Unfortunately, the standards for mobile networks still allow for really weak encryption algorithms and cannot be considered to be really secure. Communication via SMS, for example, means that attackers can quite easily break the encryption and might be able to read your messages. In mobile networks, the traffic is generally only encrypted from your phone to the base station where the encryption is decrypted and the message is then transmitted in plaintext.
More and more applications nowadays support end-to-end encryption, which means that once the traffic is encrypted on your computer (or a phone) the information travels encrypted until the receiver receives and decrypts the message. If the encryption is implemented securely, outsiders cannot decrypt the message without the key that is only present in the receiver’s computer. For an attacker to decrypt the message they would need to either break into your or the receiver’s computer to be able to monitor the communication. Consider the cryptography examples in the previous chapter, if the encryption cipher is secure and the key is kept secret, only the intended recipients can decrypt the messages.
Example of communication apps using end-to-end encryption include:
Signal
Telegram
WhatsApp
Facebook Messenger
Of these applications, Signal uses open-source implementations which means they’re available for anyone to verify (the opposite of security by obscurity). The algorithms used by the Signal application are generally considered to be secure and they have been studied a lot. The benefit of an open-source and verified implementation is that once proven to be secure, the implementation can be used by others as well. The Signal protocol, for instance, is used by the WhatsApp application as well.
Telegram instead did what many consider is breaking the first rule of cryptography (do not roll your own crypto) and created their own protocol. There has been a lot of critique for the protocol and some researchers consider it broken. Some vulnerabilities have been found in the protocol already. The known vulnerabilities have received fixes but regardless, some still think you should avoid relying on the secrecy of Telegram's cryptographic implementation. As it stands, at the moment there is no known vulnerability in Telegram’s cryptographic implementation.
Facebook Messenger has a mode called secret conversations which is end-to-end encrypted. However, it is opt-in and not the default. Group chats are not end-to-end encrypted and can’t be trusted to be secure.
If secrecy is what you’re looking for in a messaging application, right now Signal or with some caveats WhatsApp seem to be the most secure alternatives. SMS messages should not be used for any confidential communication.
While the above list contains items that you can leave behind by yourself, you might also want to consider the amount of information that is gathered by your devices. This might include details such as GPS coordinates, your usage of applications, times you’re active and health data such as heart rate. With these pieces of information, the attacker can form a pretty complete picture of your daily life from your home location to places you visit often, people you meet, where you might work, if you have any health issues and so on.
Some countries are assumed to monitor their own citizens’ communications to control the flow of information and to monitor dissidents. In some of these countries, end-to-end encryption can even be prohibited or governments can mandate backdoors or weaknesses to be included in the technology to make it possible for them to break the encryption and confidentiality of messaging. To determine if this is a risk factor for you, you should research the laws of the country you are in or will potentially be submitting/receiving data from.