Only three out of 11 companies with popular messaging apps take measures to safeguard user privacy, while Snapchat and Skype/Microsoft are among those failing to adopt basic privacy protections on their services, revealed an Amnesty International (AI) report released this week.
AI's ‘Message Privacy Ranking’ report evaluates 11 companies with instant messaging apps on their use of encryption to protect users’ privacy and freedom of expression across.
Millions of people are using messaging apps that deny them even the most basic privacy protection, said Sherif Elsayed-Ali, AI's head of technology and human rights.
The "minimum requirement for technology companies to ensure that private information in messaging apps stays private" is end-to-end encryption ─ a method of scrambling data so that only the sender and recipient can see it.
According to the report, the companies that ranked lowest on the scorecard do not have adequate encryption in place on their messaging apps.
The report ranks technology companies on a scale of 1-100 based on how well they do five things:
- Recognise online threats to their users’ privacy and freedom of expression
- Apply end-to-end encryption as a default
- Make users aware of threats to their rights, and the level of encryption in place
- Disclose details of government requests to the company for user data, and how they respond
- Publish technical details of their encryption systems
Tencent, Blackberry and Snapchat were among those scoring less than 30 out of 100.
"Chinese firm Tencent came bottom, scoring zero out of 100, ranked as the company taking least action on messaging privacy, and the least transparent," said the report, adding that it was followed by Blackberry and Snapchat scoring 20 and 26 respectively.
"Despite Microsoft’s strong policy commitment to human rights, it is still using a weak form of encryption on Skype, scoring 40 and leaving it four places from the bottom", said the report.
"None of these companies provide end-to-end encryption of their users’ communications."
Snapchat, with more than 100 million users every day, also scored poorly.
Snapchat "does not deploy end-to-end encryption... and is not transparent in informing users about the threats to their human rights or its use of encryption".
“If you think instant messaging services are private, you are in for a big surprise. The reality is that our communications are under constant threat from cyber-criminals and spying by state authorities. Young people, the most prolific sharers of personal details and photos over apps like Snapchat, are especially at risk,” Elsayed-Ali said.
Apple, Facebook top ranking
Facebook, whose apps Facebook Messenger and WhatsApp together have 2 billion users, scored the highest with 73 out of 100.
"Facebook is doing the most out of the 11 companies assessed to use encryption to respond to human rights threats, and is most transparent about the action it’s taking."
However, "despite including end-to-end encryption as an option with its new 'secret conversation' feature, Facebook Messenger’s default mode uses a weaker form of encryption, which means Facebook has access to all the data," said the report.
Apple scored 67 out of 100 but it needs to do more to make users aware that SMS messages are less secure than iMessages, it said.
Only three firms, Apple, Line and Viber scored full marks for providing end-to-end encryption by default on their messaging apps.
"With large data breaches occurring all too frequently and governments’ mass surveillance operations unabated, the strongest encryption as well as transparency about who has access to message data, is key" to protecting vulnerable segments of society, Amnesty said.
Amnesty called on companies to apply end-to-end encryption to messaging apps as a default saying it would help protect the rights of everyday people, as well as activists and persecuted minorities all over the world by enabling them to exercise their freedom of speech.