By: Jonas Gyllensvaan, CEO at SyncDog
Whatsapp recently made headlines for a pop-up notification asking users to accept its new terms of use and privacy policy. While this sort of update isn’t out of the ordinary, it came as a surprise to most users that Whatsapp has been sharing personal data with Facebook since 2016. As confusion about the further increased data sharing practice rang out across the internet, Whatsapp pushed the privacy policy update schedule out to May 15 instead of February.
Due to concerns over data privacy, Whatsapp users are flocking to Signal, a messaging app known for both its end-to-end encryption and it’s minimal personal data collection (primarily just users’ phone numbers). The term end-to-end encryption sounds fancy and the big three messaging apps – Whatsapp, Signal and Telegram – all have it. So, many users assume it’s a security measure that holistically protects data. This isn’t necessarily the case.
Let’s first take a look at what end-to-end encryption means.
What it does, in the context of messaging, is protect data while it’s in-transit from one user to another. That means the contents of your messages are protected from unauthorized persons or entities as it travels through the network. This is particularly important to note for enterprises that have employees exchanging corporate information via mobile messaging.
End-to-end encryption’s main limitation lies in that it does not protect data while it’s sitting, or “at-rest,” on users’ devices.
Thus, even the most security and privacy-conscious messaging app (Signal) has some vulnerabilities. One such vulnerability is that if a device is jailbroken, the data stored on that device is not protected because neither the app or operating system is poised to protect it. Not to mention, in the case of Signal, chat backups are not encrypted when they are stored and synced with iCloud. This means your messages don’t necessarily stay within Signal.
You might be questioning how to actually ensure your Signal messages are holistically secured.
The short answer is containerization. The longer answer lies in finding a trustworthy mobile security party that is well aware of popular apps’ vulnerabilities and actively fills security gaps. Secure.Systems is perhaps the best example of this. It’s a Trusted Mobile Workspace that fulfills what the true meaning of end-to-end encryption should be – data protection in-transit and at-rest. We have created an enhanced Signal app and integrated it into our award-winning mobile security solution ecosystem.
Our integration disables Signal’s iCloud sync, keeping your employees’ messages within the secure environment. All the data is stored within the encrypted container – not the devices’ storage system. In summary, if a device is jailbroken, your data stays inaccessible to prying eyes.
Enterprises need to understand that they cannot take ‘secure’ apps for granted.
All apps have flaws, even those held in high regard such as Signal. Investing in an easy to use, fully integrated mobile security solution is necessary and has the potential to save companies money (by preventing a breach) and to preserve brand reputation (keeping customer trust and loyalty high).
__
To learn more about how Secure.Systems can be customized and scaled for your enterprise, get in touch with our team of mobility experts here.