If you’re on Apple, use iMessage or a reputable dedicated encrypted messaging app (not WhatsApp). If you’re on Android, likewise use a dedicated encrypted messaging app or make sure that you and your recipient are both using the same Google Jibe RCS implementation and have it on.
And they’re fairly transparent on all the privacy features.
I wouldn’t trust them entirely if you’re a very high risk for breach like a journalist in hostile countries, but I also wouldn’t trust any off the shelf solution for that and would be running a heavily locked down privacy focused Android fork in that case.
The cross OS compatibility is an issue though and I use Signal for anyone on Android that I talk to.
Yup. If it isn’t E2EE, don’t trust it.
If you’re on Apple, use iMessage or a reputable dedicated encrypted messaging app (not WhatsApp). If you’re on Android, likewise use a dedicated encrypted messaging app or make sure that you and your recipient are both using the same Google Jibe RCS implementation and have it on.
I don’t fully trust Apple’s claims because I feel they might have backdoors. I would trust only FOSS apps like Signal, Session, or Matrix.
Understandable to not trust a big corp. Apple does have a solid track record on encryption though and actively fighting against backdoors.
FOSS is generally the best choice though.
I’ll trust them more if they are more transparent like Signal
https://signal.org/bigbrother/
They do have a transparency report they publish twice a year. The first one for 2022 should be out soon.
https://www.apple.com/legal/transparency/us.html
They also publish one for almost if not all countries they operate in.
It’s not as detailed as Signals but does detail all government requests they get.
As far as the encryption goes, keys are generated by the devices themselves and not Apple servers.
They also detail where the keys are stored for iCloud based on what protection you choose. https://support.apple.com/en-us/HT202303
And they’re fairly transparent on all the privacy features.
I wouldn’t trust them entirely if you’re a very high risk for breach like a journalist in hostile countries, but I also wouldn’t trust any off the shelf solution for that and would be running a heavily locked down privacy focused Android fork in that case.
The cross OS compatibility is an issue though and I use Signal for anyone on Android that I talk to.
Also if you don’t trust either of the ends, it doesn’t matter much if it is E2E.