A better definition of obesity
January 14, 2025
Fueled by growing privacy concerns, people are increasingly downloading encrypted messaging apps like Signal, WhatsApp and Telegram. But how do these platforms work and how do they ensure sensitive conversations remain secure?
Northwestern Now spoke with security experts V.S. Subrahmanian and Xiao Wang to learn more about the technology behind encrypted messaging and how these apps use cryptographic techniques — such as end-to-end encryption — to safeguard communication from interception. They also offer valuable tips for maximizing user privacy within these platforms.
An expert in AI and security, Subrahmanian is the Walter P. Murphy Professor of Computer Science at Northwestern’s McCormick School of Engineering and a Buffett Faculty Fellow at Northwestern’s Buffett Institute for Global Affairs. He also directs the Northwestern Security and AI Laboratory. An expert on encryption, Wang is an assistant professor at McCormick.
What exactly is data encryption and how does it work?
Data encryption converts understandable content such as text, image and audio into unintelligible content. Think of the original data residing in a lockbox. Data encryption is like a key that locks the box and only an appropriate key can be used to open the box. The valid key or keys are usually secret and only known to a few parties such as the owner of the box.
Secure messaging apps promise “end-to-end encryption.” What does this mean and how does it differ from regular encryption?
End to end (E2E) encryption ensures that when A sends a message to B, no one else in the middle (e.g. a service provider such as a social platform or a telecommunications firm) can read the message. Regular encryption does not prevent the service provider from reading the message.
Some secure apps claim that all messages are automatically deleted. Can these deleted messages still be retrieved somehow?
It depends. Even if a secure messaging app claims that messages are automatically deleted, unencrypted messages may still sit somewhere on the phone as unallocated memory. Unless someone does a full deep overwrite of all content in the phone, part or all of a message may be recoverable.
Are encrypted messages safe from subpoenas?
Probably not. If a user sends or receives an E2E message using a secure messaging app and subsequently deletes it, then he is no longer in possession of the message and a subpoena demanding the secret key from him would not be able to recover the data.
However, the earlier caveats are still applicable. If either the sender or the recipient still has the message on their phone, then a subpoena demanding the password to the phone will likely uncover the message. Malware that is injected into the phone may also recover it. Part or all of the message also may lie in encrypted form in one of the many routers and network hosts that the message may pass through as well as on cloud storage servers.
Apple claims its iMessages are also encrypted. If that’s true, then why do users need services like Signal and WhatsApp?
It’s hard to say for sure. Many overseas customers may worry about the ability of U.S. companies to withstand a subpoena from U.S. courts.
Are encrypted iMessages still safe if they are saved to the iCloud?
Apple recently announced Advanced Data Protection. With this enabled, message backups are supposed to be secure.
What can people who aren’t tech experts do to keep their messages and data private?
Here are some recommendations:
- Don’t use text messaging, use E2E messaging.
- Don’t say anything on E2E messaging services that may come back to haunt you. Save these conversations for in-person meetings.
- If you do have to say something sensitive via an E2E messaging service, limit the number of people to whom you send it to the bare minimum.
- Delete any sensitive messages, even on an E2E messaging service, immediately after reading them and ask the individuals you exchanged the message with to do likewise.
- Use the most up-to-date version of the app and the operating system.
- Make passwords that are long and complex, don’t reuse them and change them frequently.
- Do not click on links, images, videos, audio files or documents that are embedded in incoming emails or text messages — even if they are on messaging apps that use E2E.
