Skip to main content

EFF: Apple’s iMessage most secure “mass-market” messaging, lacks complete protection from targeted surveillance

The Electronic Frontier Foundation (EFF) today released a report examining three dozen messaging services and ranking them based on what it deemed are seven “security best practices.” While Apple scored the best among what the EFF called “mass-market options”, it didn’t do as well when compared to all 36 messaging services included in the report. Specifically, EFF noted Apple’s iMessage and FaceTime services failed to offer “complete protection against sophisticated, targeted forms of surveillance.”

Apple’s iMessage and FaceTime products stood out as the best of the mass-market options, although neither currently provides complete protection against sophisticated, targeted forms of surveillance. Many options—including Google, Facebook, and Apple’s email products, Yahoo’s web and mobile chat, Secret, and WhatsApp—lack the end-to-end encryption that is necessary to protect against disclosure by the service provider. Several major messaging platforms, like QQ, Mxit, and the desktop version of Yahoo Messenger, have no encryption at all.

EFF used the following criteria in ranking the messaging services:

-Are messages encrypted in transit?
-Are communications encrypted so the provider can’t read it?
-Can you verify contacts’ identities?
-Are past communications secure if your keys are stolen?
-Is the code open to independent review?
-Is security design properly documented?
-Has the code been audited?

As highlighted in the graphic above, Apple’s iMessage and FaceTime services didn’t meet the criteria for making it possible to “verify a contacts’ identity,” as well as for not allowing independent reviews of its code. The top spots actually go to several services that met all of the criteria including ChatSecure, CryptoCat, Signal/Redphone, Silent Phone, Silent Text, and TextSecure, which were able to meet all of the EFF’s criteria for security practices.

You can check out the EFF’s full Secure Messaging Scoreboard report here.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. alanol - 10 years ago

    Bogus.

    • mpias3785 - 10 years ago

      Based on…? It looks like a fair assessment.

      • For a large portion of the people who post comments on this site it’s either A or B

        A) They are saying an Apple something is not 100% secure so it must be false (Apple fanboy point of view).

        B) They are saying an Apple something is more secure than others so it must be false (Apple hater point of view).

        Nether is able to fathom the idea that people might read this and find it useful or interesting.

      • mpias3785 - 10 years ago

        I know, but sometimes if you provoke an answer an interesting discussion nay result.

      • André Hedegaard Petersen - 10 years ago

        @mpias,
        You mean like trolling?

      • mpias3785 - 10 years ago

        No, sometimes a person will elaborate in an intelligent manner and a discussion ensues.

  2. Edison Wrzosek - 10 years ago

    Rock on  ;)

  3. Jim Phong - 10 years ago

    “Apple’s iMessage and FaceTime services didn’t meet the criteria for making it possible to “verify a contacts’ identity,” as well as for not allowing independent reviews of its code.” … SO WHAT? Really… this proves what exactly? Why the heck Apple should release their own source code to anyone for reviewing? To get its secrets stolen and sold to competitors?
    They couldn’t demonstrate that iMessage was not secure…their own table shows that it’s the most secure actually…

    • dude you need to check your sugar intake for today or something..

    • Wow you are my model for the response I gave to mpias3785.

      A) You didn’t read the source link, hence you don’t know that iMessage and Facetime didn’t get green across the board like some others (even if you exclude open source code review as I did).

      B) automatically assume this is somehow attacking Apple.

      C) “They are saying an Apple something is not 100% secure so it must be false”.

      You seriously need to take a step back and look at this data for what it is worth, not just automatically assume it’s an attack and jump off the handle or check your sugar intake as Martin suggested.

    • Mosha - 10 years ago

      It’s O.K to be sceptical

    • Christoph Lindemann - 10 years ago

      if you want to comment on “their own table” you should probably first look at it … and not only look at the screenshot on top of the article. turns out there are services that meet all of their requirements.

      i think its strange to say that you cant verify the contacts identity in facetime … you are either talking to them or see a video of them … i guess that should be enough to verify ;-)

  4. jacosta45 - 10 years ago

    This report was released yesterday… Just saying.

Author

Avatar for Jordan Kahn Jordan Kahn

Jordan writes about all things Apple as Senior Editor of 9to5Mac, & contributes to 9to5Google, 9to5Toys, & Electrek.co. He also co-authors 9to5Mac’s Logic Pros series.


Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications