Solared APPscreener Checks Security of Popular Messengers

09.08.2017

Solared Cyber Security, a leading cyber security vendor and managed detection and response (MDR) provider, has released a .

During research for the report, the most common free international apps for instant messaging (Facebook Messenger, QQ International, Signal, Skype, Slack, Telegram, Viber, WeChat, and WhatsApp) were each studied in both iOS and Android versions and automatically checked using SolaredAPPscreener, a software solution for static, dynamic, and interactive code analysis.

Remarkably, Android apps proved to be more secure than those running on iOS, with WhatsApp, Slack and Facebook Messenger topping the Android chart. In addition, WhatsApp received an especially high score, with a lack of critical vulnerabilities making it particularly secure, both in terms of user data protection and resilience to Trojan attacks or known exploits. Facebook Messenger and Slack also offer high code quality, with the latter becoming the fastest growing business app of all time.

When it comes to iOS instant messaging apps, the leaders are Signal, Slack and Skype, with Facebook Messenger and WhatsApp snapping at their heels. QQ International and WeChat contained more vulnerabilities than alternatives and thus turned out to be the least secure apps, regardless of OS.

"When researching messenger security, mobile apps are often only assessed in terms of user data security. We were the first company to conduct a comprehensive research of the entire threatscape, from user data interception to app vulnerability to a variety of attacks and known exploits," said Daniil Chernov, Head of Solared APPscreener Team, Solared Cyber Security. "The automatic analysis shows that even though vulnerabilities may be found in most messengers, not all of them can be exploited easily. However, messengers that claim to be highly secure should take any potential threats seriously."

According to the research, all analyzed apps contain vulnerabilities that may be divided into two categories by the way of exploiting:

  • Vulnerabilities that increase the risk of compromising information stored on a device (user names, passwords, messages, etc.) and that are usually exploited by malware.
  • Vulnerabilities allowing for a Man-in-the-Middle attack when an intruder may, for instance, use public Wi-Fi to gain access to all data exchanged via a messenger.

The research did not involve app decompilation or deobfuscation, with a binary code being subject to static analysis