In the modern digital age, cybersecurity is more important than ever. However, one commonly used but often overlooked area of weakness may be something you use every day. Short Message Service, or SMS messaging, has been the primary way people have texted since Nokia made the technology available to the public in 1993. As it comes default with most mobile devices, you may be surprised to learn that it’s one of the most unsafe ways to communicate with your cellphone.
SMS messages are unsafe because they lack end-to-end encryption or E2EE. Not only can your phone provider view all the texts you send and receive, but so can other organizations and people. This detail is made even worse because many people perform important tasks via SMS daily, including sending contracts or sensitive personal information. If you’re still unsure whether it’s worth it to make the switch, here are five reasons to switch from SMS to encrypted apps.Â
End-to-end encryption converts messages into scrambled data that can only be decoded with a secret key found on the sender and recipient’s devices. This information is not shared with your phone provider or any other party and can’t be decoded even if it is intercepted in transit. Each time a new message is sent, a new key is generated and deleted from both devices once the message has been decrypted to text.
In other words, the only people who can read texts that utilize end-to-end encryption are the sender and receiver of the text, as no other device has the special key required to decrypt the data. Sending the data this way ensures that any third party attempting to intercept the message over any network will just receive scrambled, meaningless data. Using traditional SMS messaging — based on old technology from the ’90s — leaves your data open to third parties.Â
Text messages have regularly been used as evidence in court proceedings, even impacting the rulings of high-profile cases. Even though texts could be deleted on the receiver and sender’s phones, it doesn’t mean that their cellular provider isn’t holding onto the data. While it does require a warrant from a judge or magistrate to obtain, these are frequently granted and can sometimes even serve as a lynchpin to serious court cases.Â
According to documents acquired for a 2021 article by Vice, government agencies like the FBI have guidance in the form of written “cheat sheets” on obtaining SMS messages from various mobile service providers. This demonstrates the regularity with which the FBI obtains and requests text message data. Though most people won’t be affected by government agencies in this way, the fact that it’s possible may be reason enough to switch to an encrypted messaging service.Â
E2EE is not perfect, so there are vulnerabilities, just as with any technology. While it’s still more than possible for hackers to send links to malware and other malicious software while using E2EE, end-to-end encryption does prevent hackers and malicious parties from intercepting and altering data en route. This functionality could be important when sending sensitive or confidential documents, including personal information, legal proceedings, or financial details. It’s also the reason why the United States government mandates the use of encrypted messaging for all agencies.
In addition to protecting data en route, encryption also protects users’ text messages from being read in cases of data breaches, like the notable 2021 T-Mobile hack, where 47 million users’ data was impacted. Again, though the texts may be deleted on each of the users’ devices, it doesn’t mean that it isn’t being stored in a cloud server temporarily.
Your phone provider can track almost everything you do on your phone but cannot track or log messages sent via end-to-end encryption. As previously mentioned, unlike SMS messages, which can and are used in court proceedings, E2EE messages can’t be read without the special key from a specific device. Though some phone providers do retain text data, it is important to note that many providers do not retain the information from texts for a very long time, with the number of days ranging from not at all to multiple weeks, depending on the provider.
Really, this comes down to your provider, with companies like AT&T storing text messages for up to 90 days in cloud storage even after they are deleted, whereas providers like T-Mobile don’t retain SMS content at all. Instead, most providers retain data like SMS metadata, call detail records, and cell site data for up to 7 years, depending on the provider. These details should be included in the Terms of Service for your mobile provider.
One solid reason to switch to end-to-end encryption is there is a plethora of widely-used, trusted applications, both open-source and proprietary, that utilize E2EE. Some of the most used include Signal, WhatsApp, and Telegram, though even several more mainstream apps like Facebook Messenger offer end-to-end encryption nowadays. These options are available on both the Apple App Store and Google Play, so regardless of your operating system, a lack of options certainly isn’t a reason not to switch to using end-to-end encryption.
Apps like Signal are open-source, while other options like WhatsApp and Telegram may have more messaging features or functionality for a messaging platform. Take a look at the features of the encrypted text apps you plan to use on your phone and choose one that will suit your needs. Ultimately, each option is safer than using regular SMS, but you’ll also need to get your friends on the platform of choice.