Your Snapchat account may not be as private as you think it is.
We often trust messenger apps with the most intimate details of our lives. However, a recent report from Amnesty International suggests that many private messaging apps are failing to provide even basic security for their users. Apps like Snapchat, Skype, Google Hangouts and We Chat were highlighted as not taking the extra steps necessary to ensure user's protection.
Users are left vulnerable to spying, which may constitute as a human rights risk.
It was found that only a handful of apps used end-to-end encryption, which ensures that only the sender and the receiver can see the messages. Only Apple iMessage, WhatsApp, Facetime, Line, Google Duo and Viber had end-to-end encryption as a default setting.
Snapchat however, was said in the report to have "no commitment to freedom of expression" and "no policy recognition of threats." Skype was criticized similarly, as it does not even offer end-to-end encryption.
Paul Buis, chairperson and associate professor of computer science at Ball State, said students could only be sure that encryption is being used when accessing social media through the web if the URLs start in "https" rather than "http."
"Often, the app just stores your username and password on your mobile device and provides a "wrapper" around a web browser that is limited to just the website," said Buis.
Not having encryption on certain apps could expose your username and password to someone observing Wi-Fi traffic if the Wi-Fi is encrypted.
"The app may expose your username and password to someone who obtains possession of the mobile device, if it is lost, stolen or borrowed," said Buis.
Buis said there were three steps he recommends to ensure the privacy of your messages on apps.
- Not using apps when the same content is available via a website, and always using "https" rather than "http."
- Only using encrypted Wi-Fi like "bsusecure", or encrypted Wi-Fi at your home. Do not use public, open Wi-Fi (as it is not encrypted).
- Encrypting your mobile device's internal storage and requiring a password at boot time, and every time you start using your device.
Buis said that there are two separate places encryption is needed - first on the Wi-Fi network, and second on the device's storage system.
"And you can't count on an app to do either," said Buis.
While accessing websites that do not require a username and password via "open" Wi-Fi is not a direct threat to your privacy, users should know that others might be able to see what they are looking at, unless they are on "https."
However, Buis said that it is easy to forget to disconnect from unencrypted WiFi when you switch over to doing something else, so that the use of open Wi-Fi and unencrypted apps should be done with "extreme caution."