“Can Johnny Finally Encrypt? Evaluating E2E-Encryption in Popular IM Applications”
Recently, many popular Instant-Messaging (IM) applications announced support for end-to-end encryption, claiming confidentiality even against a rogue operator. Is this, finally, a positive answer to the basic challenge of usable-security presented in the seminal paper, ‘Why Johnny Can’t Encrypt’?
Our work evaluates the implementation of end-to-end encryption in popular IM applications: WhatsApp, Viber, Telegram, and Signal, against established usable-security principles, and in quantitative and qualitative usability experiments. Unfortunately, although participants expressed interest in confidentiality, even against a rogue operator, our results show that current mechanisms are impractical to use, leaving users with only the illusion of security.
Hope is not lost. We conclude with directions which may allow usable End-to-End encryption for IM applications.