The Secure Messaging App Of The Future

The Secure Messaging App Of The Future

Andrew D. Anderson
on Apr 21, 2020

Something very interesting is happening on a global scale for the once taken-for-granted "text app". Most obviously, of course, is the fact that a secure messaging app isn't just about basic text anymore - what sort of data they're expected to handle has rapidly evolved. The modern text app is expected to handle everything from video calls, to money transfers, to location information, to sending various media. Fortunately, how those apps (and the infrastructure and organizations behind them) handle the increasingly vast troves of personal information being exchanged is changing with the times, too.

Ever more people are coming to understand that they should expect private communications to be, well, private by default - not open to eavesdroppers, hackers, or for sale to the highest bidder on virtual auction blocks. This represents a dramatic shift in user expectations from just a few years ago, and it has far reaching effects for individuals, organizations, and societies broadly.

The increased demand for privacy (read: increased demand for less abuse of data) has resulted in more mind-share and innovation on the text app supply side. The result is that the encrypted messaging app space is becoming beautifully diverse, technologically advanced, and more user-friendly. It seems clear today that privacy by default is the future, and that's a welcomed move in the right direction.

If there's a downside to all of the positive technological progress - it's that it can be overwhelming. Choosing a secure messaging app is getting more complicated on account of the increasing number of excellent choices. Comparing some of the most well-known encrypted messaging app offerings to one of the newest serious contenders stands to shed some light on what the future of the secure messaging app space may look like...

The comparison might also help you find a new favorite secure messaging app, so let's get to it.

Telegram and Signal both link accounts to phone numbers. This choice is a seemingly odd one for privacy conscious secure messaging apps, and it has quite a few unfortunate practical implications.

The most obvious is that you must have a phone number to use either app. If you simply wanted to use an old tablet for some encrypted messaging, you'd first need to register on your mobile phone. There's no way to circumvent the requisite text message or phone call verification that's part of registration.

The next implication is that, with Signal, you must be willing to share your phone number with anyone you'd like to chat with - even for one-off chats or online acquaintances. Needless to say, the lack of separation between private mobile phone numbers and encrypted messaging app identities can lead to hesitation when considering whether or not to hand out contact details.

Telegram allows registered users to choose a username which they can use instead of their phone numbers, and this seems like a logical solution. It doesn't, however, de-register the phone number in favor of a username and password. To clarify: the username is in addition to, not instead of a phone number. The recoverability of the account is still dependent on the users phone number.

The up and coming Status secure messaging app takes a different approach. New identities are randomly generated for users on their devices. Users can be identified by their "chat keys" (umpteen digit hex strings). Luckily, for a more personalized chat moniker, Status provides a few options. Users can either 'rent' personalized identifiers using Status' native crypto currency token, SNT, or they can use their existing Ethereum Name Service names. (This may seem similar to the Telegram username solution on its face, but the crypto currency aspect involved guarantees the user controls the name - not a third party.) For users not yet acquainted with the crypto currency world, there are also handy qr codes and convenient copy to clipboard buttons.

secure messaging app

Status identities are completely portable between devices without using phone numbers or user names. Instead, a "recovery seed" is generated that allows the user to restore their account on any device where Status will run.

Trading the convenient, but privacy infringing, phone number identity model for something new may seem daunting at first, but it stands to fix a long standing problem that other secure messaging apps have ignored for far too long.

The Telegram user interface is probably the most well known, having ~100 million downloads on the Android platform alone. It's interface is clutter-free and presents only four interface elements on start: a message list, a hamburger menu, a new message button, and a search icon. A dark theme is well implemented and multiple accounts can be incorporated into a single app instance. If there's an annoyance, it would have to be that most of the app's options are, inconveniently, accessible only at the top-left of the screen.

Signal takes a similar approach to Telegram with a sparse user interface where messages dominate. A dark theme is available, though not as handily accessible. Signal adds easier access to a camera on the main screen and replaces the hamburger menu with a settings menu in the top right. Unlike Telegram, Signal does not allow for more than one account to be used in an instance of the app.

Both of these apps are purpose built for pretty standard conceptions of messaging - and that shines through in their designs. Overall, both feel reasonably polished, albeit fairly utilitarian.

Status has more going on and that's apparent from the moment the app is first opened. The navigation layout is more modern - essentials are within thumbs reach at the bottom of the screen. The opening screen still places messaging front and center with the conversation list, but other functionality is on offer. (Switching to a dark theme, sadly, is not among the current offerings - but will be in the next release.)

There is a web 3.0 browser, an ethereum wallet, and a profile tab - all devoted to enhancing the messaging experience. Status' vision for the future of messaging clearly spills over into the rest of the rapidly evolving internet. They're preparing to meet users wherever they are online - browsing websites on web2 or web3, sending or receiving payments, and participating in public or private chats.

secure messaging app

Telegram and Signal both have functional desktop clients, while the Status desktop client has been paused in favor of building out the mobile client. At this point, the Telegram and Signal desktop clients are fairly basic, and Status' is particularly so and may not even be usable at this moment.

Telegram is the only offering with a functional web client, which sounds like it could come in handy when installing software isn't an option - but the required phone verification ensures your phone must be nearby before you can use the web version... seemingly undermining the appeal in some scenarios.

Every one of these secure messaging apps lets users communicate privately with another party using the same app. Telegram and Status have open protocols, meaning anyone can build inter-operable clients.

Text messages can include stickers and emojis in all of these apps. User-supplied pictures, however, are, lamentably, only available in Telegram and Signal. For many, that's an instant deal breaker for Status, and hopefully it's remedied in short order.

Self destructing / disappearing messages are available on Telegram and Signal. Status hasn't implemented a similar feature, but it has been openly discussed in their community forums.

Telegram and Signal both offer real-time audio calls, but only Signal offers video calling as well. Status presently lacks both options.

Telegram and Status both have public channels (read: chat rooms), whereas Signal does not offer any analogous functionality. Status, in particular, takes the idea of the internet as a sort of public forum to a new and interesting logical conclusion - while browsing the internet, a public channel is available for every single domain at the mere press of a button. Small features like those must stem from the much broader view of messaging the Status team holds.

Status and Telegram both orchestrate the transfer of value - that is to say, they let people pay each other. However Telegram uses traditional payment networks to connect users to businesses. Specifically, to businesses that build payment accepting bots on the Telegram network. Status takes a more peer to peer approach. Every user is given an Ethereum address and payments are not routed to third party payment processors.

Oh, and speaking of bots, they're quite popular on Telegram where they are officially supported. Signal doesn't officially support bots, but there are some third party efforts to do so. The Status Github repos have plenty of code about bots, but the platform is still very new and there aren't many bots to talk to presently.

All in all, the features Status is missing in its initial version can ultimately be attributed to development time trade-offs and a focus  on shipping polished fundamentals before adding additional features. That doesn't make them necessarily palatable feature omissions, but it more than likely makes them temporary ones.

Signal, Telegram, and almost every other consumer-facing text app supports notifications when a user receives a message. These ubiquitous notifications often come at the cost of privacy - relying on centralized servers with uninspectable code. Status isn’t willing to make that tradeoff for their users (though they may make such conveniences opt-in at some point). As it stands, their privacy preserving message delivery mechanisms are pretty bad for battery life, so they only run when the app is open and in use. More battery-friendly background mechanisms are in the works. Until then a positive side-effect is that the lack of push notifications lends itself well to a more healthy async communication pattern, but, admittedly, oftentimes that's not necessarily desirable.

For many people, a secure messaging app is naturally synonymous with an encrypted messaging app. Telegram is something of an anomaly in that respect, because, despite its popularity and reputation, messages aren't end to end encrypted by default. It has a "secret chat" option which must be manually selected on a per chat basis. Having to remember to start conversations with non-default options is far from ideal. Secure messaging app defaults should be privacy preserving - as they are in Status and Signal.

What's more, is that Telegram's encryption was developed "in house" by the Telegram team. This is something that's often considered bad practice in cryptography circles. To top it off, although their clients are open-source, their server implementations are not -- which means they cannot be openly audited.

Signal's encryption was developed publicly by professional cryptographers and has garnered much admiration. It's been so successful, in fact, that it's been adopted by many high profile messaging clients in the space. Its client and server implementations are completely open source.

Status has done well to integrate the same encryption algorithms as Signal under the hood - albeit with some "adaptations" to suit their decentralized infrastructure. Their client, protocol, and peer-to-peer back end code is all open source. What's more: Status is developed by an entirely open organization, so following along with design decisions and development goals is a genuine possibility.

The biggest differences between Telegram, Signal, and Status aren't apparent in their user interfaces, or in their identity schemes, or even in the number of client apps they offer or methods of communication they support. Rather, it's in their diverging visions of what messaging will entail in the future and how the infrastructure for that future should be organized.

Signal and Telegram have a far more traditional view of what messaging is - and a far more traditional, centralized infrastructure. Although they are willing to release their code, they maintain control of the servers that allow their messaging networks to function.

While certainly the norm, this makes the messaging networks dependent on the organizations that run those servers (and any organization that can influence those organizations). That's fine when messaging means "sending cat pictures" it's more precarious if messaging means "receiving salary from an international employer".

Status aims to decentralize their messaging network. In so doing, they are liberating their network from organizational dependencies. Their vision is that of an encrypted messaging app that can't be shut down, because of its peer to peer architecture. This stems from a vision where messaging itself is too central to our lives to be interfered with.

If the feature set gets even half as ambitious as the vision, people will come to consider Status an obvious  technological step forward that fixes many problems with the text apps of old and the secure messaging apps of today.

Today, however, on account of some pretty significant missing features, Status isn't quite ready to be your daily driver - but it's still absolutely worth downloading and playing with. Just keep in mind that Status isn't cutting corners now to deliver a product for today, it's being built from the ground up to be ready for the future of messaging. With the proper perspective, it becomes clear that Status is absolutely worth embracing - and will ultimately push the entire space in the right direction.

Status is available for iOS and Android here

Andrew D. Anderson
Share article on: