Are text messages secure? No, and here is why

Anton P. | May 30, 2023

Are text messages secure? Nowadays, it is one of the least safe ways to communicate on mobile phones. Standard messaging relies on older technology that does not focus on security and privacy. 

One of the problems is that mobile service providers can read every message sent. Furthermore, standard SMS is more vulnerable to hackers intercepting the messages you send. 

Are text messages secure for everyday use?

Why SMS text messages are unsafe

All smartphones have instant messaging services that let you send messages based on your mobile plans. 

It is universal, and you do not need to install apps or check which device your friends have. However, users do not get secure messaging when sending SMS. 

So, let’s answer are text messages secure question through its biggest flaws: 

  1. SMS messages are not encrypted

The fact that SMS messages aren’t encrypted is one of the main risks. It opens text messages to various dangers: interception, lack of privacy, and other abuse. 

  1. SMS use SS7 

SS7 stands for Signaling System Number 7. After appearing in the 1970s, this set of protocols still manages how users send and receive SMS. 

And while 3G or 4G does improve messaging, SS7 stays in the picture. Thus, this does not secure SMS messages to the point where abuse could stop. The latter abuse refers to eavesdropping, SMS interception, or SIM swapping

  1. Your mobile service provider can read your messages 

SMS messages are not only unsafe but also not private. For instance, your mobile service provider can read them and send them to third parties. Over the years, providers have shared SMS messages with aggregators, governments, and law enforcement.

So, if you dropped Facebook Messenger for SMS, you have only changed the party that can read messages. 

  1. Unsafe two-factor authentication via SMS

Two-factor authentication is one of the essential account protections. However, receiving unique codes via SMS messages is not safe. 

Due to flaws in SMS, hackers could intercept 2FA messages. Then, they could retrieve secret tokens to access accounts.

  1. SIM swapping attacks threaten SMS

SIM swapping allows attackers to obtain victims’ phone numbers and initiate communication with them. Someone could use your phone number to send phishing SMS. In other cases, SIM swapping could intercept 2FA code messages. 

How to secure text messages on Android or iPhone 

Your cell phone typically sends SMS messages using the standard, unsafe method. However, there are manual options for introducing more security features to SMS: 

  • iMessage on iPhones

iMessage improves the standard Messages app only for chats between Apple users. Apple users. Thus, messages between two iPhones are end-to-end encrypted (E2EE). However, if an iPhone user messages an Android user, their chat happens over standard SMS. 

While iMessage improves SMS, it does not address the unsecured nature of 2FA codes. Furthermore, it is best to disable iCloud backups for messages. Lastly, it is unfortunate that only Apple users can send encrypted messages. 

  • RCS on Android phones

RCS or Rich Communication Services add end-to-end encryption to Android messages. If you have enabled RCS, you will notice the following: 

  1. A padlock next to the name of the person. 
  2. Each message timestamp has a padlock. 
  3. A padlock next to the send button. 

Both users in the conversation must have RCS enabled and run the latest messages version. 

Secure alternatives to SMS messages 

It is best to use SMS messages as little as possible. Instead, opt for internet-based third-party messaging apps. Users have many options available, from encryption by default or encryption on demand. 

Here are some top choices when it comes to messaging on Android, iOS, or other operating systems: 

  • Signal is likely the most private and secure option available. End-to-end encryption is on by default. 
  • Telegram is also one of the options, but remember, it does not offer encryption by default. You can get E2EE via the Secret Chat feature. 
  • WhatsApp ensures that chats with other WhatsApp users are end-to-end encrypted. However, its relation to Facebook pushes some users away. 
  • Viber also offers end-to-end encryption, but users must have at least Viber version 6.0. 

Last tips for SMS security 

SMS messages should be a last resort for communications. However, if you use it, try not to reveal sensitive information in them. Furthermore, read messages you receive with caution. SIM swapping or redirection strategies could target you with fraud. 

If possible, use special 2FA apps for receiving tokens. They are much more secure than the SMS option. 

Lastly, remember that no online communication is immune to attacks or mistakes. Thus, take necessary precautions like installing a VPN. Then, all your internet traffic gets encrypted, safeguarding your activities in case things go wrong.

Browse safely & anonymously with a VPN

Browse safely & anonymously with a VPN

Encrypt your internet traffic and defend against online snooping, hackers, governments, or ISPs.
Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.



© 2024 Atlas VPN. All rights reserved.