FBI Warns iPhone, Android Users—Change WhatsApp, Facebook Messenger, Signal Apps: Use encrypted messaging

Reissued on December 10, with new reports about the surge in encrypted messages following the imposition of martial law in South Korea and a stark warning to the United States

Last week, the FBI warned iPhone and Android users to stop texting and switch to encrypted messaging platforms. The news made headlines around the world, and cyber experts urged smartphone users to switch to completely secure platforms – WhatsApp, Signal, Facebook Messenger. But the FBI also issued a serious security warning to U.S. citizens who use encrypted platforms – these apps need to change.

While China has denied involvement in ongoing cyberattacks against U.S. telecommunications networks, describing them as “an excuse to smear China,” government agencies have made it clear that Salt Typhoon hackers linked to China’s Ministry of State Security have infiltrated multiple networks, putting both metadata and actual content at risk.

Encrypted content is certainly the answer, and the FBI’s advice to citizens seems clear, “Use a phone that automatically receives timely operating system updates for responsible encryption and anti-phishing MFA for email, social media, and collaboration tool accounts.”

Almost all reporting on the Salt Typhoon ignores the FBI’s clear warning. “Responsible management” of encryption would be a game changer. Network experts and media outlets have urged SMS/RCS users to switch to messaging platforms that do not meet this definition of “responsible management.”

Due to a surge in demand on launch day, OpenAI suspended Sora’s registration

The FBI has now expanded on last week’s warning, telling me that “law enforcement supports strong and responsible management of encryption.” This encryption should be designed to protect people’s privacy, but it should also be managed so that U.S. tech companies can provide readable content in response to lawful court orders.”

Forbes Daily: Join the more than 1 million Forbes Daily subscribers and get our best stories, scoops and important analysis of the day’s news right in your inbox every day.

By signing up, you agree to receive this newsletter, other updates about the products of Forbes and its affiliates, our Terms of Service (including personal dispute resolution through arbitration), and acknowledge our Privacy Statement. Forbes is protected by reCAPTCHA and applies to the Google Privacy Policy and Terms of Service.

Only three end-to-end encrypted messaging providers are the most important. Apple, Google, and Meta – though Signal offers a smaller platform favored by security experts. The FBI said these “American technology companies” should change their platforms and policies to “provide readable content pursuant to lawful court orders.”

This does not mean giving the FBI or other agencies direct access to the content, but it means that Meta, Apple, and Google should have the means and keys to deliver the content, as long as the court approves it. At the moment they can’t, a situation described by police chiefs and other agencies as “going dark,” which they hope will change.

The onus will be on public opinion and users to drive this change. Fbi Director Christopher Wray said, “The public should not have to choose between secure data and secure communities.” We should be able to have both – and we can have both… Gathering evidence has become increasingly difficult because so much of it now resides in the digital realm. Terrorists, hackers, child predators, and more are all using end-to-end encryption to hide their communications and illicit activities from us.”

This is a dilemma. Apple, Google, and Meta all take advantage of their lack of access to user content. For example, Apple guarantees that “end-to-end encrypted data can only be decrypted on the trusted device on which you are logged into your Apple account.” No one else has access to your end-to-end encrypted data – not even Apple – and even if there’s a data breach in the cloud, it’s still safe.”

“Unfortunately,” Wray said, “this means that even when we have a solid legal process – an arrest warrant issued by a judge based on probable cause – the FBI and our partners often don’t have access to digital evidence, making it harder for us to stop the bad guys… The reality is that we have a completely unfettered space that is completely beyond the reach of legal pathways – child predators, terrorists and spies can hide their communications and operate with impunity – and we have to find a way to address that.”

The problem is that if Google, Meta, or even Apple do have the keys, as has been the case in the past, then the end-to-end encryption enclaves will disappear. How users would feel if Google could access their currently encrypted content when they need/want it. It’s not just about distrust of big tech, it’s also about trust in law enforcement. And, as always, while the debate is one-way in the United States and Europe, the same technological backdoors will exist in the Middle East, Africa, China, Russia, Southeast Asia, and other countries with different views on privacy and state surveillance activities.

The FBI has actually warned users not to send messages on Google and Apple’s own platforms – full encryption doesn’t work across platforms. This makes Meta the world’s leading provider of cross-platform encrypted messaging, while WhatsApp and Facebook Messenger both have user bases in the billions.

In response to last week’s FBI warning and its push to “responsibly manage” encryption, Meta told me, “The best way to protect and secure people’s communications is end-to-end encryption.” This latest attack clearly shows that, and we will continue to make this technology available to those who rely on WhatsApp.” Signal has yet to respond. But it’s clear that the big tech companies still don’t have the will to make any such changes. They have proven willing to fight to protect encryption, even if it means pulling out of some countries and even regions.

But America is different – for this technology, it’s home. If public attitudes change, the debate will change. Politics is fraught with risks without a shift in the public mood, and there is no sign of that yet. Users want security and privacy. End-to-end encryption has become a must-have for iphones and Android, and it’s expanding – as we’ve seen with Facebook Messenger’s recent update – rather than shrinking.

Deputy Attorney General Rod Rosenstein first pushed for “responsible encryption” in 2017, when Trump was still president. “Encryption is a fundamental element of data security and authentication,” he said. “This is critical to the growth and prosperity of the digital economy, and we in law enforcement don’t want to disrupt it.”

But Rosenstein warned that “the emergence of ‘warrant proof’ encryption is a serious problem… The law recognizes that legitimate law enforcement needs can override personal privacy concerns. Our society has never had a system where evidence of a crime is completely undetectable… But this is the world that tech companies are creating.”

In response, the EFF said Rosenstein “should feel bad about his’ responsible encryption ‘demand… The Justice Department says it wants to have an “adult conversation” about encryption. But that’s not the case. The Department of Justice needs to understand that secure end-to-end encryption is a responsible security measure that helps protect people.”

The case against “responsible encryption” is simple. Content is either secure or not. “Anyone’s back door is everyone’s back door.” If someone else has the keys to your content, your content is at risk regardless of the policies that protect its use. That’s why the security community feels so strongly about this – it’s seen as black and white, binary. Seven years on, the debate has not changed. In the United States, Europe, and elsewhere, 2025 seems to be the year it breaks out again.

While the FBI urges citizens to use encrypted messages, not all encrypted messages are created equal. It’s another twist we’ve seen this year, the contradiction between reality and appearances when it comes to user security and privacy. Now the twist is making headlines again – and at just the right time.

The Korea Times just reported that “Telegram installs in South Korea have surged amid fears of the imposition of state censorship under martial law… New installations of global messaging app Telegram have surged in South Korea amid concerns about possible media censorship following the imposition of martial law, data showed on Tuesday.

Telegram is an outlier among the world’s leading “secure” messaging software because it’s not actually as secure as it’s always claimed to be. Unlike WhatsApp, Signal, or Facebook Messenger (or the respective closed iMessage and Google Messages), Telegram does not encrypt content end-to-end by default.

But Telegram has long been considered a secure alternative to other mainstream platforms, a good example of the power of marketing. According to IGAWorks, “Telegram saw 40,576 new installations last Tuesday, the day President Yoon Seok-yeol declared martial law, but the National Assembly reversed the decision within hours.” This is more than four times the 9,016 new installations recorded the previous day.”

Telegram’s security breach reached its peak this year when billionaire CEO Pavel Durov was arrested in France and subsequently reversed his stance on cooperating with authorities, something Telegram had said it would never do. The platform began handing over user data and introducing content monitoring. Ironically, it was Telegram’s security flaws and lack of end-to-end encryption that led to this surveillance.

In a post on his channel at the time, Durov said: “Over the past few weeks, a dedicated team of moderators has used artificial intelligence to make Telegram Search even more secure. All problematic content we found in our search is no longer accessible… To further deter criminals from abusing Telegram Search, we have updated our Terms of service and privacy policy to ensure they are consistent globally. We make it clear that the IP addresses and phone numbers of those who violate our rules can be disclosed to the relevant authorities in accordance with valid legal requirements.”

This is a far cry from how the platform was described in the Financial Times before Durov’s arrest. Durov is trying to present the platform as an alternative to the big privacy-oriented tech platforms, one that is free from government interference. He insisted it was an uncensored safe haven for citizens living under repressive regimes such as Belarus, Iran and Hong Kong.”

Despite the policy change, the Korea Times reported that “Telegram was the most downloaded mobile messaging app in South Korea from last Tuesday to last Friday,” indicating that its reputation remains intact. Telegram ranked fourth on the list of newly downloaded mobile messaging apps in South Korea last month, while Line, a messaging app developed by South Korean Internet portal operator Naver, took the top spot. Many Internet users expressed concern that domestic messaging apps such as KakaoTalk could be shut down or such platforms censored under martial law, saying they had downloaded Telegram as an alternative.”

While Telegram is not fully encrypted by default, another irony is that it is now actually more in line with the FBI’s push for “responsible stewardship of encryption” than its unsavory reputation would suggest. Unlike its blue-chip rivals WhatsApp, iMessage, and Signal, Telegram can provide data when required by law enforcement, and there are no technical barriers preventing it from doing so.

Still, platforms described by the Financial Times as “social media giants or the new dark web” may never be considered good models by the FBI or any other law enforcement agency.

Exit mobile version