On this page I try to shed some light on the jungle of mobile messaging apps out there. I have also written blog articles about this:
And also some talks:
I focus solely on applications with automatic contact discovery here, because I want to stay close to the SMS or WhatsApp analogy. While there are valid reasons for choosing messengers with custom identifiers like XMPP (I use and recommend Conversations on Android), the barrier to reaching a large audience is much higher. For more background please see the above links.
I try to keep this page up-to-date, but if you see that something is outdated or incorrect, please contact me!
|E2EE||E2EE default||E2EE group chats||Forward secrecy||Free Software||3rd Party audit|
|Threema||Yes||Yes||Yes||Not on E2EE||No||Yes|
This table gives an overview over how much trust you can put into the application regarding the confidentiality of your messages. You definitely want End-to-End-Encryption (E2EE) to be sure that intercepted messages cannot be read and you also want a Free Software client so that chances are lower they are intercepted before being sent / after being received. Third party audits increase the level of trust, but only if the app is also Free Software. Forward secrecy protects you in the long-term.
Currently Telegram and Kontalk are trustworthy, although both have drawbacks. Once Signal and Wire are completely Free, they are the best choices.
Metadata and Availability
|Free Software server||Federated system||Notify method||Proxy/TOR support(client)||Alternative Identifiers|
|Threema||No||No||Poll optional||No?||Custom; E-Mail|
This table indicates whether you are forced to entrust a single party with your metadata, whether this party shares metadata with Google/Apple and how resilient the system is to failure and/or censorship.
Clearly Kontalk has some benefits here, although it’s federation still has limitations, e.g. encryption doesn’t work with clients outside the official server. Wire and Threema also offer different than phone IDs.
|Desktop/Web-Client||Multi-Device support||Voice Message||Audio-Calls||Video-Calls|
|Telegram||Yes||Not for E2EE||Yes||No||No|
This table shows some features that are not immediately related to security, but might be important to many users.