There are many new messaging apps that claim to be the most secure.
How can we be certain if there is actual encryption and what type of encryption?
Molly, signal, WhatsApp, briar, wire, telegram, Threema.
There are many new messaging apps that claim to be the most secure.
How can we be certain if there is actual encryption and what type of encryption?
Molly, signal, WhatsApp, briar, wire, telegram, Threema.
How can we be certain if there is an actual encryption and what type of encryption.
Unless you have access to the code and have the knowledge to analyze the specific implementation and algorithm for bugs and design errors, you can only rely on what independent and widely acknowledged experts on the topic say. Specifically you cannot rely on claims by the vendor alone, because even with best intentions there are often design errors - cryptography is very complex both in algorithms and in implementation. And while open source implementations are at least open for independent analysis, one should not rely on any claims unless such analysis is actually done by the mentioned experts.
As others have stated, it can be difficult to impossible to validate good encryption implementations, for some definition of good.
Conversely indicators of concern can often be seen, for some definition of concern.
A key (pun intended) indicator is, "Who owns the encryption Key"? Did you create the key or was it created for you? If you didn't create the key and don't control it, then it's not yours. Even this criteria can get murky. For example, Proton Mail derives the encryption key from your password (which you created) and does not save either (they say). Decryption happens only on your client side, but it's via JavaScript they provide. Bottom line is it looks very much like your key but access to it is under the control of Proton Mail.
Another lesser indicator is many-to-many, such as a chat App. While not impossible, it's orders of magnitude more difficult to maintain end-to-end encryption for a many-to-many application. Typically these are implemented end-to-server encryption vice true end-to-end.
If you are only interested in finding if there is some form encryption, you can simply dump the traffic from the app and look at it to see if the contents are encrypted or not following the specs provided by the app (e.g. Telegram or Signal).
In many encryption systems, the algorithm used is actually easy to find so the recipient knows what to use. For example, GPG uses an OpenPGP Symmetric-Key Encrypted Session Key Packet as explained in this question: https://crypto.stackexchange.com/questions/74465/how-does-gpg-know-what-cipher-algorithm-is-needed-for-decryption. The information you're looking for may be simply present in the traffic from the app.
Of course as mentioned by @Steffen Ullrich, this doesn't mean that the algorithm is correctly implemented.
You can connect your phone and computer to same WiFi network and use network traffic analyzing tools such as Wireshark to determine whether or not the packets are encrypted when you send the message, but obviously this will not tell you much about actual implementation (cipher, key exchange etc.). Like others have mentioned, your best bet is to use open-source app which has been verified by experts, or app that is known to be very difficult to break because it has been tried before by experts (eg. Telegram).