T3 explains: What is message encryption and why does it matter?

Keeping your messages locked away

Encryption and user privacy never seems far away from the news headlines these days, as the debate rages on about the extent to which governments and police forces should be able to snoop on what their citizens are up to when they use their mobile phones.

We're not going to get into that debate here, but we are going to explain what encryption is, how it works, why you should take advantage of it, and the safest messaging apps to use if you don't want anyone else digitally eavesdropping on what you've got to say.

The basics of encryption

Although there's some serious maths and science behind it, on a basic level encryption is easy enough to understand - it scrambles data so that only the intended recipient can see it, like the person you're having a WhatsApp conversation with.

Anyone else who comes across that data - like the guy sat behind you at a coffee shop or law enforcement agencies - can't make any sense of it. It's like sending a birthday card through the post with an unbreakable padlock on it, when only the person celebrating his or her birthday has the key: anyone else who comes across that card is out of luck.

Encryption is being used when you visit a website starting in HTTPS (and your browser shows a green indicator in the address bar) - no one sitting in between your computer and that website, physically or virtually, knows what's being said, because all the data gets scrambled. It's pretty much essential for online banking and shopping, and is now often found on web apps for email and social networking too.

App-to-app encryption is the same, just working between apps on a phone rather than between a computer and a website.

How encryption works

Those are the basics, but you can dig a lot deeper if you want to. There are various different types of encryption in use, but most involve the use of virtual keys to unlock messages - only the people involved in the conversation are given the keys, and are therefore the only people that can read the messages.

Encryption also makes use of algorithms, essentially just ways of turning a message into a coded format that can't be understood unless you know the key. Secret codes existed long before computers of course, but we can now encode bits of information instantly and much more securely.

Most encryption today is done via the Advanced Encryption Standard (AES) and an accompanying 128, 192 or 256-bit key: even just the 128-bit version has 300 decillion possible combinations (3 followed by 35 zeroes), so it's rather tough to crack.

Apps and software handle the process of distributing keys and verifying identities between devices and sites. Whenever the issue of a "back door" gets mentioned, it's referring to exactly that - a way of getting in on the communication without a proper key. For now, most tech companies are refusing to provide one, citing user privacy as a priority.

The benefits of encryption

Being able to message friends and family safe in the knowledge that no one else can read your messages - what's not to like?

Encryption protects you from hackers, who might want to steal information you're sending through an app, from government agencies, who might want to spy on what you're chatting about, and from your Internet Service Provider, who might want to scan through your conversations and sell ads against them.

That's not to say everything you send through an unencrypted app is getting sent straight to your ISP or MI5 - there are laws and regulations in place about what data can be collected and what can't. But these rules are shifting all the time, and encryption gives you peace of mind about who's snooping on your communications.

With an encrypted app, even if other people have the authority to look at your conversations, it's not possible, short of you reading out the messages to them straight from your phone. Even the developers of the app can't make sense of the chats you've had with your friends and family.

Apps that use encryption

As you might have realised if you've paid attention to the news lately, WhatsApp is one of the best-known apps currently using end-to-end encryption. Hackers can't see your messages, and nor can WhatsApp's engineers - but that also means governments can't spy on the communications of the people they'd like to get under surveillance.

We're not going to get into the rights and wrongs of that debate here, but WhatsApp isn't your only choice for a fully encrypted messaging service. Signal is another mobile app that comes highly recommended by security experts (including Edward Snowden), and its open source (with publicly available code), so no chance for any shady behind-the-scenes goings-on that users aren't aware of.

Both WhatsApp and Signal are available on iOS and Android, but if you're a loyal iPhone user then iMessage uses very strong encryption too, and will keep your messages safe from prying eyes. Those are the top three apps we'd recommend, making use of the tightest encryption standards at the moment.

Don't think using an encrypted messaging app means you can just forget about phone security though - there are some other key steps you need to bear in mind when it comes to keeping your data and your devices safe.

David Nield

Dave has over 20 years' experience in the tech journalism industry, covering hardware and software across mobile, computing, smart home, home entertainment, wearables, gaming and the web – you can find his writing online, in print, and even in the occasional scientific paper, across major tech titles like T3, TechRadar, Gizmodo and Wired. Outside of work, he enjoys long walks in the countryside, skiing down mountains, watching football matches (as long as his team is winning) and keeping up with the latest movies.