Blog

Why are IM-messengers so unsecure? Part 1

Only 20% of IM-messengers can be called secure enough. 
11 February 2016
Cybersecurity testing
The article by a1qa
a1qa

Only 20% of IM-messengers can be called secure enough. This is what the research of Electronic Frontier Foundation found after checking almost 40 IM-messengers. The research ascertained that only eight messengers were corresponding to all types of security.

Older than the internet

The system of instant messaging arose earlier than the Internet. Although, the definition of IM-messengers appeared only in 1990s, the first collective systems of exchanging messages emerged in 1960s. In the very beginning they were used as notifying systems, but soon they became available for users registered on the same computer.

Online-chats became popular in 1970s. When BBS (bulletin board system) gained its popularity in 1980s, some systems started implementing chats, which in ten years would be called “instant messengers”.

The first messengers with graphic interfaces emerged with the Internet spreading. Finally, internet-pager with ICQ-system of instant messaging was released in 1996. ICQ-system was extremely popular all over the world, because it has such convenient features as networks statuses and file attaching. It was the first instant messenger that corresponded to the definition of “functional”.

With spreading of mobile phones that had cheap Short Message Service, IM-messengers stayed in shadow. But once smartphones were invented, developers started releasing IM-applications targeted on smartphone users. They differed a lot from the first IM-messengers, reminding social networks, where a profile picture could be added, network statuses were enabled, and file attaching was possible. Since mobile IM-messengers used phone numbers as a login, the problem of adding new contacts was now solved: once user added a new contact to their address book, this contact automatically moved to IM-messenger database.

Ad protection

The most popular messengers today are WhatsApp, Viber, Skype, Facebook Messenger and Google Hangouts. All of those apps use client-server architecture and allow creating groups and chats, as well as transferring files and users’ locations.

The same way big cities attract thieves, popular IM-messengers attract internet-robbers. That’s the reason why the app owners, working with big personal data should care about the highest level of security and run through regular application security testing to ensure it.

The more popular the app is the more ads it will have, the more spam it will be flooded with, the more profiles would be hacked and the more personal data would be stolen. How can you protect yourself in those harsh conditions?

To resist ad spammers all of the messengers mentioned above have the function of the black list, where all spammers are moved. However, this measure loses its effectiveness when the user gets phone number. After changing it they receive a new login and new default settings, which means changing security settings. Now the user has to make his black list again manually.

Moreover, even if you block all spammers, ad messages can still be delivered to your inbox. The thing is that sometimes ads can be sent by your real contacts, whose profiles were hacked and used for sending spam. So far IM-clients add all your phone contacts to the messenger treating them as reliable contacts, and criminals can use this feature to send spam from the profiles of user’s friends.

More Posts

black-friday
29 July 2022,
by a1qa
4 min read
Get ready for Black-Friday-to-Cyber-Monday shopping: 5 testing types to include in your QA strategy
What’s your nightmare during Black Friday and Cyber Monday shopping? If it’s a loss of sales, read about the ways to prevent this in the article.
Cybersecurity testing
Functional testing
Localization testing
Performance testing
Usability testing
30 June 2022,
by a1qa
4 min read
App software testing for telecom: What are the common issues telco providers face?
Facing problems with the quality of your telecom software products? Read more in the article and find out the ways to address them.
Cybersecurity testing
Performance testing
Test automation
20 June 2022,
by a1qa
5 min read
Top-quality IoT solutions: 3 problems and ways to solve them
What quality aspects of IoT solutions are predominant to care about and why? Find the answers in the article.
Cybersecurity testing
IoT testing
Performance testing
Mobile app testing
31 May 2022,
by a1qa
4 min read
Mobile app testing guide: win the race with five-star software
Which aspects of mobile apps to test first to produce a really high-quality product? Find the answer to this and other questions related to mobile app testing in the article.
Cybersecurity testing
Functional testing
Mobile app testing
Performance testing
Test automation
Usability testing
19 April 2022,
by a1qa
5 min read
What prevents companies from boosting eCommerce customer experience: 4 common mistakes
Dreaming of a flawless online shopping journey for your users? Explore 4 widespread situations that hamper achieving this goal.
Cybersecurity testing
Performance testing
Test automation
Usability testing
Clutch awards
23 March 2022,
by a1qa
2 min read
a1qa recognized for cybersecurity expertise by Clutch!
The global online review platform Clutch added a1qa to the Top 15 Penetration Testing Companies for 2022.
Cybersecurity testing
Mobile app security
3 January 2022,
by a1qa
4 min read
Cybersecurity testing: 4 best practices to ensure highly safe IT solutions
Find out 4 cybersecurity tips to release highly secure software and protect end-user data.
Cybersecurity testing
Mobile app testing
streaming services
30 November 2021,
by a1qa
4 min read
Ho ho ho! QA to enable crash-proof streaming platforms for Holidays season
Isn’t it high time to forget about the Christmas rush and truly enjoy the pre-holidays season? Read the article about how to put peak-load anxiety behind by applying rigorous testing of your streaming solution.
Cybersecurity testing
Functional testing
Performance testing
Usability testing
19 August 2021,
by a1qa
4 min read
Cybersecurity: Top 5 questions to ask a QA vendor
What information to request from QA providers to get confident in the complete security of your software and protect end-user sensitive data? Read about that in the article.
Cybersecurity testing

Get in touch

Please fill in the required field.
Email address seems invalid.
Please fill in the required field.
We use cookies on our website to improve its functionality and to enhance your user experience. We also use cookies for analytics. If you continue to browse this website, we will assume you agree that we can place cookies on your device. For more details, please read our Privacy and Cookies Policy.