak on the CIA might have an even bigger impact. When Vault 7 was first reported on, encryption for apps like WhatsApp and Signal came under fire, but it was later confirmed that apps like these are safe as long as they use a specific type of encryption.
If you’re interested more in the scope of Vault 7, I recommend you take a look here. There’s a lot to cover about the leak, so I won’t be going into it here. Instead, I want to focus on what the uncovered exploits mean for Android, and encrypted services like Signal and WhatsApp.
The Safest Type of Encryption
While the news broke that some forms of encryption were compromised on Android devices, end-to-end encryption is still the safest form of encryption for messaging apps. It’s by no means impregnable, but if your messaging app uses end-to-end encryption you don’t have as much to worry about.
If you’re using WhatsApp or Signal for all of your encrypted messages, you’re still just as safe as you’ve always been. These two apps aren’t the only ones to adopt end-to-end encryption, but not every encrypted service uses this type of encryption. If you’re using something besides WhatsApp or Signal, see what type of encryption they’re using as soon as possible.
What’s So Safe About End-to-End Encryption?
When you send a message with end-to-end encryption, it isn’t impossible to intercept, but it’s impossible to read unless you have the key for the message. The only way to get the key for the message is to be the recipient for the message, effectively making it so the only one reading the message is who it’s intended for.
There are only two ways your information is vulnerable with end-to-end encryption. The message can still be intercepted before it’s encrypted, or another user can impersonate the recipient for the message to get the key.
As it stands, there isn’t anything you can do about these kinds of attacks, but that’s always been the case. There haven’t been any new exploits leaked so far with Vault 7 or otherwise that have revealed any new ways to break end-to-end encryption, so it’s still the safest option available.
What Does the Vault 7 Leak Mean for Android
While end-to-end encryption in apps like WhatsApp and Signal are still safe, this doesn’t mean exploits weren’t leaked that are a threat to Android users. At least, if not more than, 23 different exploits were leaked that are designed to target Android systems, and steal what was once thought to be secure.
What’s important to remember about the significance of the leak is that while information about these exploits were allegedly kept confidential, none of them were reported. We’re only hearing about them now because of the Vault 7 leaks, meaning there could be more Android related exploits we still don’t know about yet.
Leaks about exploits and software like “Weeping Angel” are ones that concern me the most. Because of a flaw in Samsung Smart televisions, Weeping Angel can turn them into a covert listening device without the consent of the owner. As we learn more and more about these exploits, it’s possible something like this will additionally surface on Android.
How Can You Keep Your Data Safe?
While it sounds like the only way you’d be able to stop something like Weeping Angel would be pulling the battery out of your phone, what about the other exploits?
Using messaging apps and services that use end-to-end encryption is the best way to combat exploits that attack encrypted messages. If you’re using Signal or WhatsApp, it’s still just as safe to use them today as it was yesterday.
Aside from using the best type of encryption possible, to keep your stored data safe, don’t forget to set up two step verification wherever it’s possible. A keylogger, or other password theft attempts can’t break through two step verification, so combining this with end-to-end encryption is a surefire way to make sure your Android is as safe as possible.
Despite numerous Android exploits being uncovered, apps like WhatsApp and Signal are still just as secure as they were before the Vault 7 leak. Since those apps use end-to-end encryption, they’re still safe to use, and still will be until that type of encryption is easily cracked.
As long as you use end-to-end encryption, use two step verification, and stay aware of malicious software, your data and messages are as safe as possible.
However, security, is not foolproof in this modern days – it’s only secure as much as possible. Even with end to end security if your device is exploited it can easily compromise an app that uses end-to-end encryption, because it would go after the local store of messages and the locally stored private key. Both of those are out of scope of the end-to-end protocol. Interested in knowing more about end to end security. Watch this very good video from Martin Kleppmann.
If you need any help with encryption, or still have some concerns, please let us know in the comments below!