How Secure Are Your Messages


May 13, 2013
Researchers at Brigham Young University have learned that most users of popular messaging apps Facebook Messenger, What’sApp and Viber are leaving themselves exposed to fraud or other hacking because they don’t know about or aren’t using important security options. Even though What’sApp and Viber encrypt messages by default, all three messaging apps also require what’s called an authentication ceremony to ensure true security. And without that ceremony "it is possible that a malicious third party or man-in-the middle attacker can eavesdrop on their conversations."

In a two-phase experiment, users were instructed to share a credit card number with another participant. Only 14 percent of users successfully managed to authenticate their recipient. In the second phase, they were asked to do the same, but this time researchers emphasized the importance of authentication ceremonies. With that prompting, 79 percent of users were able to successfully authenticate the other party. Despite the increase, participants averaged 11 minutes to authenticate their partners.

I don't personally use any of these apps so I can't directly comment on the authentication process. It is nice that these apps do provide such a ceremony to make sure the messages stay secure, but having them buried on average 11 minutes away is ridiculous.

Because most people don’t experience significant security problems, both professors agreed, it’s hard to make a case for them investing the time and effort to understand and use security features that applications offer. But because there’s always a risk in online communications, Seamons added, "we want to make it much easier to do and cut that time way down."
Just disabled GPS on my phone again. Been getting survey ads and prefer to not be tracked. Privacy doesn't seem to be a concern any more. Minimal banking on the phone, deposit only, and no credit cards. threw my phone in my pocket without shutting screen off once and I found it trying to order a phone case off of Amazon..
Stupid people can't use things properly, not shocking. I only use Signal myself.
Facebook app will mine your info. I've seen it. It's creepy. I don't trust Facebook at all. I add a layer of dis-information to my profile for this very reason.
Perhaps its got something to do with the users not knowing if its a secure connection? I've given WhatsApp a test for a while with one friend and its a great app (before Fecesbook bought it, so no doubt its security mantra will now be a data harvesting mantra). But i see no UI cues that there is a secure session going on.. so how do users know "to authenticate their recipient." ?