Security and privacy of smartphone messaging applications

Purpose - This paper aims to give an overview on a number of selected applications in comparison to a previous evaluation conducted two years ago, as well as performing an analysis on several new applications. Mobile messaging and VoIP applications for smartphones have seen a massive surge in popularity, which has also sparked the interest in research related to their security and privacy protection, leading to in-depth analyses of specific applications or vulnerabilities. Design/methodology/approach - The evaluation methods mostly focus on known vulnerabilities in connection with authentication and validation mechanisms but also describe some newly identified attack vectors. Findings - The results show a positive trend for new applications, which are mostly being developed with security and privacy features, whereas some of the older applications have shown little progress or have even introduced new vulnerabilities. In addition, this paper shows privacy implications of smartphone messaging that are not even solved by today's most sophisticated "secure" smartphone messaging applications, as well as discusses methods for protecting user privacy during the creation of the user network. Research limitations/implications - Currently, there is no perfect solution available; thus, further research on this topic needs to be conducted. Originality/value - In addition to conducting a security evaluation of existing applications together with newly designed messengers that were designed with a security background in mind, several methods for protecting user privacy were discussed. Furthermore, some new attack vectors were discussed.