When we sign up for a new app, we regularly share our personal phone number. It’s something we don’t really think about because we do it so often. But it’s actually a privacy and security risk, and not one we should disregard even when it comes to messaging apps with end-to-end encryption. And it’s not only a privacy and security risk – requiring phones numbers causes challenges for BYOD and compliance. But even as messaging apps attempt to move away from relying on phone numbers for communications, the steps they’ve taken are not enough to protect your privacy.
There’s a number of reasons giving your phone number to a messaging app, even one that’s end-to-end encrypted, to sign up creates security vulnerabilities. First, your phone number essentially functions as your ID as anyone who has your number can contact you using it on the app. Second, if someone gained access to your phone number through hacking methods like SIM swapping, they could gain access to your account and even impersonate you. Third, if someone gets ahold of your device or access to your phone number, they could figure out the identities of the people you’re talking toby matching phone numbers to people – even if their names aren’t easily viewable.
On top of all that, there’s the issue of personal data. Your phone number is a form of personal data, which especially complicates using it in a business environment. GDPR requires businesses to protect personal information, which means that businesses often can’t ask their employees for their personal cell phone numbers. Businesses have also moved away from employees using corporate devices to BYOD, which can make communicating without risking data leaks difficult. You might be inclined to turn to an encrypted messaging app – but the rub is that without someone’s cell phone number, you can’t message them. That makes most encrypted messaging apps that you could use for communications useless. It’s important to have access to a messaging tool that does not require knowing people’s cell phone numbers.
While there have been attempts to move away from relying on phone numbers, those attempts don’t go far enough to truly secure communication. Take Signal, for example. Their introduction of Signal PINS means that now your account isn’t only tied to the phone number – but you still need to share your phone number to sign up. The PIN allows you to stay in control of your account even if you lose your phone or have to switch numbers and it can be used to protect your account malicious actors even if they get access to your phone number and try to register your account on another device. But even in these cases the core issue remains – you need a phone number to create an account and this is still a risk factor because your phone number can still be used to identify you – even if it’s an old phone number.
Secure and private communication means not having to rely on phone numbers – at all. Truly secure communications must be divorced from personal information to protect and keep sensitive conversations private. When you sign up for a messaging app in a BYOD context, you should be able to tie your account to a corporate email – and not rely on personal information. When it comes to questions of BYOD, businesses need to be able to communicate with employees without requiring their personal information in order to stay both secure and compliant. Vaporstream makes it simple to communicate without requiring personal information like phone numbers. It provides end-to-end encryption andadvanced content controls that protect against forwarding, copying, or screenshots – making it secure, private and compliant. Learn more about how we protect your privacy here.