Now more than ever, video call apps have become a cornerstone of society. But as apps gain popularity more and more should users expect security issues as the developers struggle to keep their security and privacy policies updated – we saw it with Zoom, and we will continue to see it with other platforms.
Security flaws in these apps could expose your personal data or private conversations to eavesdroppers and trolls.
Now, non-profit security researcher Mozilla evaluated the 15 most used video call apps including Zoom, Signal, Google Hangouts, Houseparty, Skype, and Microsoft Teams, and evaluated them based on their security.
“It’s more important than ever that this technology be trustworthy,” Mozilla’s VP for Advocacy Ashley Boyd says in a statement. “The good news is that the boom in usage has put pressure on these companies to improve their privacy and security for all users, which should be a wake-up call for the rest of the tech industry.”
The following are the 5 apps that Mozilla evaluated as least safe for users in terms of privacy and in-app security:
5. FaceTime
If you’ve ever video chatted iPhone-to-iPhone, chances are you used FaceTime. Apple’s video calling app is installed on all its devices by default, meaning FaceTime options get prime placement. FaceTime meets Mozilla’s most basic requirements, end-to-end encryption, frequent security updates, etc., but the app is marked as unsafe for not requiring a password for person-to-person calls.
This means anyone on Earth can call your phone – and if you answer – you can see whatever they want to show you.
4. WhatsApp
WhatsApp is one of the most popular messaging clients in the world with over 2 billion users worldwide. The app is encrypted by default with end-to-end encryption for both messages and calls, which is good for your privacy.
It’s also owned by Facebook which means Facebook can access the personal data WhatsApp collects on you whenever it wishes. The app also doesn’t require a password for its video call function like FaceTime.
3. Discord
Discord is more of a community with video call features built-in than it is a stand-alone video call app. Initially a place for gamers to meet, chat, and share, Discord has grown to over 100 million users and its communities now include everything from book clubs, dance classes, study groups, anime, music, and more.
Mozilla notes that Discord’s privacy requirements are especially lax – its researchers were able to set “111111” as a password. Which would be hard-cracked in seconds by any cybercriminal with the right tools.
A Discord spokesperson told Business Insider that the company is actively working to remedy these issues and has even partnered with Mozilla “to ensure they have all the information regarding our privacy and security features.”
“Regarding passwords, we have updated our settings to prevent passwords that aren’t complex enough or that have been previously compromised by another service from being used,” the Discord spokesperson says.
2. Houseparty
Houseparty has emerged from amongst the smoke and miasma of apps as the world settles into the peri-pandemic life. Mozilla notes that it has become one of the most downloaded video call apps since the pandemic started.
The app is owned by Epic Games, maker of the popular video game Fortnite, this isn’t a work-from-home video call app. Houseparty is designed for hanging out with friends, playing games built into the app, and integrating with Snapchat.
Although popular, the app did not meet Mozilla’s basic privacy standards. The password requirement was 5-letter minimum and the password ‘12345’ was accepted when tested by Mozilla’s researchers.
Like with Discord, Houseparty has also said that they are working on improving security.
“Houseparty maintains industry-trusted encryption and security measures to protect customer data,” the spokesperson said. “We are continuously reviewing and improving security practices at Houseparty and remind all of our users it’s a best practice to use strong passwords,” a spokesperson says.
1. Doxy.me
According to Mozilla, Doxy.me, a telemedicine platform used by doctors and therapists, is the least secure video calling app. It got the lowest marks of Mozilla’s evaluation because it’s only hosted through web browsers – meaning security falls to browsers, rather than an in-house app – it’s unclear how Doxy.me manages potential vulnerabilities, and its password requirements are low.
“Our researchers found that the weak password ‘123’ was an acceptable password,” Mozilla says. “This is all a bit frightening for a video call app targeted at doctors, therapists, and their potentially vulnerable patients.”
Brandon Welch, Doxy.me’s founder says that the company is in the process of increasing its password requirements. The company doesn’t store any information – only hosts video calls – so it prioritised usability over maximum security for patients, Welch says.
He adds that most doctors verify new patients’ identities by asking for information like their date of birth, similar to traditional doctor’s offices.
Edited by Luis Monzon
Follow Luis Monzon on Twitter
Follow IT News Africa on Twitter
