Most smartphone users don’t realize how much private data gets into the hands of app developers. Most of the instant messengers used in Poland make money from trading metadata.
This activity is neither a taboo subject nor a secretly hidden truth. Apple’s app store has recently required app developers to publish information about the data collected by the software.
Facebook Messenger itself tells you that it records your purchase history, financial information, location, contact addresses, photos and videos, search history, device diagnostics, and more – and it knows what and who you’re talking about. Other apps don’t have access to the content of your messages, but they do have information about what time and where you contacted someone and how long the conversation lasted, among other things
This kind of data about other data is what metadata is. And although it sounds a bit strange, it is packets of this type that are very valuable currency on the Web. Metadata is structured information that describes a data resource, so for example the aforementioned time and place where a message was sent, but not the content itself. The four most popular messengers on the market differ dramatically in the amount of information they pass on to the operator about the user.
Messenger introduces better and better security, but it works a little like putting more padlocks in the entrance to the bank, leaving the back door still open – this application does not even have full end-to-end encryption. WhatsApp is based on the Signal protocol, but it’s owned by Facebook after all – while it can’t access the content of messages, it collects all possible metadata about the conversation.
Telegram, on the other hand, is an app by a Russian who fled his country and settled in the U.S., although there would be nothing suspicious about that yet. This software relies on its own cryptography, its source code is not completely open. Experts also criticize it for a hole in its security model.
Signal, mentioned earlier, is an application considered to be the most secure. It has an open source code, which allows anyone to analyze how the software works and find possible “holes” in it. There is an entire community that works on the security of the application and ensures that the servers collect only the minimum amount of data needed to provide services.
The authors of the application do not have access to any contacts or metadata – no record of calls or message exchanges between users is created. Signal supports encrypted audio and video calls for up to eight people, uses verified standards of cryptographic algorithms, and has so-called “disappearing messages” that can delete themselves a few minutes after being read.
Even when using the most secure instant messenger, there is never a guarantee that our data will remain private. Software that is generally considered secure may not have encryption, for example – Telegram is a perfect example. Some apps create security copies that are sent to the cloud – this is a convenient way to restore data if your phone is lost or wiped, but in extreme cases it can be used by professionals to get to older messages
Also keep in mind the easiest way to lose data security – a screenshot of the call taken by the caller. It doesn’t matter that an encrypted message will pass safely through the Web, if at the very end another user can take a screenshot of the conversation. Hacking a phone and accessing the content displayed on its screen works the same way.
Protecting yourself from such a sophisticated attack can be extremely difficult, and today almost impossible – the good news is that unless you are a VIP, the likelihood of such an offensive from hackers is extremely low.
