The U.S. government is advocating for the use of end-to-end encrypted messaging by all citizens.

• A recent revelation by the federal government disclosed a significant cyberattack known as Salt Typhoon, which targeted the nation's largest telecommunications companies, including AT&T and Verizon, and was allegedly carried out by China.
• The FBI, CISA, and the National Security Agency published a joint guide to protect Americans from cyberattacks, which mostly targeted high-value individuals like government officials.
• End-to-end encryption is a method that makes communications more secure.

Before sending your next text message, consider using an end-to-end encryption method to ensure your message is secure.

The U.S. government is expressing greater concern about the level of protection provided by different types of messaging technology from major technology companies such as Apple, Google, and including iMessage, Google Messages, WhatsApp, and SMS, after a recent massive hack of the nation's largest telecom companies.

The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation recently exposed a campaign by hackers linked to China, known as Salt Typhoon, that compromised multiple U.S. infrastructure targets, including Westinghouse Electric, and was one of the largest hacks in U.S. history. In response to this warning, CISA, the National Security Agency, the FBI, and international partners released a joint guide to safeguard Americans. One recommendation is to use end-to-end encryption, which enhances the security of communications.

End-to-end encryption ensures that only the intended recipients can read your messages as they travel between your phone and another person's phone. Secure messaging apps use this encryption to protect communications from hackers, surveillance, and unauthorized access, so even messaging app providers can't read your messages.

If you have the chance to use an end-to-end encrypted platform, you should do so, advised Michael Hughes, chief business officer of Duality Technologies, a company that enables organizations to securely share and analyze sensitive data through encryption.

Few people are aware of the various secure messaging app communication options. Here's a brief overview.

WhatsApp, Signal among best end-to-end options

While consumers frequently use different messaging apps for diverse reasons without considering security, it is crucial to recognize the significant differences among these platforms.

According to Trevor Horwitz, founder of TrustNet, free messaging apps like WhatsApp and Signal, which have end-to-end encryption built-in, are considered the best from a security perspective. These apps are highly preferable to SMS and MMS, which do not offer end-to-end encryption.

While Signal is highly regarded for its end-to-end encryption and commitment to privacy, its limited user base can make it difficult to communicate with contacts who are not on the platform, according to Roger Grimes, an analyst at KnowBe4.

Paid messaging apps, such as Threema, offer end-to-end encryption and privacy by design, but they require payment and may be difficult to convince friends and family to join when free alternatives are available.

Grimes stated that most people will use encryption if it is the default and they do not experience any inconvenience.

RCS and iMessage

RCS, or Rich Communication Services, is a messaging platform that has replaced SMS and MMS. It offers additional features and end-to-end encryption, although not by default on all devices. For instance, Google Messages automatically upgrades RCS messages to end-to-end encryption, but Apple's implementation of RCS on iPhones does not have this feature.

Apple's iMessage app is end-to-end encrypted for all users, but RCS messages sent through other text plans, such as a mobile carrier option, are not encrypted. According to Apple, messages sent through non-iMessage RCS options are not protected from third-party reading while they are being transmitted between devices.

Rewritten: Not all devices are compatible with RCS, and it's not universally supported by carriers. There are also compatibility issues between some iPhone and Android devices that are still being worked out, Horwitz said.

Facebook Messenger gaps in encryption

While technology companies offer multiple messaging products, not all of them support end-to-end encryption in the same way. For instance, Facebook Messenger offers end-to-end encrypted messages, but not in all cases. According to Facebook, some products, such as community chats for Facebook groups, chats with businesses or accounts using business messaging tools, Marketplace chats, and others, do not currently support end-to-end encryption.

To comprehend how end-to-end encryption works for a specific app, consumers should delve deeper into the apps they use, according to Deirdre Connolly, cryptography standardization research engineer at SandboxAQ. This information is typically found in the support or privacy section of a provider's website, but it can be challenging to locate and interpret. "You need to read the fine print," Connolly advised.

Google vs. Apple

Google Messages is the default messaging app on many Android devices and is widely used for communication. However, it's important to note that not all messages sent or received through the app are end-to-end encrypted. While the app supports end-to-end encryption when messaging other users using RCS, messages are not encrypted when communicating with an iPhone user. Text messages appear dark blue in the RCS state and light blue in the SMS/MMS state. Additionally, users will see a lock symbol when end-to-end encryption is active in a conversation.

While iMessage communications between two Apple users are end-to-end encrypted, this feature is exclusive to Apple's platform. As a result, messages exchanged between iMessage users and Android devices are not currently encrypted in the same manner. When a message is sent using MMS/SMS, it is indicated by a green bubble instead of the blue one typically associated with iMessage.

The Department of Justice's antitrust case against Apple centers on the lack of end-to-end encryption outside of its iOS messaging app as a potential monopoly issue.

GSMA, an industry organization leading the effort to develop protocols for end-to-end encryption between different communication platforms using RCS, reported that work with key stakeholders is progressing well and they anticipate updating the market in the near future.

Phone settings and ongoing risk of hacks

It is crucial for individuals to verify their phone settings, particularly for those with older devices or those who have not enabled auto updates. This ensures that they receive critical security updates, including those related to end-to-end encryption for messaging apps. Additionally, when transferring apps to a new phone, settings may not migrate properly. Therefore, it is important to check and enable end-to-end encryption settings on the new phone as well.

While end-to-end encryption is a strong security measure, hackers can still intercept users' communications if the device is compromised. To maintain security, it's crucial to keep devices healthy by installing software updates, avoiding questionable downloads, and performing regular reboots.

Using end-to-end encryption is a good practice, especially when the masses continue to use unencrypted communication methods, which bad actors will exploit until users evolve their digital behaviors, as stated by Kory Daniels, global CISO for Trustwave.