When you chat with someone through a third-party messaging app, be aware that someone may read it—someone other than your intended recipient. Much like a package left unattended on your doorstep, the risk of someone getting ahold of personal items or information is at an all time high. Online privacy is a premium, which is why mobile chat apps that proclaim to keep conversations completely secure are so popular—despite some recent hiccups.
In late April, security researchers discovered that the popular mobile messaging app, Viber, sent video and images without encrypting them (the equivalent of scrambling the message so only the intended receiver can descramble and thus read) first. To make matters worse, the app also stored the messages online on a publicly available server, making it possible for private photos and messages to be accessed by anyone with enough determination and knowhow. The company has now solved the issue, but the potential damage done is still hard to determine.
But Viber isn’t alone.
Snapchat, the popular messaging platform that promises to erase each message after it is viewed, recently settled with the Federal Trade Commission regarding a similar infraction. The reason: its messages didn’t actually disappear as often as promised.
Then there’s WhatsApp, the messaging platform recently acquired by Facebook for $16 billion. In December, I wrote about the security bug that allowed its chat histories to be stored in other apps on an Android phone—an easily exploitable security hole for hackers.
All of these bugs, loopholes and lapses in security highlight the reality that mobile messaging apps aren’t as secure as you think they are. Additionally, whether something is supposedly anonymous or ephemeral, what you send is on the Internet forever in some form or another. In reality, once you hit the “post” or “send” button—and in some cases, even before—any message, photo, video, chat log, comment or email is never truly erased on the Web.
While all of these vulnerabilities are fixable and often fixed as soon as they are discovered, the burden of protecting private messages still falls on the user. Because most of these mobile chat apps store messages on servers before relaying them to your intended recipient, it leaves them vulnerable to clever criminals or security loopholes. Anyone with the right hacking knowledge, or warrant, can access those private messages later without your or the company’s knowledge. And then it’s out there, forever.
So with this in mind, what can you do to protect yourself and your personal information when using mobile chat apps like Viber? Here are a few things to keep in mind:
- Avoid surfing the Web or sending private information via public Wi-Fi. Public Wi-Fi is an invaluable tool to some, but can pose more security problems than it is actually worth. Since public networks tend to be used by a lot of people, they’re prime targets for hackers. Hackers can easily sniff data like photos, messages, passwords, usernames, and banking information that’s sent from laptops, tablets or smartphones.
- Avoid sending sensitive information on chat apps or via text message. Social Security numbers, bank accounts, and racy photos—these types of information need to stay off of your gadgets and messaging apps. McAfee’s 2014 Love, Relationships and Technology study found that 50% of people used their mobile devices to share and receive intimate content. Phones can be lost or stolen, and the nosy among us can simply peer over a shoulder to see what’s on a phone’s screen. Before sending something personal or potentially embarrassing, ask yourself if you would be comfortable having it posted publicly online.
- Protect your phone with security software. Hackers can, theoretically, read your messages remotely. But if you don’t secure your phone with a password, anyone who gets their hands on your device can accomplish the same much faster. That’s why it’s important to lock your device down with a password or PIN code. McAfee® Mobile Security, free for both Android and iOS, provides backup and recovery for contacts on both versions. Additionally, Android users can secretly take a photo of whoever is in possession of your phone and also remotely wipe your data.