Text messaging is a comfortable and popular way to communicate. Even with well-developed voice and video calls via messengers, text messages remain the most popular way of communication among users. Often text messages contain personal or confidential information. Therefore, app developers use various tools to protect correspondence, including end-to-end encryption technology. In this article, you’ll learn what end-to-end encryption is and how it works, as well as which apps support end-to-end encryption technology.
What is end-to-end encryption and how it works?
End-to-end encryption is a secure communication technology that prevents third parties from accessing data while it is being sent or received. A message is encrypted on the sender’s device in an unreadable format before it is sent and decrypted only on the recipient’s device. Only the sender and receiver have access to the encryption and decryption keys. During data transmission over the Internet and temporary storage on servers, information remains in encrypted form. Therefore, it is not possible to read intercepted messages without decryption keys.
End-to-end encryption uses asymmetric cryptography. After registration in the messaging service system, each user is assigned two unique keys:
- Public key.
- Private key.
The public key is stored on the messaging service server and is available to all users registered in the system. The process of public key exchange occurs differently: after adding a user to the contact list in the application, or only before sending a message.
The private key is stored on the user’s devices and is available only to the owner. The messaging service and users registered in the system have no access to other users’ private keys.
The further process of messaging using end-to-end encryption is as follows:
- “User 1” types a text and sends a message to “User 2”.
- Before sending, the message is encrypted with the public key of “User 2” to an unreadable format.
- The encrypted message is sent to the service server along with the public keys of the sender and the recipient.
- The service sends the encrypted message to the recipient.
- “User 2” receives the encrypted message from the server.
- The “User 2” private key is used to decrypt the message from the unreadable format.
- “User 2” receives the message from “User 1”.
The answer of “User 2” to the message of “User 1” takes place in the same way, only in reverse order. The whole process of encryption and decryption of messages is performed automatically without the participation of users.
Who uses end-to-end encryption?
End-to-end encryption technology is used in various companies to prevent data leakage. End-to-end encryption is usually found in communication applications. Here is some list of applications that support end-to-end encryption technology:
Signal is a free open-source messenger application with Signal Protocol base encryption code. The app is being developed by the Signal Foundation, a non-profit organization, to develop end-to-end encryption technology.
Threema is a paid messenger for messaging and file sharing with persistent encryption. The app is developed by a private company with no third-party involvement.
WhatsApp is a popular free messenger. The app uses an end-to-end encryption protocol similar to messenger Signal. End-to-end encryption is automatically enabled when messages are exchanged. You can also enable end-to-end encryption for message backups.
Viber is a free messenger with automatic end-to-end encryption. Encryption is applied to all chats and calls. The company also claims on its official website that all correspondence and calls are automatically deleted from its servers.
Wire is a free messenger with encrypted messages and data. Encryption can be applied to files, voice calls, video calls, and group calls.
Telegram is a free messenger without automatic end-to-end data encryption. Data encryption is only available for secret chats.
Google Messages is a free SMS messaging app with a chat feature. With the chat function activated, the Google Messages app works as a messenger. Only in chat mode, the end-to-end encryption feature is available. Also, the feature is still in the testing phase and may only be available to testers of the application.
What are the disadvantages of end-to-end encryption?
The main disadvantages of end-to-end encryption are as follows:
The possibility of bypassing encryption. End-to-end encryption provides protection only at the stage of message transmission through the communication channel and intermediate servers. Therefore, encryption can easily be bypassed at the start or end point. If attackers gain access to the sender’s or receiver’s device, then all messages can be read before encryption and sending or after receiving and decryption.
There is no key management capability. Most services automatically assign encryption keys to the user after registration with the system. There is no way for the user to manage encryption keys or track the use of a private key. Any service claims that it does not own the user’s private keys. It is impossible to verify this claim and one has to rely only on the integrity of the service.
There is no way to verify that the encryption works. End-to-end encryption technology works automatically. The user in most cases has no tools to monitor how the encryption works. Unscrupulous services may claim to have end-to-end encryption, when in fact there is no encryption or the technology does not work correctly.
Workarounds. Often services intentionally leave hidden loopholes to circumvent security mechanisms. For example, to be able to secretly read messages, analyze content, or gather statistics. Cybercriminals often use such workarounds, which causes various user data, passwords, phone numbers, etc. to leak into the network. In addition, some services may not specify the type of data being encrypted, or such information may be difficult to find. As a result users don’t fully understand for which data end-to-end encryption is used. The majority of services use end-to-end encryption only for correspondence. So calls, photos and videos are transmitted unencrypted.
Additional security options
End-to-end encryption provides robust security for data transmission. However, there is no point in encrypting data if intruders have gained access to the user’s application or device. Therefore, it is important to use additional tools to ensure privacy:
Two-factor authentication. Most messengers allow you to activate additional protection within the app with a password. Even if an attacker is able to get into the app through fake phone number recovery, an additional password known only to the owner will be required to access the messages.
Self-deleting messages. The feature allows you to set a timer to automatically delete the message. After the set time expires, the application will be deleted. Therefore, it will not be possible to read the correspondence on the device of the sender or the recipient.
Automatic account deletion. The function of automatic account deletion is available in the Telegram messenger. If you do not log in to the account for a set period of time, then the account is deleted with the entire correspondence history.
Attachment password. Set a password to protect the contents of forwarded multimedia files. You can compress your files with the help of an archiver and set a password. If a message is intercepted, unauthorized persons will have to spend time on cracking the archive or decrypting the password.
This article describes in detail what end-to-end encryption is and how it works. End-to-end encryption technology is a reliable way to ensure confidentiality. However, end-to-end encryption is effective only at the transfer and storage stage of the data on the server. Encryption can easily be bypassed if intruders gain access to the sender’s or receiver’s device. Also, the service’s stated presence of end-to-end encryption doesn’t guarantee the availability of the technology or correct operation. So don’t rely solely on end-to-end encryption. You should also use other methods to ensure privacy and security. You should use two-factor authentication, the function of automatic deletion of messages and password blocking for transmitted files.
What do you think about end-to-end encryption technology? Share your opinion in the comments at the bottom of the article.
What is meant by end-to-end encrypted?
By end-to-end encryption we mean a method of protecting information during transmission over the Internet. Information is encrypted on the sending device and decrypted on the receiving device. Encryption keys are only available to the sender and the receiver. So even if the information is intercepted, without the encryption keys access is impossible.
Why do we need end-to-end encryption?
End-to-end encryption ensures data privacy and security in different areas: healthcare, communications, finance, etc. End-to-end encryption technology provides secure messaging through messengers and emails, authentication in banking applications and cloud services.
Can encrypted data be hacked?
Hacking encrypted data is theoretically possible. It requires a lot of time and great computing power. Breaking into encrypted data can take years or decades. That is why hacking encrypted data is not relevant. And very few people have enough power at their disposal.
Can police read end-to-end encryption?
Police can read encrypted data if they have the encryption keys. It is also possible to bypass the end-to-end encryption and access the data through application or system vulnerabilities.
What is the most secure end-to-end encryption?
The most secure end-to-end encryption where the sender and receiver have full control over the encryption keys.
Can someone see my WhatsApp messages from another phone?
Private messages are not available to other WhatsApp users.
How safe is WhatsApp end-to-end encryption?
WhatsApp doesn’t publish the source code of the app, so it’s impossible to examine the messenger’s security. That said, WhatsApp remains one of the most popular apps in the world. That’s why developers keep an eye on users’ security. Because systematic data leaks will affect the popularity rating and prestige of the company.
Can police access an encrypted phone?
The police can access an encrypted phone using encryption keys. It is also possible to bypass the encryption by exploiting vulnerabilities in the operating system.
What are the dangers of encryption?
Decryption requires encryption keys. If the encryption keys are lost, the encrypted data cannot be accessed.
How can I read encrypted messages?
Encrypted messages can be read using encryption keys. Encryption keys in messengers are available to both the sender and the recipient of a message.
Is Telegram safe for chatting?
Telegram is a safe application for chatting. For the best privacy, you can use the secret chat feature and auto-delete messages.