Skip to content
Comparison
Messaging Apps from a Privacy Perspective
View App:
Allo
+12Messaging Apps
Name
Score
Company jurisdiction
Infrastructure jurisdiction
Divulged Data
Built-In Spyware
Transparency Report
General Stance
Funding
Company Collects Data
App Collects Data
Default Encryption?
Cryptographic primitives
Client Open Source?
Server Open Source?
Anonymous Signup
Anonymous Contact Adding (without Server)
Can you manually verify contact's fingerprints?
Directory service, could be modified to enable a MITM attack?
Do you get notified if a contact's fingerprint changes?
Is personal information (mobile number, contact list, etc.) hashed?
generate & keep a pkey on the device itself?
Can messages be read by the company?
Does the app enforce perfect forward secrecy?
Does the app encrypt metadata?
Does the app use TLS/Noise
Does the app use certificate pinning?
Does the app encrypt data on the device? (iOS and Android only)
Does the app allow a secondary factor of authentication?
Are messages encrypted when backed up to the cloud?
Does the company log timestamps/IP addresses?
Have there been a recent code audit and an independent security analysis?
Is the design well documented?
Does the app have self-destructing messages?
Name
Score
Company jurisdiction
Infrastructure jurisdiction
Divulged Data
Built-In Spyware
Transparency Report
General Stance
Funding
Company Collects Data
App Collects Data
Default Encryption?
Cryptographic primitives
Client Open Source?
Server Open Source?
Anonymous Signup
Anonymous Contact Adding (without Server)
Can you manually verify contact's fingerprints?
Directory service, could be modified to enable a MITM attack?
Do you get notified if a contact's fingerprint changes?
Is personal information (mobile number, contact list, etc.) hashed?
generate & keep a pkey on the device itself?
Can messages be read by the company?
Does the app enforce perfect forward secrecy?
Does the app encrypt metadata?
Does the app use TLS/Noise
Does the app use certificate pinning?
Does the app encrypt data on the device? (iOS and Android only)
Does the app allow a secondary factor of authentication?
Are messages encrypted when backed up to the cloud?
Does the company log timestamps/IP addresses?
Have there been a recent code audit and an independent security analysis?
Is the design well documented?
Does the app have self-destructing messages?
Allo
0
USA
USA
Belgium
Finland
Ireland
the Netherlands
Chile
Taiwan
Singapore
✖️ Yes
✔️ No
✔️ Yes
✖️ Poor
Google
✖️ Yes
✖️ Yes
✖️ No
✖️ No
✖️ No
✖️ No
✖️ No
✖️ No
✖️ Yes
✖️ No
✖️ No
✖️ Yes
❓ Unknown
❓ Unknown
✔️ Yes
❓ Unknown
❓ Unknown
✖️ No
❓ Unknown
✔️ Yes
✖️ No
✔️ Yes
iMessage
-7
USA
USA
Ireland
Denmark
Google Cloud
✖️ Yes
✔️ No
✔️ Yes
✖️ Poor
Apple
✖️ Yes
✖️ Yes
✔️ Yes
ECDSA 256
AES 128
SHA-1
RSA 1280
✖️ No
✖️ No
✖️ No
✖️ No
✖️ No
✖️ Yes
✖️ No
✖️ No
✔️ Yes
✔️ No
✖️ No
✖️ No
✔️ Yes
✔️ Yes
✔️ Yes
✖️ No
✖️ No
✔️ Yes
❓ Somewhat
✖️ No
Messenger
-10
USA
USA
Sweden
Ireland
✖️ Yes
✔️ No
✔️ Yes
✖️ Poor
Facebook
✖️ Yes
✖️ Yes
✖️ No
Curve25519
AES 256
HMAC-SHA256
✖️ No
✖️ No
✖️ No
✖️ No
✔️ Yes
✖️ Yes
✖️ No
✔️ Yes
✖️ Yes
✔️ Yes
✖️ No
✔️ Yes
❓ Unknown
❓ Unknown
✖️ No
❓ Unknown
✔️ Yes
❓ Somewhat
✔️ Yes
Riot/Matrix
12.5
UK
UK
✔️ No
✔️ No
✖️ No
✔️ Good
New Vector Limited
✔️ No
✔️ Minimal
✖️ No
Curve25519
AES 256
HMAC-SHA256
✔️ Yes
✔️ Yes
✔️ Yes
✖️ No
✔️ Yes
✖️ Yes
✔️ Yes
✔️ Yes
✔️ Yes
✔️ No
✔️ Yes
❓ Unknown
✔️ Yes
❓ Unknown
✔️ Yes
✖️ No
❓ Unknown
❓ Unknown
❓ Somewhat
✖️ No
Signal
7.550000000000001
USA
USA
✔️ No
✔️ No
✔️ Yes
✔️ Good
Freedom of the Press Foundation
the Knight Foundation
the Shuttleworth Foundation
Open Technology Fund
Signal Foundation (Brian Acton)
✔️ No
✔️ Minimal
✔️ Yes
Curve25519
AES 256
HMAC-SHA256
✔️ Yes
✔️ Yes
✖️ No
✖️ No
✔️ Yes
✖️ Yes
✔️ Yes
✔️ Mostly
✔️ Yes
✔️ No
✔️ Yes
✔️ Yes
✔️ Yes
✔️ Yes
✔️ Yes
✖️ No
✖️ No
✖️ No
9/30/2014
❓ Somewhat
✔️ Yes
Skype
-12.5
USA
USA
the Netherlands
Australia
Brazil
China
Ireland
Hong Kong
Japan
✖️ Yes
✖️ Yes
✔️ Yes
✖️ Poor
Microsoft
✖️ Yes
✖️ Yes
✔️ Yes
AES 256
SHA-1
RSA-1536
RSA 2048
✖️ No
✖️ No
✖️ No
✖️ No
✖️ No
✖️ Yes
✖️ No
✖️ No
✖️ Yes
❓ Unknown
❓ Unknown
✔️ Yes
❓ Unknown
❓ Unknown
✖️ No
❓ Unknown
✔️ Yes
✖️ No
✖️ No
Telegram
-12
USA
UK
Belize
UK
Singapore
USA
Finland
✔️ No
✔️ No
✖️ No
✖️ Poor
Pavel Durov
✖️ Yes
✖️ Yes
✖️ No
RSA 2048
AES 256
SHA-256
✔️ Yes
✖️ No
✖️ No
✖️ No
✖️ No
✖️ Yes
✖️ No
✖️ No
✔️ Yes
✖️ Yes
✖️ No
✖️ No
✖️ No
❓ Unknown
❓ Unknown
✔️ Yes
❓ Unknown
✔️ Yes
10/31/2015
❓ Somewhat
✔️ Yes
Threema
14
Switzerland
Switzerland
✔️ No
✔️ No
✔️ Yes
✔️ Good
Crowdfunding
✔️ No
✔️ No
✔️ Yes
Curve25519 256
XSalsa20 256
Poly1305-AES 128
✖️ No
✖️ No
✔️ Yes
✔️ Yes
✔️ Yes
✖️ Yes
✔️ Yes
✔️ Yes
✔️ Yes
✔️ No
✖️ No
✔️ Yes
✔️ Yes
✔️ Yes
✔️ Yes
✔️ Yes
✔️ Yes
✖️ No
10/31/2015
❓ Somewhat
✖️ No
Viber
1
Japan
Luxembourg
USA
✔️ No
✔️ No
✖️ No
✖️ Poor
Rakuten
friends and family of Talmon Marco
✖️ Yes
✖️ Yes
✔️ Yes
Curve25519 256
Salsa20 128
HMAC-SHA256
✖️ No
✖️ No
✖️ No
✔️ Yes
✔️ Yes
✖️ Yes
✔️ Yes
✖️ No
✔️ Yes
✔️ No
✔️ Yes
❓ Unknown
✔️ Yes
❓ Unknown
❓ Unknown
✖️ No
❓ Unknown
✔️ Yes
❓ Somewhat
✖️ No
Whatsapp
-9
USA
USA
✖️ Yes
✔️ No
✔️ Yes
✖️ Poor
Facebook
✖️ Yes
✖️ Yes
✔️ Yes
Curve25519
AES 256
HMAC-SHA256
✖️ No
✖️ No
✖️ No
✖️ No
✔️ Yes
✖️ Yes
✖️ No
✖️ No
✔️ Yes
✔️ No
✔️ Yes
✖️ No
✔️ Yes
❓ Unknown
❓ Unknown
✔️ Yes
✔️ Yes
✔️ Yes
❓ Somewhat
✖️ No
Wickr
5
USA
USA
✔️ No
✔️ No
✔️ Yes
✔️ Good
Gilman Louie
Juniper Networks
the Knight Foundation
Breyer Capital
CME Group
Wargaming
✔️ No
✔️ No
✔️ Yes
ECDH512
AES 256
HMAC-SHA256
✖️ No
✖️ No
✔️ Yes
✖️ No
✔️ Yes
✖️ Yes
✖️ No
✔️ Yes
✔️ Yes
✔️ No
✔️ Yes
✔️ Yes
✔️ Yes
❓ Unknown
✔️ Yes
✔️ Yes
❓ Unknown
✖️ No
7/31/2014
❓ Somewhat
✔️ Yes
Wire
15.600000000000001
Switzerland
Germany
Ireland
✔️ No
✔️ No
✔️ Yes
✔️ Good
Janus Friis
Iconical
Zeta Holdings Luxembourg
✔️ No
✔️ Minimal
✔️ Yes
Curve25519
ChaCha20
HMAC-SHA256
✔️ Yes
✔️ Yes
✖️ No
✖️ No
✔️ Yes
✖️ Yes
✔️ Yes
✔️ Mostly
✔️ Yes
✔️ No
✔️ Yes
✔️ Mostly
✔️ Yes
✔️ Yes
✔️ Yes
✔️ Yes
✖️ No
✔️ Yes
2/28/2018
❓ Somewhat
✔️ Yes
There are no rows in this table
Top 3:
@Wire
@Threema
@Riot/Matrix
Bottom 3:
@Skype
@Telegram
@Messenger
Some Notes:
@Signal
@Telegram
@Whatsapp
@Whatsapp
Funding
Funding
Score
Funding
Score
Google
-5
Apple
0
Facebook
-5
New Vector Limited
1
Freedom of the Press Foundation
1
the Knight Foundation
1
the Shuttleworth Foundation
1
Open Technology Fund
0
Signal Foundation (Brian Acton)
0
Microsoft
-1
Pavel Durov
0
Crowdfunding
1
Rakuten
0
friends and family of Talmon Marco
0
Gilman Louie
0
Juniper Networks
0
Breyer Capital
0
CME Group
0
Wargaming
0
Janus Friis
0
Iconical
0
Zeta Holdings Luxembourg
0
There are no rows in this table
General Stance
Stance
Score
Stance
Score
✖️ Poor
-1
✔️ Good
1
There are no rows in this table
Positive Answer Preferred
Answer
Score
Answer
Score
✖️ No
-1
✖️ Minimal
-0.5
❓ Somewhat
0
❓ Unknown
0
✔️ Mostly
0.05
✔️ Yes
1
There are no rows in this table
Negative Answer Preferred
Answer
Score
Answer
Score
✔️ No
1
✔️ Minimal
0.5
❓ Somewhat
0
❓ Unknown
0
✖️ Mostly
-0.5
✖️ Yes
-1
There are no rows in this table
Juridictions
Juridictions
Score
Juridictions
Score
USA
-2
Belgium
0
Finland
0
Ireland
1
the Netherlands
0
Chile
0
Taiwan
0
Singapore
0
AWS
-1
Google Cloud
-1
Denmark
0
Sweden
0
UK
0
Australia
0
Brazil
0
China
0
Hong Kong
-1
Japan
1
Germany
1
Belize
0
Switzerland
1
Luxembourg
1
There are no rows in this table
Encryption Algorithms
Algo
Score
Algo
Score
AES 128
1
AES 256
1
ChaCha20
1
Curve25519
1
Curve25519 256
1
ECDH512
1
ECDSA 256
1
HMAC-SHA256
1
Poly1305-AES 128
1
RSA 1280
1
RSA 2048
1
RSA-1536
1
Salsa20 128
1
SHA-1
1
SHA-256
1
XSalsa20 256
1
There are no rows in this table
Want to print your doc?
This is not the way.
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.