In our previous Privacy Peril tip, we noted how thieves are now spoofing law firms (and other businesses) through use of informal messaging apps. These fiends play off the perception of law firm integrity to overcome the healthy skepticism of unsolicited financial propositions that sometimes appear through such messaging. Now we focus on app security even where all those in the group or chat session are legitimate participants.
Many default Short Message Service (SMS) (i.e., text) messaging apps are not encrypted, meaning your cell carrier can view and collect your text communications. The same is true for Multimedia Message Service (MMS) (transmission of photos, audio or video) messages. While there are third party messaging apps available for download, not all are created equal. To be secure, the messaging application at a minimum should provide end-to-end encryption. Snapchat provides end-to-end encryption only for photos and videos, not texts or group messages. Google Messages are now EE2E (the text messages are dark – not light — blue), but not for group messages. Apple’s iMessage is end-to-end encrypted (the messages will be in blue – not green — bubbles). However, like all messaging apps, EE2E exists only where no participant is using “plain” SMS or MMS.
Another security consideration is whether end-to-end encryption is turned on by default (it is not in Facebook Messenger).
And if things were not complicated enough, the degree and scope of encryption among these apps are continually changing.
Ideally, direct confidential client communications would not be conducted by social messaging apps. They should not be conducted through non-secure apps.
Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact a member of our Privacy & Data Security team.