• 首页
• 通信

Use messaging apps more securely

更新 25 June 2025

Widely used for informal and real-time communications, messaging apps allow for an immediate exchange of text and voice messages, as well as for file sharing, voice and video calls and group chats and meetings.

As popular and widespread as they are, many messaging apps have privacy and security issues that can expose your most important communications to several risks - for example your messages could be tampered with or accessed by unauthorized third parties. It is therefore a good idea to reflect on your needs and goals before you decide whether you should use a messaging app for specific information and what apps you should or should not use for exchanging sensitive details.

In this guide you will find a series of questions you can ask yourself to make an informed decision on what tools are best for your real-time communications purposes, together with recommendations on how to choose the best apps for your specific needs and use them in the safest way.

To decide how sensitive your communications are and whether you should use a messaging app or a different communication channel for your particular needs, read our guide on how to protect the privacy of your online communications.

Assess your needs to decide what tool works best for you

Answer the questions included in this section to decide what messaging apps you can use for your real-time communication needs.

1. What do you need to exchange?
   • While some apps only allow to chat in text form, most messaging tools also make it possible to exchange voice messages, files, images, videos, emoji and stickers. In some cases you can also use them for audio and video calls, both with another person or with groups. The choice of the messaging tools you use should depend on how you need to communicate.
2. Do you just need to chat with individuals or do you need to communicate with groups?
   • If you need to share sensitive information with single individuals, most instant messaging tools will probably work for you, but if your communications also revolve around groups, you should look for apps that allow for group messaging and find out how large these groups can be (skip to point 9 to reflect on your group chats).
3. Do you or the people you communicate with have specific technical requirements for accessing the messaging service?
   • Can you access the chat apps you would like to use from all the kinds of devices and operating systems you and your interlocutors use?
   • Can you install an app or other software in your devices?
     • If you can, make sure you trust the software and provider of the messaging tool before you install it (see point 7 to reflect on how to trust an app).
     • If you can't trust the app or you cannot install it in your system, check if the messaging tool can also be accessed through a browser and consider using the web interface through a secure browser instead.
4. Does the messaging tool you would like to use require registration? Are you willing to register an account? Would you and your friends or colleagues be ready to use an email or a phone number to register?
   • If you need to hide your identity, consider using a messaging tool that doesn't require a phone number or email address. If a contact is needed, at least choose a tool that allows you to register with an email address rather than a phone number, and create a separate email for the registration. If possible, privilege tools that are based on decentralized connections.
   • Learn more on how to chat anonymously in our guide on how to anonymize your connections and communications.
5. Do you need to protect your messages with end-to-end encryption?
   • If you need to share sensitive information in real time, and are not self-hosting your messaging tool in your own servers, you should make sure that your messages are protected by default through end-to-end encryption or that, at least, end-to-end encryption is a feature that you can enable for your most sensitive conversations.
   • If you need to share sensitive information with groups, make sure that group chats can also be protected through end-to-end encryption.
   • If you are going to use a messaging app for voice or video calls where you will share sensitive information with individuals or groups, make sure that these can also be protected through end-to-end encryption. In alternative, choose a tool hosted by you or by someone you trust.
6. Can you set your conversations to disappear automatically after a certain period of time?
   • If you are going to exchange sensitive information with individuals or groups, make sure that the messaging tool you will use allows for the conversation to be automatically deleted on all the receiving devices after a certain period of time. This way, if a device is lost, stolen or seized, nobody will be able to access important information that was shared with the owner of that device.
7. Can you trust the provider of the messaging app? Even if the messaging tool you are going to use offers all the features you need, it is crucial that you can trust the provider of that tool to respect your privacy and the confidentiality of your communications. In particular ask yourself:
   • What's their mission? – To be sure a messaging app is trustworthy, the first thing you should research is the goals behind it: was it created to offer a secure communications platform or with commercial purposes? And if it is a commercial service, what's the company's business model?
   • Does it store data? – Whether your messages are protected through end-to-end encryption or not, most messaging apps still can access a lot of information about you and your network of contacts. Ask yourself what data it stores, and for how long. Sooner or later, state authorities will ask a messaging app provider to hand over data on one of its users for some investigation. Especially if the messaging app is managed by a commercial company, it will be bound to collaborate with the investigators if it wants to stay in business. In such cases, the only way they can avoid handing over your data is by just keeping on their servers as little information as possible on your communications and contacts. Check their privacy policy and terms of service to figure out whether they keep logs or not. Also check their history: did they already receive requests for information by state authorities? How did they respond?
   • Where is it based? – Are the provider's headquarters and servers in a place that would comply with a request by authorities from your country? And is that government enforcing human rights and consumer protection? It is important to know whether the provider will respect your privacy and rights, and whether it will be forced to collaborate with your country's authorities, especially if you are using the app to secure communications on activities that your government severely cracks down upon.
8. Can you trust the software? Even if the messaging tool you are going to use offers all the features you need, it is crucial that you can trust the software used for the server, to build the app you install in your devices, and to encrypt your conversations. In particular ask yourself:
   • What software does the app use to encrypt messages?
   • Is the software mature?
   • Are both the app and server based on free and open-source software?
   • Have both the app and the server undergone an audit? – A way of making sure that a messaging app will protect its users' privacy and will secure communications is by checking whether it undergoes regular audits by reputable and independent third parties. Since the protection granted by a messaging app relies both on the software and on the way its servers are configured and managed, the only possible way to check whether it is really secure is by submitting to regular tests. Check whether it undergoes audits, when it was last audited and whether the servers were audited too. If the provider only had their apps audited and not the backend infrastructure, you can't be sure what they do with your data when it goes through their servers.
9. If you need to create groups, ask yourself the following questions:
   • How many people should be able to subscribe to your group chats? Consider that the number of people that can join a group largely depends on the messaging tool you use.
   • Would you like to control who can join the group? Should participants be registered, or would you like them to be able to join without registration?
   • Do you need specific administration and moderation features? For example, would you like to control who can write to the group? Does your app of choice allow for these options?
   • Would you like to just send announcements to a wider audience or to establish conversations where everybody can write, share files, join meetings, etc.? Does the app allow for both kinds of usage?
   • Do you need to exchange sensitive information with the groups? If so, does the app protect group conversations through end-to-end encryption and by automatically deleting messages after a certain period of time?
   • Do you need to use the app for video calls or just for chat features?
   • Will you be able to organize your group conversations by topic? Some communications, especially with groups, follow several different threads, which can be hard to follow in a single channel. Some messaging apps allow you to subdivide your group communications by different topics, so you can follow each conversation in a separate channel and focus on the exchanges that are most important for your work.

Choose the messaging tools that best respond to your needs

Based on your answers to the questions at the beginning of this guide, you can look for the messaging tools that best respond to your needs. Consider that you may want to use more than one messaging app depending on the sensitivity level of your communications.

• If you need to exchange sensitive information through text, voice messages and voice and video calls with one person or with smaller groups, see our list of recommended secure messaging tools.
  • If you're using Signal, learn how to set it up and use it in the safest way.
• If you need to coordinate with one or more groups, also check out our list of recommended collaboration platforms.

Occasionally, you may need to use less secure chat apps, for example because you're working with a group that is already communicating through those platforms. In such cases it's a good idea to review and implement some of the best practices we recommend for the most widespread messaging apps.

• Learn how to protect yourself and your data when using WhatsApp.
• If you're using Google Chat, learn how to protect your data and communications when using Google services.
• If you're using Facebook Messenger, learn how to protect yourself and your data when using Facebook.

Use messaging tools more safely

Whatever messaging app you decide to use for your real-time communications, be sure to follow the recommendations in this section to use them as safely as possible.

Register with a separate identity

• If possible, don't use your phone number to create your account.
  • If you can choose between registering with a phone number and an email address, register through an email address, possibly one that you create on purpose for registering this account.
  • If registration requires a phone number, consider using a different number than the one you normally use.
  • Avoid registering through your account on social media networks like Facebook or Google unless strictly necessary.
• Read more on how to choose a user name.
• Read more on how to create and protect multiple online identities.
• Learn how to chat anonymously in our guide on how to anonymize your connections and communications.

Protect your sensitive chat communications with end-to-end encryption

• Use an app that protects conversations with end-to-end encryption at least for your most sensitive communications.
• If the app you are using doesn't protect by default all conversations with end-to-end encryption, make sure to enable this feature at least for your most sensitive communications.

Verify your contacts' identities

• Try to always verify your contacts' identities through a second safer channel, for example face to face, or through an encrypted email.
  • Some apps, like Signal and Whatsapp, make it possible to confirm your contacts' identity by checking their security number. If another device accesses their account, you will be notified that their security number has changed and should verify them again using a separate communication tool.

Set messages to automatically disappear or delete your chat history regularly

• When sharing sensitive information, use an app that allows for conversations to be automatically deleted from your and your recipients' devices after a certain amount of time.
  • Consider how long you want messages to be visible before they expire. You may have the option to make them expire in minutes, hours or days.
  • Disappearing messages do not guarantee that your messages will never be found! Someone could take a screenshot of the messages or take a photo of the screen using another camera. This risk can be reduced (but not completely prevented!) by setting very sensitive messages to disappear few seconds after they have been read.
• If you haven't set automatic deletion for all your conversations, it's a good idea to regularly delete your chat history manually. Find the option in your app to delete all conversations, or specific ones.
  • If you are going to uninstall a chat app, first delete messages and then remove the app. This will make sure that the messages are deleted and won't stay forever in your or other people's devices.
  • If there is no option to automatically make messages disappear, learn how to remove them manually. Ask your contacts to do the same.

Be careful when receiving links and files

• If you receive a suspicious link that you did not expect, avoid opening it.
  • Read more on what to do when you receive a suspicious link.
• If you receive a file you were not expecting (for example a PDF), contact the sender through a different, secure channel to confirm they wanted to send it to you. Do not open the file until you are sure you can trust it.
  • Read more on what to do when you receive an unexpected file.
• If you really need to share a file through a messaging app, consider uploading the files to a secure file storage platform and sending the download link.
  • Find a list of recommended file sharing platforms in our page on communications tools.

Use group chats more safely

Control who is connected to your group chat

• When creating a group chat, make sure to only assign admin rights to contacts you have verified beforehand.
• Know who you are inviting to join your group chat.
  • Confirm the email addresses, phone numbers or usernames you are sending an invitation to.
  • Do not share invitations on public social media.
  • When you join a chat, do not assume you know who is connected only by reading the screen names. It is not difficult for someone to enter another person's name as their username and pretend to be them.
  • Confirm in another channel (like a secure private chat or email) that the people in the group chat are who their screen names say they are.
  • Take screenshots to collect evidence for later analysis and legal actions against unwanted participants.
  • Remove anyone you do not wish to have in the conversation.
• If removing or blocking someone does not work, start an entirely new group. Double-check the list of phone numbers, email addresses or usernames you are sending invitations to, to make sure they are correct for the people you want in the conversation. Contact each person through a different, trusted channel to confirm their identity (for example, using a secure voice or video call through a channel different from the one you are using or perhaps even a regular insecure phone call if appropriate in the situation).

Review group members' privileges

When creating a group chat, check the settings of the groups to decide whether certain privileges should be assigned only to admins or to everyone. For example you can decide that only selected people can write, send voice messages, add or remove members, see members' names and so on.