My accountGet Surfshark
Research
Published:Oct 7, 2025

Digital democracy|Digital privacy

Is your messaging app private and secure?

Surfshark's study of popular messaging apps reveals how each platform commits to our privacy and security. While some messaging apps are highly committed to user privacy, their efforts might not be sustainable in the long run. The situation could change soon, as the EU is currently proposing a Child Sexual Abuse Regulation, known as Chat Control. It seeks to introduce rules that would require providers to scan private communications or implement lawful access to encrypted services.

While the goal is to address serious crimes online, such measures would weaken the security of digital communications and create risks for ordinary users, vulnerable groups, and businesses. Nonprofits, civil groups, and privacy-focused businesses are widely advocating against the so-called Chat Control regulation:

“Having end-to-end encryption for communication and other digital services is just essential hygiene. Without it, all other efforts by apps to protect user privacy and security become largely meaningless. Proposals to introduce message scanning would inevitably create vulnerabilities that malicious actors could exploit. There is no such thing as partial encryption: either it is intact, or it is broken. Therefore, weakening encryption risks undermining trust in Europe’s digital infrastructure and setting a dangerous global precedent,” says Vytautas Kaziukonis, CEO at Surfshark.¹

Current state of messaging app privacy

  • Nine out of the 10 popular messaging apps have end-to-end encryption. Signal and iMessage both offer quantum-secure cryptography, providing an even higher level of security.² However, for Apple's Messages app, end-to-end encryption is only effective between Apple devices. When messages are sent to Android devices, they are converted to SMS/MMS — which aren't end-to-end encrypted — meaning they're vulnerable to third parties potentially intercepting and reading them during transmission.³ Notably, Discord is the only messaging app among those analyzed that does not provide end-to-end encryption for text-based messages.
  • However, the EU is moving forward with the Chat Control proposal, which is set for a vote on October 14, 2025, sparking fears that end-to-end encryption services could disappear from Europe. At the time this study was conducted, seven countries, with 260 Members of the European Parliament (MEPs) representing 36% of the EU population, remained undecided on their position. Among these was Germany, which has the largest number of MEPs (96). Meanwhile, eight member states opposed the proposal, while 12 countries expressed their support, including France, which is the second largest by MEP count with 81 MEPs. However, it's important to note that countries' positions are constantly changing.
  • Considering the level of encryption and other analyzed factors, Signal ranks at the top for its commitment to minimizing user privacy risks, with a score of 0.99. As one of the most downloaded messaging apps in 2025, it stands out by collecting minimal data — specifically just phone numbers, which are used solely for app functionality, as noted in the App Store. Furthermore, Signal completely avoids user tracking. By employing quantum-secure cryptography to protect communications and avoiding AI features that could potentially compromise privacy if misused, Signal ensures that users’ conversations remain as private and secure as possible.
  • LINE ranks at the bottom with the lowest score, followed by Discord, Rakuten Viber Messenger, and Messenger by Meta Platforms, all of which fall below the average score of 0.52 for the analyzed apps. According to information in the App Store, LINE, Discord, and Rakuten Viber Messenger are the only apps that may collect data for user tracking. Meanwhile, Messenger by Meta Platforms is notable for declaring that it may collect an extensive range of data types — 30 out of 35 listed in the App Store — for purposes beyond app functionality. These potential uses include, but are not limited to, advertising, product personalization, or analyzing user behavior.
  • In our study, 90% of the analyzed messaging apps offer AI features, which could potentially increase privacy risks. For example, AI might be used to summarize private conversations or translate personal messages. While these features may offer benefits, they also raise concerns about granting access to information that should be private and visible only to the sender and receiver. Additionally, users can integrate AI assistants into ongoing conversations with others or even engage with AI as a friend. However, it's crucial to understand that users aren't just sharing information with a virtual friend, but they're actually providing data to the company that owns the app or the AI service.

Methodology and sources

For this study, 10 iOS messaging apps were examined: the pre-installed Apple Messages App — which is likely used by most Apple device owners due to its default presence — and the top nine most downloaded apps in 2025, according to data provided by AppMagic.⁴ The selection criteria from AppMagic included the category (Social Networking), tag (Messenger), geography (Worldwide), store (iPhone App Store), and year (2025).

To evaluate the privacy practices of these apps, five criteria were selected. First, the type of encryption employed, whether quantum-secure or not; second, the number of data types the app may collect; third, whether the app collects data for user tracking; fourth, the number of data types may be used beyond app functionality purposes; and fifth, whether the app integrates AI features. These factors illustrate each app's privacy-related activities and contribute equally to the final score. The scores of each analyzed app were then categorized into five levels, ranging from high to low, to indicate their commitment to user privacy and security.

For the complete research material behind this study, visit here.

Data was collected from:

Fight Chat Control (2025). Member State Positions;Apple (2025). App Store.

References:

¹ Surfshark (2025). Defending encryption means defending our privacy;² Apple Security Engineering and Architecture (2024). iMessage with PQ3: The new state of the art in quantum-secure messaging at scale;³ Apple (2025). What is the difference between iMessage, RCS, and SMS/MMS?⁴ AppMagic (2025). Top Free Apps.
The team behind this research:About us

Related articles:

X: the most location-hungry social media app
Digital privacy | Aug 19, 2025

X: the most location-hungry social media app

All top social media apps may collect data related to user location. X stands out by collecting both coarse and precise location data for all listed purposes in the App Store.
Car apps: the hidden data exchange
Digital privacy | Jul 1, 2025

Car apps: the hidden data exchange

Analysis uncovered what data 10 major car brand apps collect, with Mercedes-Benz’s app leading by gathering 17 different types of user and vehicle data.
Grindr and Bumble top the list of the most data-hungry dating apps
Digital privacy | Jun 19, 2025

Grindr and Bumble top the list of the most data-hungry dating apps

All analyzed popular dating apps collect your location, name, phone number, photos or videos, user and device IDs, purchase history, and other sensitive information.