Kaspersky Labs was given access to the initial findings and senior security researcher Roel Schouwenberg responded with little surprise. He said that many IM services have unencrypted chat traffic and he has seen some apps with unencrypted login even over Wi-Fi.
“With IM and social media services it's convenience that matters most. The desire from the general public to have better security and privacy is relatively recent. There's no easy solution here.
“To fix these problems users can start demanding better privacy guarantees. Hopefully, it will become a competitive advantage for those companies with a strong focus on these issues,” he said.
Schouwenberg recommended that anyone with privacy concerns should look to a privacy plug-in.
One such plug in is the Off-The-Record (OTR) protocol developed by researchers at the University of Waterloo in Canada. On Android, the OTR client of choice is Gibberbot. TelecomAsia contacted Gibberbot’s creators at the Guardian Project and its founder and benevolent dictator Nathan Freitas, has this to say.
“I think it comes down to truth and honesty. If this is the way LINE functions, they should be forthright about it, and state ‘encryption is only used on public Wi-Fi networks, and not when on telecom operators 3G networks’. Simple as that, and then the consumer must be informed and can decide. They should understand that these are apps are no more secure than a normal phone call or SMS message, i.e. not secure or private at all.
“Your point about this new generation of apps wanting to avoid the troubles Blackberry had is right on. Blackberry was actually secure, until it was forced to modify their system and architecture. These new apps will do anything to be dominant, and obviously apps like WeChat are developed in contexts where the notion of privacy and security are a joke to begin with,” he said.