There's no question that WhatsApp, the popular messaging app that recently fetched $22 billion from Facebook, is a major player in the communication-technology sphere. So when the EFF released its Secure Messaging Scorecard, on which neither WhatsApp nor any other major messaging clients scored favorably, the company knew its reputation (and its users' safety) was at stake. In response to its low marks, a new WhatsApp update "added end-to-end encryption and enabled it by default in the latest version of its Android messaging application," writes Katherine Noyes for the E-Commerce Times. It may now be the most secure mainstream way to communicate with friends.
But what does that mean for you? Whether you're an app developer or a firm whose employees rely on messaging apps in their day-to-day lives, it means a lot more than you might think. Here's what you need to know.
The EFF's scorecard "examines dozens of messaging technologies and rates each of them on a range of security best practices." It seeks to show developers (and users) where apps are succeeding and where they can do better.
To determine specific scores, the EFF rates apps on the following seven criteria:
- Is your communication encrypted in transit?
- Is your communication encrypted with a key the provider doesn't have access to?
- Can you independently verify your correspondent's identity?
- Are past communications secure if your keys are stolen?
- Is the code open to independent review?
- Is the crypto design well documented?
- Has there been an independent security audit?
While still a work in progress, the scorecard is a great tool that developers can use to improve their own projects, and firms can use to choose the app best suited to their needs.
WhatsApp's response to the EFF scorecard is a great example of how developers can use their grades to benefit their projects. Behind the scenes, the WhatsApp update for Android incorporated partner Open Whisper Systems' TextSecure encryption protocol to provide end-to-end encryption — a boon to users worldwide. This means a vetted, open-source platform that received high marks on EFF's recent scorecard is now built into a much more popular and palatable messaging app, making Facebook's recent acquisition look like a relative bargain. By implementing some of the features clearly outlined in the EFF Scorecard, WhatsApp became a class leader in secure messaging.
And, according to Noyes, Open Whisper reports that users can expect more great features to come. "Encrypted messaging isn't yet available for group chat or media messages within WhatsApp's Android client, but those features are coming next . . . along with support for more client platforms. Key-verification options also will be forthcoming once protocol integrations are completed."
While WhatsApp has seamlessly rolled out encrypted messaging, other mainstream messaging apps have fallen way behind. Now WhatsApp can compete with ChatSecure and Cryptocat (and all those other apps that passed the scorecard but fail where cool names are concerned), while the Gchats and iMessages of the world are left wondering how they should proceed. After all, it's easy to slip important information into innocent texts, which opens the door to breaches and other malicious activity. If one of the most popular messaging platforms in the world can prevent that, the public will vote with their voices — and their app-store purchases — in dramatic fashion. End-to-end encryption is a huge step forward for protecting data. Plus, it proves that being safe can also be cool.
Whether your employees are using chat technology or you're the dev responsible for the next great messaging app, recognizing the scorecard's value will give you a leg up on the competition. It gives you the opportunity to pinpoint others' shortcomings and account for them yourself. With the help of a third-party security expert who can examine your code and help create fixes before software goes public, you'll create an app worthy of an A — and maybe even snag a big fat check.
Photo Source: Flickr