People often compare Signal vs. WhatsApp when looking at secure messaging apps. They both use the same underlying encryption—the Signal Protocol—but drastically differ in terms of features and underlying philosophy. Introducing Sky ECC into the mix makes these comparisons very interesting.
This analysis will show you a fair comparison of Signal’s adequate capabilities, WhatsApp’s inability to measure up as a truly secure messaging app, and how Sky ECC sets the bar for secure messaging and encryption. The comparison table at the end can be saved and shared with your network to show this comparison off while choosing the best secure messaging app.
Signal vs. WhatsApp vs. Sky ECC encryption standards
In the world of secure messaging, absolutely nothing matters as much as your encryption practices—not just the math used, but how all the data is managed by the app. There are different levels of security and encryption, saying ‘I’m encrypted, therefore I’m secure’, doesn’t always work because some encryption methods are easier to break than others.
Both Signal and WhatsApp use the Signal Protocol developed by Open Whisper Systems for end-to-end encryption (E2EE). WhatsApp started using Signal Protocol in 2014 as part of a partnership with Signal/Open Whisper Systems. As far as the mechanic of sending, receiving, and encrypting messages, they are, at their core, largely the same app with different options built on top of this basic structure.
The core of this is the fact that they both use Curve25519 128 bit elliptic-curve encryption (ECC) algorithms. The Signal protocol has no known flaws at this time. It’s open source and widely used in other apps like Skype and the private message function in Facebook Messenger. The Signal protocol is fine, but does it do the best job possible?
Sky ECC has a much higher encryption standard at its core: 521 bit ECC. Watch this video to get started on ECC encryption (and how it differs from other encryption tools like RSA):
Here are the important points from the video:
- ECC gives you much higher security with a much shorter key length or bit number (which is essential for mobile devices).
- This leads to faster computation of encrypted messages with higher levels of security.
- Top-secret messages sent by the NSA, and other federal agencies, must use ECC algorithms with no less than 384 bits to be considered secure. Sky ECC uses 521 bit ECC with Diffie-Hellman key exchange, which is orders of magnitudes more secure than 128 or 384 bit.
Now let’s look at how this compares to the Signal Protocol encryption standard of 128 bit, used by Signal and WhatsApp, in relation to its key size in RSA:
|Encryption standard used||Equivalent in RSA|
|Open Whisper (Signal)||128-bit ECC (Curve25519)||3072|
|Sky ECC||521-bit ECC (curve secp521r1)||15,360|
For reference, 2048 bit RSA is considered secure enough for online banking and shopping. While you can use stronger RSA encryption for banking and shopping, there would be a serious degradation in performance for consumers…unless they switched from RSA to ECC.
When talking about secure messaging apps, there is simply no replacement for stronger encryption with larger keys. It took over 200 PlayStation 3s 3.5 months to brute-force decrypt a message using a 112 bit ECC key, but it was broken. While it’s unlikely that 128-bit will be broken soon, it’s likely years away, why settle for weaker encryption in the first place? Why settle for anything less than the most secure messaging app available today? This is exactly what Sky ECC was built to be, and it is why we started out with 521-bit ECC as our encryption standard. We are future proofed against what’s coming for decades.
Signal vs. WhatsApp vs. Sky ECC hardware comparisons
The hardware that a messaging app is installed on is the next biggest factor in determining whether it’s secure. You can create an incredibly secure app…then have someone install it on a compromised device.
With Signal and WhatsApp your messaging app can be installed on pretty much any device available today—there are older devices that are no longer supported. Go to the app store, download on whatever phone you have, and you’re done. But, there is no way for you to know if your device—your hardware—is secure unless you’re an expert. You could easily have compromised apps on your phone you aren’t aware of.
WhatsApp is urging users to update its messaging service, following a report that a vulnerability in the software allowed attackers to hack into phones pic.twitter.com/1sdsfKE8tk— Bloomberg TicToc (@tictoc) May 14, 2019
Sky ECC uses only the most secure phones available from Apple, Google, and BlackBerry. We update our allowed devices as older devices become less secure, then go one step further:
- All Sky ECC phones are used exclusively for the Sky ECC messaging platform.
- Chosen phones are manufactured to be tamper resistant for security right from the factory.
- We install only a limited number of apps and don’t allow any additional apps to be installed on customer devices.
- Features which could compromise your security are disabled (like Siri and NFC).
Encrypting your messages simply isn’t enough. Your device is crucial in your overall plan for secure messaging—it’s the foundation of your communications security. Comparing Sky ECC with Signal vs. WhatsApp in this case leads to such a clear superiority for Sky ECC. It’s like comparing a certain fable of three little pigs to messaging:
- WhatsApp has low encryption and device security standards. It’s like building your house out of straw. You can go inside and be private, but there’s a big bad wolf that can blow it down through vulnerabilities in how it’s built.
- Signal uses the same encryption, but with better ‘behind the scenes’ standards (we’ll look at those next) that make it a house built out of sticks. You can go inside and be private, and it’s more secure than straw, but there’s still a big bad wolf that can blow it over!
- Sky ECC was built with top-of-the-line encryption standards, absolutely secure hardware, and exceptional security behind the scenes. You’re private when you’re ‘inside’, and the big bad wolf can huff and puff all he wants against this brick house.
WhatsApp and Signal are installed on whatever device you may own. These devices can have unknown problems on them as you could download malware. Sky ECC uses the latest in secure hardware to ensure that your phone never has an issue related to compromised hardware.
Signal vs. WhatsApp vs. Sky ECC company practices
How a company operates can have a huge impact on how secure their apps actually are. Where their funding comes from, where they’re located, and if they collect customer data or log IP address are all prime considerations for judging their overall security.
This is where the difference between Signal vs. WhatsApp really starts to show. They have the same encryption, and are apps installed on the same types of devices, but they really differ in how their companies operate. Sky ECC is even more different than the two of them, and I’ll break that down now:
Funding models and location
- Funded by donors.
- This leaves them vulnerable if they stop getting donations.
- They are also vulnerable to influence by these donors.
- Company operates in the USA, leaving them vulnerable to being in one of the most heavily surveilled nations on Earth.
- Owned by Facebook.
- This leaves users to being nothing more than another data collection point for Facebook.
- The app could be heavily influenced by governments, which could lead to back doors being built into the app.
- They also operate out of the USA, leaving them vulnerable to being in one of the most heavily surveilled nations on Earth.
- Owned by Sky Global.
- Sky ECC is a self-funding, and profitable, tool where users are in control. The funding comes from them because this tool is for them.
- Users always come first, not the government, not donors, or anyone but the people using the device.
- Company operates in Canada, a country with decent privacy protection policies.
Signal has a decent funding model, WhatsApp is in the quagmire of Facebook’s privacy issues, and Sky ECC is funded by those who actually use it. The comparison here is clear.
Customer data policies
- They have a good overall stance on user privacy.
- They keep no personally identifiable information that could identify you.
- They do collect some data, including your phone number, when you created your account, and when you last used your account.
- User privacy is a weak point for WhatsApp.
- They keep personally identifiable data that could be used to identify you. Political protesters, journalists, lawyers, those in politically unstable countries, and others who need total privacy need to stay away from WhatsApp.
- WhatsApp being owned by Facebook means it follows the Facebook structure of collecting data on users to serve them relevant ads, which is coming in 2020.
- They have been known to store metadata and hand it over to the FBI in the past, including who you’ve contacted and for how long, as well as IP addresses which can show where you’ve been.
- Protecting customer privacy is more important than anything else to us. Even when it’s inconvenient and makes us work harder than lesser apps would.
- There is no personally identifiable information kept that could identify you. This is detailed further in our law enforcement policy.
- No customer data is collected as it’s not part of the business model in any way. You can buy and use Sky ECC privately and anonymously.
Signal does have good customer protection policies, and users have a certain level of protection with them. At this point, WhatsApp is just Facebook Messenger with a green skin, with user data policies being a low priority. Only Sky ECC takes data policies completely seriously as they are the driving factor of the business model.
Signal vs. WhatsApp vs. Sky ECC app features
Each app has a slightly different way that it works, especially in how it protects customer data while the app is being used. These can be huge when it comes to how secure you are. Let’s look at how the three compare across these key features:
- Contact approval: You must approve someone before they’re able to contact you on Sky ECC. You won’t get any more unsolicited pictures from friends of friends who get your number—you know the kind of pictures I’m talking about—giving you control over who can talk to you. Neither Signal nor WhatsApp offers this.
- Encrypted vault: Our Vault feature allows you to keep a separate area within SKY ECC for secure storage of photos, chats, and notes. This is secured under a different password than the chatting side for another layer of protection. Neither Signal nor WhatsApp have this feature. In fact WhatsApp by default saves photos and videos you receive outside of the app leaving it vulnerable to Media File Jacking.
- Metadata encryption: WhatsApp does not encrypt metadata, the basic information about who you are contacting and when, which is a large risk. Signal and Sky ECC both encrypt this data, though Sky ECC uses a higher standard.
- Default encryption: Both Sky ECC and Signal have encryption on by default, but WhatsApp only has it when it is supported by the device. Every device that Sky ECC is put on supports encryption!
- Two-factor authentication: WhatsApp and Signal both have two-factor authentication. Sky ECC approaches this differently with brute force prevention tactics as a Sky ECC ID can only be associated with one device. Two-factor authentication protects against account high-jacking where more than one device can access an account at the same time. You can log into WhatsApp on your phone, tablet, and laptop and keep them in sync. If you keep physical control of your device, it is impossible for someone to high-jack your Sky ECC ID.
- Self-destructing messages: WhatsApp is really missing out on user control options by not allowing self-destructing messages. Signal does have this option, with a range of five seconds to one week. Sky ECC has automatic message self-destruction set for two days, and you can set it for as little as 2 hours to as much as 7 days. However, not matter what, your messages will self destruct at some point. Sky ECC also has a flash messages feature, which allows senders to set their messages to delete after 30 seconds of being read.
The gap between Signal vs. WhatsApp is even wider after looking at these feature comparisons, and the fact that Sky ECC is the class leader is made even more apparent. While Sky ECC and Signal do share features, only Sky ECC has everything listed here. Every step that could be taken to make Sky ECC more secure has been taken.
Comparing Signal vs. WhatsApp and Sky ECC side-by-side
To help you make your decision, or for something that any executive at your company can quickly digest, I have taken all of the information above and condensed it down into this spreadsheet comparing Signal and Sky ECC:
If you want to see more, visit this article gathering all reviews we’ve done to see how Signal does against other apps.
You can also view this comparison chart of Sky ECC vs. Whatsapp. Notice how much red there is…
What to know more about how Whatsapp compares to other apps? See this article on how well it compares with other text messaging apps.
You can clearly see that WhatsApp is fine as a messaging app, but not what we could truly call a secure messaging app. Signal is an improvement upon WhatsApp, but neither come anywhere near the features and security of Sky ECC. Do the comparisons yourself, research the facts yourself, and you’ll come to the same conclusion as I have above.