The FBI documents, dated July 7, 2021, that have emerged, explain one by one what information can be obtained from which messaging application. We have translated these explanations into Turkish and presented them to you. It seems that the FBI can read all correspondence on WhatsApp.
Unfortunately, it is an undeniable fact that there is no way to fully protect our privacy on the Internet. While we personally or companies try to protect our data and make it difficult to access it, the same effort is made by those who want to access it. Today it’s already been a long time that a topic joked on the internet is actually applicable appeared.
According to an FBI document that Rolling Stone said it had seized, the FBI Reveals that getting data from WhatsApp and iMessage apps is way too easy legally. The document in question also reveals that there are multiple legal ways to seize users’ sensitive information.
Here is the FBI’s resulting document:
The FBI’s non-confidential document, which you can access from this link, does not contain information about the security levels of applications. Instead, for applications what information can be obtained through legal means is explained. When we directly translate the information in the document dated July 7, 2021, the following table emerges:
What information about the user can be obtained from which application?
- iMessage: Subscriber data, message recipient and sender information, device backup, encryption keys, date/time information, recording time information, user’s directory.
- Line: Subscriber data, message recipient and sender information, user’s directory, date/time information, recording time information
- Signal: Date/time information, recording time information
- Telegram: Recording time information
- Threema: Subscriber data, registration time information, date/time information, encryption keys
- Viber: Subscriber data, date/time information, IP address, encryption keys, registration time information
- WeChat: Subscriber data, registration time information, IP address
- WhatsApp: Subscriber data, registration time information, date/time information, user’s contacts, message recipient and sender information
- Wickr: Subscriber data, registration time information, date/time information
When we look at this table, it is clearly seen that the messaging applications with the most secure data are Signal and Telegram.
On the other hand, the legal decisions taken according to the information provided by the FBI allow the FBI to access the following information:
iMessage:
- Message contents are shown as limited.
- With the notification, basic level subscriber information can be obtained.
- 25-day conversations with a target number with an intelligence access decision (18 US Code § 2709) can be seen.
- Pen registration: No information provided.
- Search warrant: Backups of the target device can be accessed, encryption keys are also given if iCloud is used. If the target has enabled messages in iCloud, messages can also be received from here.
Line:
- Message contents are shown as limited (maximum 7 days).
- The suspect/victim’s registered information such as phone number, profile photo and e-mail address can be accessed.
- Usage information can be obtained.
Signal:
- Message contents are not given.
- The date and time of registration of the user is given.
- It gives information about the last time the user was online.
Telegram:
- Message contents are not given.
- No contact information is provided.
- In confirmed terrorist investigations, IP addresses and phone numbers can be submitted to the relevant authorities.
Threema:
- No message content is given.
- The hash of the phone number and email address is served if the user provided this information.
- If Push service is used, Push Token is issued.
- Public Key is provided.
- The recorded date (without time) is given.
- Date of last login (without time) is given.
Viber:
- No message content is given.
- Account creation details and when it was created.
- Message history (date, time, source phone number and target phone number) is available.
WeChat:
- No message content is given:
- It accepts notices and protection letters, but does not provide information about accounts created in China.
- It offers basic information about non-Chinese accounts (as long as the account is active).
WhatsApp:
- Limited message content is given (if the target is using iPhone and has iCloud backups enabled).
- Notice: Basic subscription information is offered.
- Court order: Blocked user information is offered along with basic subscription information.
- Search warrant: Provides information about the registered contacts in the directory and who the target is registered in.
- Item registration: Source and destination information is presented for each message every 15 minutes.
Wickr:
- No message content is given.
- The date and time the account was created is given.
- Information about the type of device on which the application is installed is given.
- Information on the date the application was last used is given.
- It gives information about how many messages there are in total.
- Information such as the e-mail address and phone number associated with the account are given, but these are not given directly, but as ‘External ID’.
- Avatar image is given.
- Limited information is provided about recent changes to account settings.
- Wickr version number is given.
Bottom line, two giant messaging apps that are constantly trying to market themselves on security. iMessage and WhatsApp reveal more of our information than any other messaging app.