end-to-end encryption Archives

AppWizard

May 13, 2026

Android Adds Intrusion Logging for Sophisticated Spyware Forensics

Google introduced a new opt-in feature for Android users called Intrusion Logging, which enhances the analysis of spyware attacks as part of the Advanced Protection Mode. Developed with Amnesty International and Reporters Without Borders, it logs daily device and network activities, including app activity, installations, network connections, file transfers, system certificate modifications, and device lock events. The log data is encrypted and stored securely, accessible only to the device owner. Logs are retained for 12 months and cannot be deleted by users before expiration, though they can be downloaded for offline storage. Intrusion Logging also records network events during Chrome's Incognito mode. This feature is beneficial for high-risk individuals who may be targets of surveillance. Users can access the logs through the Settings app, and the rollout is underway for devices with the Android 16 December update and newer. Additionally, Google announced other privacy and security features, including a verified financial call feature to combat scams, expansion of Live Threat Detection, evaluation of APK files for malware, revocation of accessibility services API access from non-designated apps, and enhancements to Find Hub's Mark as Lost feature. Other updates include improved device recovery options, enhanced privacy controls, introduction of AISeal with pKVM, expansion of Binary Transparency, protection against OTP theft, and strengthening data protection with post-quantum cryptography.

AppWizard

May 10, 2026

From BBM to Threema: How messaging apps and VPNs fuel terror networks in Jammu and Kashmir

The Blackberry Messenger (BBM) application has re-emerged in terror-related networks in Jammu and Kashmir, as revealed by the interrogation of an operative from Lashkar-e-Taiba (LeT). The Srinagar Police recently dismantled an LeT module, arresting Abdullah (Abu Hureira) and others. The National Investigation Agency (NIA) is now investigating, focusing on BBM and other messaging apps used for coordination. BBM has a history of scrutiny, with the Indian government previously threatening a ban unless servers were established in India. In 2019, BBM became a paid service for corporate users. Investigators are tracking BBM Enterprise accounts linked to terrorism. Cybersecurity concerns persist in Jammu and Kashmir, especially regarding privacy-centric apps like Threema and banned applications like Element, which are believed to aid terror groups in evading surveillance. Other apps, such as Dust, face scrutiny for their ephemeral messaging features. The increased internet access has also allowed terrorist organizations to strengthen their networks, with some individuals posing as extreme nationalists having ties to radical groups.

AppWizard

May 9, 2026

Instagram Loses End-To-End Message Encryption Today; What It Means For You

Instagram has discontinued its end-to-end encryption (e2ee) feature for direct messages, which previously allowed users to communicate securely without interception. All direct messages will now be protected by standard encryption, allowing potential access by service or network providers. Meta, Instagram's parent company, cited low usage rates for this change, which was communicated in March. Privacy advocates have raised concerns about user communications being shared with law enforcement and for AI training purposes, although Meta clarified it does not use private messages for AI purposes. Users seeking privacy can switch to WhatsApp or the standalone Messenger app, which still support e2ee. Meta has also advised users who had e2ee enabled to download their chat histories and media before the feature is fully retired.

AppWizard

May 8, 2026

Meta can see your Instagram messages now, and it’s time to stop using it

Instagram has removed end-to-end encryption from its direct messaging feature, meaning messages are no longer fully private. Meta can access and analyze message content for moderation, citing low adoption rates and safety concerns as reasons for this decision. The change took effect on May 8, 2026, and allows Meta to combat issues like child exploitation, fraud, and harassment. Users can download their chats, but ongoing conversations are not protected by encryption. Meta suggests users transition to WhatsApp for continued end-to-end encryption.

AppWizard

May 8, 2026

Messenger is the most invasive app, research says

Recent research from Surfshark indicates that Meta's Messenger app collects 32 out of 35 possible data types, making it the "most data-hungry messaging app." Following Meta's decision to disable end-to-end encryption for Instagram direct messages on May 8, 2026, user privacy is compromised, allowing Meta access to message content. Cybersecurity experts express concerns about the implications of this change and highlight that users provide valuable data to the company. In contrast, WhatsApp continues to offer end-to-end encryption. Surfshark also notes that 90% of messaging apps now incorporate AI features, raising privacy concerns regarding user data sharing. For privacy-conscious users, Signal is ranked as a top alternative due to its minimal data collection and strong encryption. A VPN, or Virtual Private Network, is highlighted as a tool for enhancing online privacy and security.

AppWizard

May 5, 2026

Meta enhances security of WhatsApp and Messenger encrypted backups

Meta has enhanced the security and transparency of its end-to-end encrypted backup system for WhatsApp and Messenger. The improvements focus on refining the distribution and verification of encryption keys, and allow for independent audits of certain infrastructure components. The updates are based on Meta's Hardware Security Module (HSM)-based Backup Key Vault architecture, which securely stores recovery secrets in tamper-resistant hardware, ensuring that neither Meta nor cloud service providers can access users' message archives. For encrypted backups, users' devices generate a 256-bit encryption key locally, which encrypts all backup data before uploading it to cloud storage. The key remains on the device in an encrypted format, with the user's password not visible to Meta or third parties. An encrypted version of the backup key is stored in the HSM-based vault using the OPAQUE password-authenticated key exchange protocol, enhancing recovery security without revealing the password. The recent updates include an over-the-air (OTA) fleet key distribution mechanism, which avoids hardcoding trusted infrastructure keys into Messenger applications. Clients receive a “validation bundle” containing the HSM fleet's public keys during runtime, with signatures verified against Cloudflare’s Key Transparency system. The vault operates across at least seven data centers using majority-consensus replication to ensure availability and integrity. Meta plans to publish cryptographic proof of each new HSM fleet deployment, allowing advanced users and researchers to verify these deployments through the open-source “mbt” (Meta Binary Transparency) CLI tool, which conducts multiple checks to confirm that fleet keys are untampered.

AppWizard

April 28, 2026

XChat Goes Live: X Drops Encrypted Messaging App to Rival WhatsApp, Telegram Fast

X has introduced XChat, a dedicated messaging platform emphasizing privacy and security, currently available for pre-order in the App Store. XChat is a standalone app that offers a focused communication experience, isolating messaging from social media functionalities. It employs end-to-end encryption, ensuring only the sender and recipient can access messages, and features no advertisements or tracking. Key features include encrypted one-on-one and group chats, disappearing messages, screenshot blocking, video calling, and file sharing. XChat is part of X's broader strategy to evolve into an "everything app," which may include content sharing, payments, and financial services.

AppWizard

April 27, 2026

Signal isn’t broken — so how are hackers targeting the world’s ‘most secure’ chat app?

On April 26, hackers allegedly linked to Russian groups targeted the Signal messaging app with phishing attacks aimed at senior politicians. These attacks did not compromise Signal's end-to-end encryption; rather, they deceived users into providing access to their accounts through fake messages. Signal is operated by the non-profit Signal Foundation, founded in 2012 by Moxie Marlinspike with funding from Brian Acton, a co-founder of WhatsApp. Signal distinguishes itself by rendering metadata invisible to its operators, unlike WhatsApp, which shares user data with its parent company. Signal's president, Meredith Whittaker, advocates for data privacy.

AppWizard

April 22, 2026

Tired Of Google Messages? These 4 Texting Apps Might Be Better For You

Samsung plans to retire its proprietary messaging app by July 2026, leading many Android users to rely on Google Messages. Major carriers like AT&T have stopped supporting their own messaging apps, potentially creating a monopoly. Alternative SMS-enabled apps include: - Pulse SMS: Syncs across devices, offers password-protected cloud backups, and has end-to-end encryption for stored conversations. It has a 3.6-star rating on Google Play. - Chomp SMS: Highly customizable with features like scheduled messages and block lists. It remains free with ads, but some users find the customization options complex. - Handcent Next SMS: Incorporates AI for features like text extraction and grammar checks. It has over one million downloads and a 4.4-star rating, but requests a high number of permissions. - Textra SMS: Offers faster performance and extensive customization, aiming to replace default messaging apps. It follows a "free forever" model but lacks cross-device functionality and encryption. The selection of these alternatives was based on Google Play ratings above 3.5 stars, a minimum of 50,000 user reviews, and recent updates.

AppWizard

April 21, 2026

Europe is abandoning WhatsApp and Signal: Why governments are introducing their own messaging apps

European officials are transitioning from messaging platforms like WhatsApp and Signal to state-controlled applications to reduce reliance on US technologies. Six nations—France, Germany, Poland, the Netherlands, Luxembourg, and Belgium—are implementing secure messaging systems for sensitive communications. NATO has its own solution, and the European Commission plans to finalize its transition by year-end. This shift is driven by cybersecurity threats, particularly targeting politicians through popular apps, prompting advice to deactivate Signal groups to prevent data leaks. Belgium has developed the BEAM app, controlled by the state, for official use, offering features like end-to-end encryption and participant management. The localization trend is influenced by geopolitical dynamics and past incidents highlighting Europe’s dependence on foreign technology. Additionally, transparency issues have emerged, as reliance on private messaging services has obscured communications related to significant contracts, such as vaccine agreements.