Mozilla rates the video-calling apps; praises FaceTime for ‘holy grail’ of encryption

By

A Group FaceTime call on the Mac.
FaceTime isn't perfect, but it's pretty great for encryption.
Photo: Apple

Video-calling apps are booming right now, but which ones can you trust when it comes to security? A Mozilla report published Tuesday assesses all the major platforms, noting which apps do and do not pass the privacy-conscious foundation’s minimum security standards.

The big takeaway? Most of the top video conferencing apps, FaceTime included, are actually impressively secure. But there are a few outliers.

The report notes that three of the 15 apps it tested did not meet Mozilla’s security standards. These include Houseparty, Discord, and telemedicine app Doxy.me.

Those which passed Mozilla’s standards include Zoom, Google Hangouts, FaceTime, Skype, Facebook Messenger, WhatsApp, Jitsi Meet, Signal, Microsoft Teams, BlueJeans, GoTo Meeting, and Cisco WebEx.

In order to pass Mozilla’s standards, apps must use encryption, provide automatic security updates, require strong passwords, manage security vulnerabilities using tools like bug bounty programs and clear points of contact for reporting vulnerabilities, and have clear privacy policies.

The good, the bad, and the ugly of video-calling apps

Complaints about Houseparty and Discord include their lack of requirements for strong passwords. Doxy.me fared worst of all the tested apps. Mozilla notes that it can only be accessed through web browsers like Firefox, Chrome, and Safari. This puts the onus of security on the web browser, leaving users to keep their browsers updated to maintain security. There is also no requirement of a strong password. In addition, there’s unclear guidance as to how it manages security vulnerabilities. As the report notes: “This is all a bit frightening for a video call app targeted at doctors, therapists, and their potentially vulnerable patients.”

Zoom, despite some of the recent news stories raising security concerns, scored a full 5 out of 5 from Mozilla in terms of hitting all its minimum requirements. This is certainly likely to raise eyebrows due to the growing number of reports about potential vulnerabilities. These include leaking user data and a recent lawsuit filed due to Facebook being allowed to “eavesdrop” on Zoom users’ personal data. On Tuesday, an intelligence analysis from the Department of Homeland Security said that Zoom was a “target-rich environment” for spies and hackers.

Mozilla’s report notes that “To Zoom’s credit, they have acknowledged their mistakes and seem to be working hard to fix them.” However, it also adds a disclosure stating that it has worked with Zoom to “get its privacy and security features right for us” for internal usage.

How does FaceTime measure up?

Apple’s FaceTime, for its part, scored 4.5/5. Mozilla marks it down for the lack of required passwords when making a person-to-person call. On the plus side, FaceTime is one of only two apps (the other being Signal) to use the “holy grail” of privacy standard, meaning end-to-end encryption. End-to-end encryption means that only the people on the call can access its content. No-one — no even the app-makers — are able to listen in.

You can check out Mozilla’s report in full here.