During research for the report, the most common free international apps for instant messaging (Facebook Messenger, QQ International, Signal, Skype, Slack, Telegram, Viber, WeChat, and WhatsApp) were each studied in both iOS and Android versions and automatically checked using SolaredAPPscreener, a software solution for static, dynamic, and interactive code analysis.
When it comes to iOS instant messaging apps, the leaders are Signal, Slack and Skype, with Facebook Messenger and WhatsApp snapping at their heels. QQ International and WeChat contained more vulnerabilities than alternatives and thus turned out to be the least secure apps, regardless of OS.
According to the research, all analyzed apps contain vulnerabilities that may be divided into two categories by the way of exploiting:
- Vulnerabilities that increase the risk of compromising information stored on a device (user names, passwords, messages, etc.) and that are usually exploited by malware.
- Vulnerabilities allowing for a Man-in-the-Middle attack when an intruder may, for instance, use public Wi-Fi to gain access to all data exchanged via a messenger.
The research did not involve app decompilation or deobfuscation, with a binary code being subject to static analysis