Le site [[https://www.securemessagingapps.com/|securemessagingapp]] recense et évalue de nombreuses applications de communication sécurisées pour smartphone.

^Comparison^Allo^iMessage^Messenger^Riot^Signal^Skype^Telegram^Threema^Viber^Whatsapp^Wickr^Wire|
|**TL;DR: Does the app secure my messages and attachments?** |No|No|No|No|Yes|No|No|Yes|No|No|No|Yes|
|**Company jurisdiction** |USA|USA|USA|UK|USA|USA|USA / UK / Belize|Switzerland|Luxembourg / Japan|USA|USA|Switzerland|
|**Infrastructure jurisdiction** |USA, Belgium, Finland, Ireland,the Netherlands, Chile, Taiwan,and Singapore|USA (Ireland and Denmark planned); iMessage runs on AWS and Google Cloud|USA, Sweden (Ireland planned)|UK (and potentially all jurisdictions, given it’s a decentralised messaging platform)|USA|USA, the Netherlands, Australia, Brazil, China, Ireland, Hong Kong, and Japan|UK, Singapore, USA, and Finland|Switzerland|USA|USA (unsure of other locations)|USA (unsure of other locations)|Germany / Ireland|
|**Implicated in giving customers’ data to intelligence agencies?** |Yes|Yes|Yes|No|No|Yes|No|No|No|Yes|No|No|
|**Surveillance capability built into the app?** |No|No|No|No|No|Yes|No|No|No|No|No|No|
|**Does the company provide a transparency report?** |Yes|Yes|Yes|No|Yes|Yes|No|Yes|No|Yes|Yes|Yes|
|**Company’s general stance on customers’ privacy** |Poor|Poor|Poor|Good|Good|Poor|Poor|Good|Poor|Poor|Good|Good|
|**Funding** |Google|Apple|Facebook|New Vector Limited|Freedom of the Press Foundation, the Knight Foundation, the Shuttleworth Foundation, and the Open Technology Fund, Signal Foundation (Brian Acton)|Microsoft|Pavel Durov|User pays|Rakuten, friends and family of Talmon Marco (it’s very unclear)|Facebook|Gilman Louie, Juniper Networks, the Knight Foundation, Breyer Capital, CME Group, and Wargaming|Janus Friis, Iconical, Zeta Holdings Luxembourg|
|**Company collects customers’ data?** |Yes|Yes|Yes|No|No|Yes|Yes|No|Yes|Yes|No|No|
|**App collects customers’ data?** |Yes|Yes|Yes|Minimal|Minimal|Yes|Yes|No|Yes|Yes|No|Minimal|
|**Is encryption turned on by default?** |No|Yes|No|No|Yes|Yes|No|Yes|Yes (if device supports it)|Yes (if device supports it)|Yes|Yes|
|**Cryptographic primitives** | |RSA-1280 (encryption), ECDSA 256 (signing) / AES 128 / SHA-1|Curve25519 / AES-256 / HMAC-SHA256|Curve25519 / AES-256 / HMAC-SHA256|Curve25519 / AES-256 / HMAC-SHA256|RSA-1536 & 2048 / AES 256 / SHA-1|RSA 2048 / AES 256 / SHA-256|Curve25519 256 / XSalsa20 256 / Poly1305-AES 128|Curve25519 256 / Salsa20 128 / HMAC-SHA256|Curve25519 / AES-256 / HMAC-SHA256|ECDH512 / AES-256 / HMAC-SHA256|Curve25519 / ChaCha20 / HMAC-SHA256|
|**Are the app and server completely open source?** |No|No|No|Yes|Yes|No|No (clients and API only)|No|No|No|No|Yes|
|**Can you sign up to the app anonymously?** |No|No|No|Yes|No|No|No|Yes|No|No|Yes|No|
|**Can you add a contact without needing to trust a directory server?** |No|No|No|No|No|No|No|Yes|Yes|No|No|No|
|**Can you manually verify contacts’ fingerprints?** |No|No|Yes|Yes|Yes|No|No (session only, does not provide users’ fingerprint information)|Yes|Yes|Yes|Yes|Yes|
|**Directory service could be modified to enable a MITM attack?** |Yes|Yes|Yes|Yes|Yes|Yes|Yes|Yes|Yes|Yes|Yes|Yes|
|**Do you get notified if a contact’s fingerprint changes?** |No|No| |Yes|Yes|No|No (session only, does not provide users’ fingerprint information)|Yes|Yes|No (setting turned off by default)|No|If contact was previously verified|
|**Is personal information (mobile number, contact list, etc.) hashed?** |No|No|No| |Mostly|No|No|Yes|No|No|Yes|Mostly|
|**Does the app generate & keep a private key on the device itself?** | |Yes|Yes|Yes|Yes| |Yes|Yes|Yes|Yes|Yes|Yes|
|**Can messages be read by the company?** |Yes|No|Yes|No|No|Yes|Yes|No|No|No|No|No|
|**Does the app enforce perfect forward secrecy?** | |No|Yes|Yes|Yes| |No (session keys do change after being used 100 times)|No|Yes|Yes|Yes|Yes|
|**Does the app encrypt metadata?** | |No|No| |Yes| |No|Yes| |No|Yes|Mostly|
|**Does the app use TLS/Noise to encrypt network traffic?** |Yes|Yes|Yes|Yes|Yes|Yes|No|Yes|Yes|Yes|Yes|Yes|
|**Does the app use certificate pinning?** | |Yes (>=iOS 9.3)| | |Yes| | |Yes| | | |Yes|
|**Does the app encrypt data on the device? (iOS and Android only)** | |Yes (if passphrase enabled)| | |Yes (if passphrase enabled)| | |iOS: Yes (if passphrase enabled); Android: Yes (if master key set in the app)| | |iOS: Yes (if passphrase enabled); Android: Yes (unsure of function)|Yes|
|**Does the app allow a secondary factor of authentication?** |No|No|No|No|No|No|Yes|Yes|No|Yes|Yes (password for account used)|Yes|
|**Are messages encrypted when backed up to the cloud?** | |No| | |N/A, Signal is excluded from iCloud/iTunes & Android backups| | |Yes| |iOS: Yes \\ Android: No| |N/A, Wire is excluded from iCloud/iTunes & Android backups|
|**Does the company log timestamps/IP addresses?** |Yes|Yes|Yes| |No|Yes|Yes|No|Yes|Yes|No|Some|
|**Have there been a recent code audit and an independent security analysis?** |No|No|No|No|Yes (October, 2014)|No|Yes (November, 2015)|Yes (November, 2015)|No|No|Yes (August, 2014)|Yes (March, 2018)|
|**Is the design well documented?** |No|Somewhat|Somewhat|Somewhat|Somewhat|No|Somewhat|Somewhat|Somewhat|Somewhat|Somewhat|Somewhat|
|**Does the app have self-destructing messages?** |Yes|No|Yes|No|Yes|No|Yes|No|No|No|Yes|Yes|