Is your messaging app using encryption? And, actually, do you even care about that?
Even though people have more choices than ever when using mobile messaging apps billed as secure and private, and surveillance and encryption have been steadily in the news for the last few years, some consumers don't seem to really grasp what an encrypted app actually is, and they might not really care that much, according to a new study.
The researchers found that almost 7 percent of the more than 1,500 people they surveyed wrongly believed to be using a secure and encrypted app while, in fact, they were not. Moreover, as the researchers put it, the data they collected suggests that both geeks and non-geeks voluntarily "behave insecurely" when it comes to using messaging apps.
"In general, participants were mostly happy with the level of security and privacy their messengers provided, even if they did not know the real security properties," Google researchers Alexander De Luca, Martin Ortlieb, Iulia Ion, Ben Laurie, and Carnegie Mellon University's Sauvik Das, concluded in a paper presented at last week's Symposium on Usable Privacy and Security (SOUPS 2016).
The researchers conducted the study trying to figure out how much users, both security experts and regular people, cared about security and privacy when choosing and using messaging apps.
As it turns out, when choosing apps, the main motivation is whether other people, mainly "friends," use it, not whether it's secure or private, according to the study.
That explains why the most popular apps for the participants' were Facebook Messenger, WhatsApp, and Google Hangouts, which all didn't use end-to-end encryption at the time of the study. (WhatsApp switched end-to-end encryption on by default just a few days after the study was concluded.)
"I would like to use [a secure instant messaging app] but too few of my friends do," said a participant from Germany.
Another participant said he or she stopped using an (unnamed) app after news of a privacy incident, switching to a more secure alternative. But eventually, he or she had to go back to the original messenger because it's "too dominant" among his friends.
"I would like to use [a secure instant messaging app] but too few of my friends do."
The good news for the privacy-conscious is that some people seem willing to use additional messengers, even more secure and less popular ones, if some of their friends ask them to, the researchers found.
The study consisted of an online survey of 1,510 Android users from US, UK and Germany, and in person interviews with 31 people, half of which were "IT-security experts."
Other than popularity, the other reason why the participants said they don't use encrypted apps is that they consider them not as usable or reliable as regular apps. For many, the fact that apps delivered messages reliably was more important that the fact that messages were encrypted.
While the study is just a limited peek into the minds of regular users, it underlines the fact that regular users won't be bothered to use a specialized encryption app unless it's widespread among their friends, and that it's likely there will be a greater impact on consumers if encryption is added to apps that already popular, as WhatsApp did.