- Nine of the top ten messaging apps offer end-to-end encryption, but 90% of them now have AI tools that could expose your private data.
- Signal ranks as the most private messaging app, using quantum-secure cryptography and collecting only your phone number.
- Meta’s Messenger and LINE rank among the worst offenders when it comes to aggressive data collection, collecting large amounts of user information for advertising and tracking purposes.
We trust messaging apps for our most intimate conversations, from sharing passwords with family members to telling off our bosses. However, while we naturally assume that our private chats stay private, a worrying new analysis reveals that your favorite app could be harvesting your data right under your nose.
A recent study from cybersecurity firm Surfshark took a close-up look at the 10 most popular iOS messaging apps of 2025. Researchers went beyond basic marketing promises, examining encryption standards, data collection practices and the creeping introduction of artificial intelligence features.
The good news is that basic security is becoming an industry standard. 9 of the 10 applications analyzed offer end-to-end encryption (E2EE)which means that no one, not even the app developer, should be able to intercept and read your messages.
If you combine a secure email platform with a reliable VPN to encrypt your wider web traffic and hide your IP address, your daily communications are generally safe from prying eyes.
However, the bad news is that aggressive data collection and poorly implemented AI integrations are quietly undermining these encryption efforts.
The best (and worst) messaging apps for your privacy
When it comes to treating your data with respect, the messaging market is sharply divided. Surfshark evaluated 35 specific types of data listed in the Apple App Store to see exactly what these companies are collecting.
Best: Signal
With an outstanding privacy score of 0.99, Signal easily takes the crown. It completely avoids user tracking and only collects one piece of data: your phone number.
Alongside Apple’s iMessage, Signal is also one of the only apps to offer quantum-secure cryptography, protecting your messages against next-generation cyber threats.
The worst: LINE and Messenger
On the other end of the spectrum, LINE ranks at the very bottom with the lowest privacy score. LINE and Meta’s Messenger are known for their data-intensive practices.
While the average messaging app collects 17 types of data, Meta’s Messenger collects an impressive 32 types of data out of 35 possible..
In addition, 30 of these data types can be used for purposes completely independent of the app’s functionality, such as targeted advertising and product personalization.
Latecomers: Discord and Rakuten Viber
Discord stands out as the only app in the study that completely fails to provide end-to-end encryption for text messages. Along with LINE and Rakuten Viber Messenger, Discord is also one of the few platforms that actively collects data specifically for user tracking.
The growing risk of AI in your private chats
Even though encryption keeps hackers out, the widespread adoption of AI tools creates entirely new vulnerabilities. A stunner 90% of messaging apps analyzed by Surfshark now offer some form of AI integration.
Whether it’s a virtual assistant summarizing a long conversation or an AI bot translating a message, these features require access to your conversational data. You’re not just talking to a helpful virtual friend; you send the data back directly to the service provider.
Highlighting this threat, researchers from New York University and Cornell University warned in the Surfshark report that “AI capabilities are being developed at a rapid pace, increasing significant security risks for users of E2EE applications.”
Ultimately, technology can only protect you so far. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have recently issued warnings about phishing campaigns specifically targeting secure platforms like Signal.
If a hacker tricks you into handing over your login credentials, no amount of quantum-secure encryption will protect your contact lists and private messages.
Want to know more? You can read Surfshark’s full report here
