- Nine of the top 10 messaging apps offer end-to-end encryption, but 90% now have artificial intelligence tools that could expose your private data.
- Signal ranks as the most private messaging app as it uses quantum-safe cryptography and collects only your phone number.
- Meta’s Messenger and LINE are among the worst offenders for aggressive data collection, collecting large amounts of user information for advertising and tracking.
We trust messaging apps with our most intimate conversations, from sharing passwords with family to venting about our bosses. However, while we naturally assume our private chats remain private, a disturbing new analysis reveals that your favorite app could be collecting your data right under your nose.
A recent study by cybersecurity company Surfshark took a close look at the 10 most popular iOS messaging apps of 2025. Researchers looked beyond basic marketing promises and examined encryption standards, data collection practices, and the progressive introduction of artificial intelligence features.
The good news is that basic security is becoming an industry standard. 9 out of 10 apps analyzed provide end-to-end encryption (E2EE)meaning that no one, not even the app developer, should be able to intercept and read your messages.
If you combine a secure messaging platform with a reliable VPN to encrypt your broader web traffic and hide your IP address, your daily communications will generally be safe from prying eyes.
The bad news, however, is that aggressive data collection and poorly implemented AI integrations are quietly undermining these encryption efforts.
The best (and worst) messaging apps for your privacy
When it comes to treating your data with respect, the messaging market is very divided. Surfshark evaluated 35 specific types of data listed in Apple’s App Store to see exactly what these companies are collecting.
The best: Signal
With an exceptional privacy score of 0.99, Signal easily takes the crown. It completely avoids user tracking and only collects one piece of information: your phone number.
Along with Apple’s iMessage, Signal is also one of the only apps to offer quantum-secure cryptography, future-proofing your messages against next-generation cyber threats.
The worst: LINE and Messenger
On the other end of the spectrum, LINE comes in last with the lowest privacy score. Both LINE and Meta’s Messenger are known for their data-hungry practices.
While an average messaging app collects 17 types of data, Meta’s Messenger collects a staggering 32 out of 35 possible types of data.
Additionally, 30 of those types of data can be exploited for purposes completely unrelated to the app’s functionality, such as targeted advertising and product personalization.
The laggards: Discord and Rakuten Viber
Discord stands out as the only app in the study that does not provide end-to-end encryption for text messages at all. Along with LINE and Rakuten Viber Messenger, Discord is also one of the few platforms that actively collects data specifically for user tracking.
The growing risk of AI in your private chats
While encryption keeps hackers out, the widespread adoption of artificial intelligence tools is creating entirely new vulnerabilities. An amazing 90% of messaging apps analyzed by Surfshark now offer some form of AI integration.
Whether it’s a virtual assistant summarizing a long conversation or an AI bot translating a message, these features require access to your conversation data. You’re not just talking to a helpful virtual friend; you are sending data directly to the service provider.
Highlighting this threat, researchers from New York University and Cornell University warned in the Surfshark report that “AI capabilities are developing at a rapid pace, posing significant security risks to users of E2EE applications.”
Ultimately, technology can only protect you to a certain extent. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) recently issued warnings about phishing campaigns specifically targeting secure platforms like Signal.
If a hacker tricks you into handing over your login credentials, no amount of quantum-secure encryption will keep your contact lists and private messages safe.
Do you want to know more? You can read the full Surfshark report here
