Recently Mark Zuckerberg made a controversial comment on his Instagram account stating that Meta’s WhatsApp platform is more private and secure than Apple’s iMessage. In a matter of seconds, his word was spread over the web on all major technology-related sites and forums. His comment received a major backlash from thousands of people on the web laughing and trying to invalidate Zuck’s WhatsApp statement.
But from an objective point of view, is Mark Zuckerberg right and people hating on him are just doing it based on their herd mentality? In a herd mentality meaning that just because 5 percent of random people said that Zuckerberg is not trustworthy to any degree, then the rest of the users are parroting the same thing. Or are they right, Zuckerberg is just making up false statements in order to persuade the public to use WhatsApp instead of iMessage?
Let’s see. This comparison between WhatsApp and iMessage focuses on security and privacy and no other regular features.
WhatsApp vs iMessage: Encryption
When it comes to security, the most essential aspect is how your conversations and content are being transferred: Encrypted or non-encrypted.
Thankfully, although they both use different methods of encryption, both iMessage and WhatsApp conversations are encrypted.
This means that your conversations and files are encrypted from when they leave your device to when they arrive at the recipient’s device. No hacker or government agency is going to see your conversations.
WhatsApp end-to-end encryption: How it works?
First, it’s important to understand which encryption method each company uses and how trustworthy are they.
WhatsApp uses a very trustworthy third-party end-to-end encryption protocol developed by Open Whisper Systems. This well-established communication protocol, the Signal Protocol, is also used in other major communication software such as Skype and Google RCS Messages app.
Although there are many people who don’t trust anything related to Zuckerberg/Meta, the Signal Protocol is open source and has been audited by security researchers across different universities.
iMessage end-to-end encryption
Just like WhatsApp, Apple also offers end-to-end encryption with iMessage. If for some reason your carrier, a hacker, or a government agency intercepts your iMessage they will not be able to read it.
Unfortunately, since Apple’s encryption protocol is closed-sourced, not that many security researchers or cryptographers have been able to perform rigorous analysis for security vulnerabilities as they have done with the Signal Protocol.
A few years ago a team of researchers from Johns Hopkins University found a bug in Apple’s encryption method which allowed hackers to intercept and decrypt photos and images sent through iMessage. Apple later fixed that bug in its following iOS software update.
Back up encryption
As of now, it’s been shown that iMessage’s encryption method is inferior to WhatsApp’s encryption method, the Signal Protocol.
Now to continue, a huge problem that WhatsApp and iMessage faced in encryption was backing up the content.
Not long ago, when you backed up your WhatsApp content/messages to iCloud or Google Drive, the content would’ve lost its encryption.
Fortunately, WhatsApp recently solved this problem by allowing you to secure your end-to-end encrypted backup with either a password or a 64-digit encryption key. The password or 64-digit encryption key is only given to you and neither WhatsApp nor your backup provider will have access to this code.
Unfortunately, this is another area where iMessage falls short. If you use the iCloud backup feature, this backup will also upload the key used to decrypt your iMessages to Apple’s servers. Even worse, if you don’t have iCloud backup turned on but the person you talk with DOES, then your conversation with that person will be uploaded to Apple’s servers along with his key.
Apple was going to develop a plan to allow iCloud backups without having to upload private keys but they refrained from doing so after the FBI advised them not to. In doing so, it would’ve made it harder for the FBI to investigate criminals.
iMessage vs WhatsApp: Metadata
Not just the content of your message important, but your account’s metadata is extremely important as well. By using your account metadata, any unauthorized observer can learn a lot about you. Through metadata, any organization or person who gets ahold of that data can see a lot of basic information about you. This information includes but is not limited to who’s in your contact list, who has you on their contact list, and who you’ve been contacting.
Although your cell phone carrier does not have access to this data to potentially charge you extra, law enforcement agencies can request Apple or WhatsApp this metadata with the help of a warrant.
According to RollingStone, WhatsApp provides this data to the FBI in a more flexible way. The document suggests that WhatsApp offers the pen register service to law enforcement which let them know who you are calling and who is calling you every 15 minutes.
In conclusion: Yes, Zuckerbergberg is right. WhatsApp is more secure than Apple’s iMessage. The two major reasons why iMessage is less secure than WhatsApp are:
- All of your iMessage content can be obtained if the iCloud backup feature is enabled, rendering end-to-end encryption useless. This is very likely to happen as iCloud backup is on by default.
- Apple uses its own inferior encryption protocol.