NEW DELHI: With the shocking revelation that WhatsApp of many Indian journalists and activists was compromised, social media is now abuzz with users mulling a migration to other messaging platforms such as Signal and Telegram.
Like WhatsApp, which has over 400 million users in India, Signal and Telegram too offer end-to-end encryption.
But soon after the news broke that a bug in WhatsApp’s audio call feature allowed hackers to install spyware onto Android and iOS phones just by calling the target, Pavel Durov, the Russian founder of Telegram, said that WhatsApp will continue to be open to surveillance despite the end-to-end encryption feature.
Signal, on the other hand, has garnered support from many influential privacy advocates. Chief among them is Edward Snowden, the most famous whistleblower in the world.
In fact, the encryption protocol developed by Signal is even utilised by WhatsApp and Facebook Messenger.
Co-founded by American entrepreneur Moxie Marlinspike, Signal is an open source project supported by grants and donations. Until last year, the project had an average of 2.3 full-time software developers.
But in February 2018, Signal got the backing from Brian Acton, the co-founder of WhatsApp who left WhatsApp and Facebook in 2017. Acton pumped in $50 million in funding into the project to create the Signal Messenger non-profit organisation.
Launched about four years ago, the messaging service allows both Android and iOS users to send text, document, and picture messages, as well as make voice and video calls. It is also available on desktop.
“For users looking to use alternate apps, @signalapp is one of the safest options. It is completely open source (WhatsApp uses the encryption technology developed by Signal). It doesn’t store metadata. Recommended by @Snowden Backed by @brianacton (WA co-founder),” Software Freedom Law Centre (SFLC.in), a Delhi-based not-for-profit legal services body, said in tweet in the wake of the WhatsApp spyware controversy.
However, according to Prabhu Ram, Head, Industry Intelligence Group (IIG) at market research firm CMR, no messaging app can provide 100 per cent protection.
“Any app that talks over the Internet would be prone to potential vulnerabilities. The recent episode involving WhatsApp has exposed its limitations around its end-to-end encryption. From consumer perspective, there is very little they can do as no messaging app is bulletproof. The onus remains on developers to constantly update and secure apps from vulnerabilities,” he said.
“In the interim, apps such as Signal and Telegram benefit from migration of concerned consumers moving away from WhatsApp,” Ram added.
The spyware on WhatsApp was reportedly developed by the Israeli cyber intelligence company NSO Group. WhatApp said that it quickly “resolved” the security issue in May and and notified relevant Indian and international government authorities.
Launching a scathing attack on the Facebook-owned messaging app after the vulnerability became public, Telegram founder Durov said that everytime WhatsApp has to fix a critical vulnerability in their app, a new one seems to appear in its place.
“All of their security issues are conveniently suitable for surveillance, and look and work a lot like backdoors,” Durov wrote in a lengthy post.
“In almost six years of its existence, Telegram didn’t have any major data leak or security flaw of the kind WhatsApp demonstrates every few months,” said Durov.