Proton
Blog
NewsletterSubscribe by RSS

Best WhatsApp alternatives for privacy

Douglas Crawford

Share this page

This post was updated on December 9, 2022

Learn about the best apps like WhatsApp that ensure your online chat remains private.

Tens of millions of WhatsApp users have flocked to more private messaging apps ever since the app revealed it shares personal data with Meta (Facebook)(new window), its owner.

Here we look at apps similar to WhatsApp that genuinely respect your privacy.

What’s wrong with WhatsApp?
What to look for in a WhatsApp replacement
End-to-end encryption
Minimal metadata logged
Open-source transparency
Best apps like WhatsApp
Signal
Telegram
Threema
Wickr Me
Wire
Element (was Riot.im)
Keybase
Choose a chat app for privacy
WhatsApp alternatives: FAQs

What’s wrong with WhatsApp?

WhatsApp uses end-to-end encryption, which means the messages are encrypted on your device and can only be decrypted on the device of the intended recipient. So the actual messages are secure on the platform.

But this does nothing to protect your metadata. That’s information about who you communicate with, from where, at what time, how often, and from which device.

Since WhatsApp changed its privacy policy in 2021, it now shares its users’ metadata and transactional data with Meta, a company notorious for disregarding privacy. If you’re still on WhatsApp, it’s time to switch to something more private.

What to look for in a WhatsApp replacement

Look for the following three characteristics when choosing a private messaging app:

End-to-end encryption

End-to-end encryption is a core requirement for any messenger app that claims to be secure and private. With end-to-end encryption, only you and the person you send a message can read it.

Minimal metadata logged

All messaging apps need to collect some metadata to operate. Choose an app that records minimal metadata and check what it shares with third parties.

Open-source transparency

If an app makes its code public, anyone can examine it to ensure the app is secure. We believe open source is one of the best indicators that an app can be trusted.

Best apps like WhatsApp

Here’s our pick of the best WhatsApp alternatives in no particular order. We’ve limited our choice to open-source messaging apps that use end-to-end encryption (E2EE).

Comparative table showing the key features of the best WhatsApp alternatives
See footnotes below

Signal

Pros

  • Free
  • Very good encryption
  • Almost no metadata kept
  • Protocol independently audited
  • Disappearing messages
  • E2EE text, voice, and video group chat

Cons

  • Requires a valid phone number to register
  • Hosted on Amazon Web Services (AWS)

Signal(new window) uses an end-to-end messaging protocol developed by the Signal Foundation(new window), a non-profit organization founded by cryptographer and privacy activist Moxie Marlinspike.

The Signal Protocol is open source, has been professionally audited for security vulnerabilities(new window), and is widely admired(new window) for its cryptographic strength. 

Because the protocol is so good, it’s used by various third-party messaging apps to provide secure end-to-end encryption for messages. These include WhatsApp, Facebook Messenger, and Skype. But unlike WhatsApp and other third-party apps that use the protocol, the Signal app(new window) is 100% open source. 

Crucially, Signal keeps almost no metadata related to the app’s usage. Only “the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service”. This is a claim that has been proven in court(new window).

However, the app itself has not been audited, and some security concerns(new window) exist around Signal’s reliance on Intel Software Guard Extensions (SGX). In theory, this could result in users’ metadata and data (but not messages) being compromised at the server level. This is a particular concern because Signal uses Amazon Web Services (AWS) to host its infrastructure, which is subject to legal demand from the US government.

Unlike WhatsApp, Signal was designed to replace your phone’s regular SMS messenger app on Android (not on iPhone or iPad). Texts exchanged to other Signal users are end-to-end encrypted, but texts to non-Signal users are not. Signal will warn you when messages are sent unencrypted. 

But Signal announced in October 2022 that it plans to remove SMS support on Android(new window) with a transition period of “several months”.

One of the main criticisms of Signal is that users must register with a valid phone number to match contacts. It should be noted, though, that contacts are stored locally only and cannot be accessed by the Signal Foundation.

In addition to messages, Signal supports disappearing messages, E2EE group voice chats, and now group video chats between up to eight users.

Signal is a non-profit organization that relies on donations to operate.

Telegram

Pros

  • Free
  • Channels for broadcasting messages
  • Bots for managing groups
  • Sync across multiple devices (not E2EE)
  • Polls, stickers, sharing live location, identity management
  • E2EE 1-1 text, voice, and video chat

Cons

  • Encryption concerns
  • Only Secret Chats are E2EE 
  • Group chats (text or voice) are not E2EE
  • Collects lots of metadata
  • No group video chats
  • Requires a valid phone number to register
  • Headquartered in the UAE, which is not known for human rights or privacy from the government (despite having some strong privacy laws(new window))

With over 500 million users, Telegram(new window) is a very popular WhatsApp alternative. A big part of this popularity is the widespread perception that Telegram is highly secure, a perception only heightened by a number of governments, notably Indonesia, Russia, and Iran, trying to block or ban the app.

There are, however, some big caveats regarding Telegram’s security. Regular default “cloud-based messages,” which can be accessed on any of a user’s devices, are encrypted in transit and when stored on Telegram’s servers. But they’re not end-to-end encrypted. Only client-to-client “secret chats” are end-to-end encrypted. Secret Chats are not available for groups or channels.

Security experts have criticized(new window) the open-source in-house MTProto encryption used to secure communications in Telegram (whether E2EE or otherwise), although the new version (MTProto 2.0(new window)) has been formally verified(new window) to be cryptographically sound. The Telegram API and all Telegram apps are open source, but its server-side backend is not. 

Another issue is that Telegram may collect a great deal of metadata(new window) from users: “We may collect metadata such as your IP address, devices and Telegram apps you’ve used, history of username changes, etc.”

On the other hand, Telegram has built its own secure cloud infrastructure distributed across the globe. The encryption keys used to secure the Telegram Cloud are split into pieces and never stored in the same place as the information they protect.

Security considerations aside, a key feature that contributes to Telegram’s popularity is “channels”. Users can create and post to channels that any number of other users can subscribe to. This has proved especially popular in repressive countries like Iran, where Telegram has over 40 million users despite government attempts to block the service.

You can create public channels using an alias and a URL that anyone can subscribe to, making Telegram a powerful tool for organizing resistance and disseminating information. 

Other features that help make Telegram popular include polls, stickers, sharing live locations in chats, and an online authorization and identity management system for those who need to prove their identity. A bots feature assists with managing groups and channels. 

It also offers one-to-one voice and video chats that are fully end-to-end encrypted, but group voice chats are not. Group video calls aren’t supported.

Telegram is funded mainly by public donations (notably from its own founder, Pavel Durov(new window)), although its apps now offer in-app purchases.

Threema

Pros

  • No phone number or email required to sign up
  • Almost no metadata kept
  • Independently audited 
  • Swiss-based with own servers
  • GDPR compliant
  • E2EE group text and voice chat
  • Group polling and distribution lists (Android only)

Cons

  • Not free
  • Relatively small user base
  • No group video calls

Like Proton, Threema(new window) is based in Switzerland, a country with very strong data privacy laws and independent from the United States and European Union. It also owns its own server infrastructure located in Switzerland. 

All Threema’s apps use the open-source NaCl cryptography library(new window) to end-to-end encrypt its messages, and all have been audited by security professionals(new window)

You don’t need an email address or phone number to register an account, and it’s possible to purchase Threema for Android anonymously using Bitcoin. Threema claims this allows you to text and make calls anonymously, and it goes to lengths to ensure that it collects minimum metadata(new window)

The fact that the app is not free is likely to be a pain point for some, but at around US$4.99 (one-time purchase), it’s unlikely to break the bank for most. This may contribute, however, to one of the biggest downsides with Threema: that its user base is relatively small.

The mobile apps feature distribution lists allowing you to send messages to multiple recipients. In addition to fully E2EE group text and voice calls, Threema offers a group polling feature. E2EE video calls are supported, but not for groups.

Wickr Me

Pros

  • Free
  • Built for ephemeral messaging
  • Anti-censorship feature
  • E2EE group text and voice chat
  • No phone number or email needed for signup

Cons

  • Apps themselves are not open source 
  • Security audits are not published
  • No video chat (although available on the free Pro version of the app)

Update December 2022: In June 2021, Wickr was bought by AWS(new window). The company has now announced that it is discontinuing Wickr Me(new window) in December 2023, with new registrations ending in December 2022. It will continue to support enterprise version of the platform.

There are three Wickr(new window) apps, with the free Wickr Me(new window) being the version designed for personal use. The lowest tier of the more Slack-like Wickr Pro is also free, although it requires you to verify your identity at start-up. Wickr Me is funded by Wickr’s premium Pro and Enterprise apps.

No phone number or email is needed to register with the service. Wickr Me places ephemeral messaging front and center, with messages disappearing from both the sending and receiving devices after a set period of time (six days by default). Undelivered messages sitting on Wickr servers are also deleted after this time.

You can also set a Burn-On-Read timer to determine how long a message lasts before self-destructing once it has been read. If it is not read then it will self-destruct at the end of the message timer length. All metadata is scrubbed once a message is opened or expires (whichever comes first).

Wickr advertises itself as open-source software, but there are a couple of major caveats to this claim. The code for the core wickr-crypto-c(new window) end-to-end encryption protocol that underpins all Wickr apps is available on GitHub for anyone to examine, but licensing restrictions mean that it cannot truly be described as open source.

More serious from a security standpoint, though, is that while the core crypto protocol is source-available, the code for the Wickr apps is not. Wickr says that its code has undergone multiple independent security audits(new window), but the full results of these audits are not publicly available.

You can invite up to 10 people into a room or end-to-end encrypted text or voice group chat. Video conferencing is not available in Wickr Me, although it is supported in the Wickr Pro app (including E2EE group chat with all room members).

Wickr is hosted on public server networks, such as AWS, but has partnered with Psiphon to offer Wickr Open Access(new window), a powerful anti-censorship feature.

Wire

Pros

  • Free option
  • E2EE text, voice, and video group chats
  • Syncs across up to eight devices
  • Advanced video conferencing features

Cons

  • Quite a lot of metadata logged (and possibly stored in plaintext)
  • Phone number or email address required to register

Wire(new window) is another service based in privacy-friendly Switzerland. A phone number or email is required to register. To facilitate syncing across multiple devices, however, Wire keeps quite a lot of metadata. 

For years, Wire kept a list of all users a customer has contacted(new window) in plaintext on their servers until an account is deleted. Its privacy whitepaper(new window) now simply states that “server-side logs are only kept for a maximum of 72 hours, for the sole purpose of facilitating troubleshooting, improving the service, and preventing abuse”.

The functional benefit of this is that it allows Wire to work across multiple devices in a way most E2EE messenger apps (including Signal) do not. It’s also worth noting that Edward Snowden recommends Wire (or Signal)(new window).

Wire uses the Proteus protocol to provide end-to-end encryption for text messages. Proteus is an early fork from the code that later became the Signal Protocol. Proteus(new window) and all Wire apps(new window) have been publicly audited.

Voice calls (up to 25 participants) and video calls (up to 12) are end-to-end encrypted using DTLS(new window) with an SRTP(new window) handshake.

The app also has advanced video conferencing features that will appeal to business users, including screen sharing, screen recording, and advanced meeting scheduling.

Wire is keen to push users toward its premium Pro and Enterprise products, but a free version is available with similar features to the Pro app.

Element (was Riot.im)

Pros

  • Free option
  • Server federation
  • “Bridges” for interoperability with other apps
  • E2EE text chat
  • No phone number or email needed for signup

Cons

  • Questions over Matrix server network reliability
  • Not fully audited

All the other messenger apps discussed in this article rely on a centralized server network to function (although, as in the case of using AWS, this can be a highly distributed network).

Element(new window) is instead built on the idea of federation. Users can set up their own servers using the Matrix communications protocol(new window) or connect to Matrix servers that have been set up by other users. Federation has received the support of Edward Snowden(new window) but remains controversial due to the potentially unreliable ad-hoc peer-to-peer nature of such a network.

Matrix servers are interoperable, so any user of any Matrix client(new window) (Element is the most popular) can communicate with any other Matrix user. Matrix “bridges” even allow for communication with the users of other popular messaging platforms, such as Signal, Slack, or even WhatsApp.

Matrix (and thus Element) uses the Olm implementation of the Double Ratchet algorithm(new window), with Megolm used for group communications. All Element apps, plus the Matrix protocol itself, are open source but haven’t been formally audited. But Olm and Megolm have been audited(new window).

An email or phone number is not required to register with Element, although you can add them to make contact matching easier. By default, messages are hosted on a large public server run by Matrix, but you can connect to any Matrix server or set one up yourself in seconds.

All text chats and 1:1 voice and video calls are end-to-end encrypted. Group voice and video calls (which also allow screen sharing) use Jitsi (without E2EE support in Element at present). The Element app is free, but premium plans are available for Element-managed Matrix servers.

Keybase

Pros

  • Free (funding model is unclear)
  • E2EE text chats with support for public and private channels
  • Can connect to people via their social media profiles with PGP verification
  • Syncs across multiple devices
  • Self-destructing messages
  • Stellar wallet
  • 250 GB free storage per user
  • Encryption is not Trust on First Use (TOFU)

Cons

  • Owned by Zoom
  • A lot of metadata logged (much of it shared on a public blockchain)

Keybase(new window) is a free and open-source messenger app (servers aren’t open source) that end-to-end encrypts all texts and files between users. Voice and video calls aren’t supported directly but are possible using a Jitsi bot, which isn’t E2EE.

E2EE group chat, with support for private and public channels or “Teams”, is end-to-end encrypted.

Keybase is notable for allowing you to connect to others using their social media (Twitter, GitHub, Reddit, Hacker News, and Mastodon) identities, which are verified using PGP encryption keys. No phone number or email address is required, and the app syncs across multiple devices. 

The PGP-based end-to-end encryption used by Keybase is solid and underwent a full independent audit(new window) in 2019. Interestingly, Keybase is almost unique in not supporting Trust On First Use (TOFU)(new window) when connecting to servers. This helps to make it resistant to man-in-the-middle attacks.

The app also offers self-destructing messages, bots to automate your Keybase tasks, a Stellar wallet, full PGP support for encrypting and decrypting messages and files, and 250 GB free storage per user.

However, messages are stored on centralized servers (based in the US), which log a worrying amount of personal data(new window). This includes your Team names and memberships, hashed passwords, account activity, your Keybase user ID and your IP address, network activity, and more. Not only is information stored encrypted, but much of it is added (in hashed form) to a public blockchain.

Arguably even more concerning is that Keybase is now owned by Zoom, a company widely criticized for its many privacy issues and security lapses(new window). Zoom may be subject to pressure from the Chinese government(new window). The fact that it’s not clear how Zoom benefits from offering Keybase for free may also be a reason for concern.

Choose a chat app for privacy

As a replacement for WhatsApp as a general-purpose messenger that genuinely respects your privacy, Signal is an obvious choice, although being hosted on AWS servers remains a concern in light of its reliance on SGX. 

The security concerns around Telegram make it harder to recommend as a simple messenger, although its “channels” feature remains a powerful tool for organizing resistance in restrictive countries.

The other apps discussed above all offer useful features that will appeal to those who need them, whether it’s anonymous sign-up, business collaboration tools, or server federation. Element/Matrix is a particularly strong choice for privacy enthusiasts, although its niche user base severely hampers its practicality as a WhatsApp replacement.

An alternative for secure communication is end-to-end encrypted email. Proton Mail is based in Switzerland and open source. And with Proton Mail’s Password-protected Emails, you don’t need to have your recipient using the same messenger service to benefit from end-to-end encryption. You can send end-to-end encrypted messages to anyone who has an email address.

As you take back your privacy in the digital age, anything you do to move more of your personal data behind strong encryption is an important step toward building an internet that puts people first.

WhatsApp alternatives: FAQs

What are the dangers of using WhatsApp?

Since 2016, WhatsApp has shared the vast majority of its users’ transactional data and metadata(new window) with Meta (Facebook). This only came to light in 2021, when WhatsApp issued an updated privacy policy. Existing users had to accept the terms of the policy or lose access to their accounts.

Information shared by WhatsApp with Meta includes your IP address, device ID, operating system, browser details, mobile network information, who you message, how long and how often you interact with them, transaction and payment data, and more.

Is WhatsApp chat private?

Messages in WhatsApp are end-to-end encrypted using the Signal protocol. This means only you and the intended recipient(s) can read your actual messages. So WhatsApp is secure. It does, however, collect a lot of metadata that is damaging to your privacy (see above).

What is the safest messaging app?

Signal is both highly secure and respects your privacy. See the pros and cons of Signal and other apps similar to WhatsApp in the article above.

How can WhatsApp be free?

WhatsApp is owned by Meta (Facebook), which makes a huge amount of money by invading users(new window)privacy to target you with personalized ads. WhatsApp adds to the data Meta knows about you by sending a great deal of metadata regarding your use of WhatsApp to Meta. 

As Signal and some of the other apps discussed in this article show, it is possible to offer a free messaging app without invading users’ privacy in this way.

Return to table

Footnotes:

  1. All Telegram apps are open source, but the backend isn’t. This would not really be an issue if all communications were E2EE, but they are not by default (and no group chat is E2EE).
  2. By default, Telegram chats are not end-to-end encrypted. Only client-to-client “secret chats” are. Secret chats are not available for groups or channels.
  3. The 2015 audit of MTProto protocol was not very favorable. MTProto 2.0 has been formally verified to be cryptographically sound.
  4. Wickr says its code has undergone multiple independent security audits, but the full results of these audits are not publicly available.
  5. The Element apps and the Matrix protocol have not been formally audited. However, the Olm and Megolm protocols that underpin Matrix have.
  6. All metadata is scrubbed once a message is opened or expires (whichever comes first).
  7. Contacts can be added using social media profiles and verified using PGP keys.
  8. Wickr has partnered with Psiphon to offer Wickr Open Access, a powerful anti-censorship feature for its servers.
  9. Element and/or Matrix don’t actually own their own servers, but new Matrix servers can be set up within minutes on any server platform (or can be self-hosted). It is therefore almost impossible to shut down or block access to the Matrix platform. 
  10. Wire is based in Switzerland and all users outside the United States are subject to Swiss law. US users, however, are subject to US law.
  11. Matrix is a community-developed open-source platform whose federated servers can be hosted anywhere in the world. 
  12. Keybase is owned by Zoom, which may also be subject to pressure from China.

Return to table

Feel free to share your feedback and questions with us via our official social media channels on Twitter(new window) and Reddit(new window).

Protect your privacy with Proton
Create a free account

Share this page

Douglas Crawford

Starting with ProPrivacy and now Proton, Douglas has worked for many years as a technology writer. During this time, he has established himself as a thought leader specializing in online privacy. He has been quoted by the BBC News, national newspapers such as The Independent, The Telegraph, and The Daily Mail, and by international technology publications such as Ars Technica, CNET, and LinuxInsider. Douglas was invited by the EFF to help host a livestream session in support of net neutrality. At Proton, Douglas continues to explore his passion for privacy and all things VPN.

Related articles

No email service is completely anonymous. Learn how to send an email as anonymously as possible using private email, aliases, and a VPN or Tor. Do you need to send an email without revealing who you are? Unfortunately, you can’t just sign up for a f
Today, we’re introducing Proton Family, our all-in-one plan to protect your family’s privacy.  When you’re a parent, you do everything you can to prepare for the unexpected and keep your family safe. But extending this protection online is difficult
Starting last year, Google began to increase the number of ads displayed in Gmail. It started with more ads in the Promotions tab on mobile. And now it has grown to include advertising messages between regular emails on Gmail’s desktop site. Gmail u
Fraudsters have many ways to steal your identity and money, but there are simple steps you can take to protect yourself. Given how much valuable personal data we store online, scammers have a strong incentive to try to steal it. With just a few pers
Almost everything on the internet is encrypted these days. And yet data breaches still frequently spill sensitive files into the hands of hackers, and identity theft is a multi-billion-dollar industry. Why? This article explains what’s broken about
The biggest tech companies in the world are quietly lobbying the governments of 14 countries to grant them legal protection from any regulatory oversight. Few people are aware of Big Tech’s plans, shrouded in the secrecy of trade negotiations for th