Share via Share via... Twitter LinkedIn Facebook Pinterest Telegram WhatsApp Reddit TeamsDerniers changementsSend via e-MailImprimerPermalien × Le site securemessagingapp recense et évalue de nombreuses applications de communication sécurisées pour smartphone. ComparisonAlloiMessageMessengerRiotSignalSkypeTelegramThreemaViberWhatsappWickrWire TL;DR: Does the app secure my messages and attachments? NoNoNoNoYesNoNoYesNoNoNoYes Company jurisdiction USAUSAUSAUKUSAUSAUSA / UK / BelizeSwitzerlandLuxembourg / JapanUSAUSASwitzerland Infrastructure jurisdiction USA, Belgium, Finland, Ireland,the Netherlands, Chile, Taiwan,and SingaporeUSA (Ireland and Denmark planned); iMessage runs on AWS and Google CloudUSA, Sweden (Ireland planned)UK (and potentially all jurisdictions, given it’s a decentralised messaging platform)USAUSA, the Netherlands, Australia, Brazil, China, Ireland, Hong Kong, and JapanUK, Singapore, USA, and FinlandSwitzerlandUSAUSA (unsure of other locations)USA (unsure of other locations)Germany / Ireland Implicated in giving customers’ data to intelligence agencies? YesYesYesNoNoYesNoNoNoYesNoNo Surveillance capability built into the app? NoNoNoNoNoYesNoNoNoNoNoNo Does the company provide a transparency report? YesYesYesNoYesYesNoYesNoYesYesYes Company’s general stance on customers’ privacy PoorPoorPoorGoodGoodPoorPoorGoodPoorPoorGoodGood Funding GoogleAppleFacebookNew Vector LimitedFreedom of the Press Foundation, the Knight Foundation, the Shuttleworth Foundation, and the Open Technology Fund, Signal Foundation (Brian Acton)MicrosoftPavel DurovUser paysRakuten, friends and family of Talmon Marco (it’s very unclear)FacebookGilman Louie, Juniper Networks, the Knight Foundation, Breyer Capital, CME Group, and WargamingJanus Friis, Iconical, Zeta Holdings Luxembourg Company collects customers’ data? YesYesYesNoNoYesYesNoYesYesNoNo App collects customers’ data? YesYesYesMinimalMinimalYesYesNoYesYesNoMinimal Is encryption turned on by default? NoYesNoNoYesYesNoYesYes (if device supports it)Yes (if device supports it)YesYes Cryptographic primitives RSA-1280 (encryption), ECDSA 256 (signing) / AES 128 / SHA-1Curve25519 / AES-256 / HMAC-SHA256Curve25519 / AES-256 / HMAC-SHA256Curve25519 / AES-256 / HMAC-SHA256RSA-1536 & 2048 / AES 256 / SHA-1RSA 2048 / AES 256 / SHA-256Curve25519 256 / XSalsa20 256 / Poly1305-AES 128Curve25519 256 / Salsa20 128 / HMAC-SHA256Curve25519 / AES-256 / HMAC-SHA256ECDH512 / AES-256 / HMAC-SHA256Curve25519 / ChaCha20 / HMAC-SHA256 Are the app and server completely open source? NoNoNoYesYesNoNo (clients and API only)NoNoNoNoYes Can you sign up to the app anonymously? NoNoNoYesNoNoNoYesNoNoYesNo Can you add a contact without needing to trust a directory server? NoNoNoNoNoNoNoYesYesNoNoNo Can you manually verify contacts’ fingerprints? NoNoYesYesYesNoNo (session only, does not provide users’ fingerprint information)YesYesYesYesYes Directory service could be modified to enable a MITM attack? YesYesYesYesYesYesYesYesYesYesYesYes Do you get notified if a contact’s fingerprint changes? NoNo YesYesNoNo (session only, does not provide users’ fingerprint information)YesYesNo (setting turned off by default)NoIf contact was previously verified Is personal information (mobile number, contact list, etc.) hashed? NoNoNo MostlyNoNoYesNoNoYesMostly Does the app generate & keep a private key on the device itself? YesYesYesYes YesYesYesYesYesYes Can messages be read by the company? YesNoYesNoNoYesYesNoNoNoNoNo Does the app enforce perfect forward secrecy? NoYesYesYes No (session keys do change after being used 100 times)NoYesYesYesYes Does the app encrypt metadata? NoNo Yes NoYes NoYesMostly Does the app use TLS/Noise to encrypt network traffic? YesYesYesYesYesYesNoYesYesYesYesYes Does the app use certificate pinning? Yes (>=iOS 9.3) Yes Yes Yes Does the app encrypt data on the device? (iOS and Android only) Yes (if passphrase enabled) Yes (if passphrase enabled) iOS: Yes (if passphrase enabled); Android: Yes (if master key set in the app) iOS: Yes (if passphrase enabled); Android: Yes (unsure of function)Yes Does the app allow a secondary factor of authentication? NoNoNoNoNoNoYesYesNoYesYes (password for account used)Yes Are messages encrypted when backed up to the cloud? No N/A, Signal is excluded from iCloud/iTunes & Android backups Yes iOS: Yes Android: No N/A, Wire is excluded from iCloud/iTunes & Android backups Does the company log timestamps/IP addresses? YesYesYes NoYesYesNoYesYesNoSome Have there been a recent code audit and an independent security analysis? NoNoNoNoYes (October, 2014)NoYes (November, 2015)Yes (November, 2015)NoNoYes (August, 2014)Yes (March, 2018) Is the design well documented? NoSomewhatSomewhatSomewhatSomewhatNoSomewhatSomewhatSomewhatSomewhatSomewhatSomewhat Does the app have self-destructing messages? YesNoYesNoYesNoYesNoNoNoYesYes Vous pourriez laisser un commentaire si vous étiez connecté.