It's slim pickings for mobile users who want truly secure messaging: According to the Electronic Frontier Foundation (EFF), only six applications pass the security test.
EFF examined 39 servicesincluding popular tools from Apple, Google, Facebook, BlackBerry, Microsoft, and Yahoo.
The group was interested in seven possible features: is data encrypted in transit; is it encrypted so the provider can't read it; can the service verify contacts' identities; are past communications secure if keys are stolen; is the code open to independent review; is security design properly documented; and has the code been audited?
All 39 apps encrypt content in transit, but few satisfied all of the EFF's security requirements. In fact, only six managed to tick all seven of the EFF's boxes: ChatSecure + Orbot, Cryptocat, RedPhone, Silent Phone, Silent Text, and TextSecure.

Apple actually fared well, hitting five out of the seven requirements. It lost points for not verifying contacts' identities or opening its code to independent review.
Most other popular services only checked off two boxes (WhatsApp, Snapchat, Skype, Google Hangouts, Facebook chat) - usually encrypted in transit and having code audited. AIM only satisfied the encrypted in transit bit.
"Most of the tools that are easy for the general public to use don't rely on security best practicesincluding end-to-end encryption and open source code," the EFF said. "Messaging tools that are really secure often aren't easy to use; everyday users may have trouble installing the technology, verifying its authenticity, setting up an account, or may accidentally use it in ways that expose their communications."
The report is part of EFF's new campaign (run in collaboration with Julia Angwin at ProPublica and Joseph Bonneau from the Princeton Center for IT Policy) to champion technologies that are "strongly secure and also simple to use."
"Our campaign is focused on communication technologiesincluding chat clients, text messaging apps, email applications, and video calling technologies," the website said "These are the tools everyday users need to communicate with friends, family members, and colleagues, and we need secure solutions for them."
With the hope of forcing a sort of race-to-the-top competition among those surveyed, the secure messaging scorecard will be continuously updated to include future changes.
Google may not have won many points in the foundation's game, but the company is still committed to improving product security. So, the Android Security Team has built the new nogotofail tool, which provides an easy way to confirm that devices or apps are safe against known TLS/SSL vulnerabilities.
An open source project, nogotofail is compatible with Android, iOS, Linux, Windows, Chrome OS, OSX, and basically any other device that connects to the Internet.
Users can configure the settings to receive notifications on Android and Linux; the attack engine itself can be deployed as a router, VPN server, or proxy.
"We've been using this tool ourselves for some time and have worked with many developers to improve the security of their apps," Chad Brubaker, Android security engineer, said in a blog. "But we want the use of TLS/SSL to advance as quickly as possible."
About Our Expert
B.A. in Journalism & Public Relations with minor in Communications Media from Indiana University of Pennsylvania (IUP)
Reporter at The Frederick News-Post (2008-2012)
Reporter for PCMag and Geek.com (RIP) (2012-present)
Science & Space
Video Streaming Services
Social Media
Cars & Auto
Education
iPhone 12 Pro
MacBook Air (hooked up to a 23-inch Dell monitor)
Google Chrome
Google Drive
Soundcore Life P3 earbuds
Various Amazon Echo devices