Choosing Mobile Apps

About this learning activity

This is discussion and input activity that will focus on enabling the participants to choose mobile apps for themselves, especially after the workshop.

This activity has 3 stages:

  • Discussion: What are you using and why?
  • Input: Best practices for choosing apps
  • Hands-on Activity: Assessing Messaging Apps OR Hands-on Activity: Assessing Popular Apps

Learning objective this activity responds to

  • an understanding of mobile communication safety from the perspective that mobile phones are our tools for both personal, private and public, movement communications;
  • shared and practiced strategies and tactics for mobile safety to manage the impacts of our mobile communications on ourselves, our colleagues, our movements;

Who is this activity for?

This session may apply to anyone who has ever used a mobile phone, and wants to have a better handle on how to choose apps.

Time required

This requires about 60 minutes.

Resources needed for this activity

  • paper for small groups to write notes
  • White board or large paper for recording shared notes
  • some mobile phones with data and app store capability

Mechanics

Discussion: What are you using and why?

In plenary, ask: What are 5 apps you use the most? What do you use them for?

Get everyone to contribute to the discussion.

  • list down the apps as participants mention them, ask who else uses the apps and mark down the # of users of the app in the room
  • list down their reason for using the app

Then ask: How did you choose them?

  • write down the responses to how they choose the apps and

To synthesise, summarise the reasons and go into the input.

Input: Best practices for choosing apps:

  • Research! Learn about options, learn about which is a trustworthy app. Ask participants to share their methods of research – you could read about it somewhere online/offlline, ask a friend who you know likes to research
  • How do you begin to make sure that it´s a secure app? Who develops it? What is their privacy policy? Is it open source? Has there been incidents of the app being used to get access to systems?

Hands-on Activity: Assessing Popular Apps

Go into the app store and try to find an app that does something common in the context. In an urban setting, maybe a taxi-hailing app, subway system map etc.

How do you choose? Look into (1) what permissions does it ask for (2) who developed it.
There are a lot of apps out there that are copies of popular apps, made to look like something you want like a game or a subway map and they are actually designed to do other things like send your location to someone else. Know the developer, be wary if it wants too many permissions.

Hands-on Activity: Assessing Messaging Apps

Ask the question: What messaging apps do you use the most?

Depending on the answers, go through the list of questions to answer the issue of the app'ss safety and security:

  • Who uses it? Is it easy to use?
  • Who has control over it?
  • Where are your messages stored?
  • Is it encrypted?
  • When it might be good to use it?

In small groups, assess the messaging apps you use the most:

  • identify 2-3 apps that your small group are using for messaging
  • answer the guiding questions

In plenary: Share back, each group share one app until you have shared all of them.

List of messaging apps and considerations:

SMS

  • Everyone uses SMS
  • Mobile company. Particularly risky if there is history of collusion between telco and government, or it´s a government-owned telco.
  • Stored by the mobile company — different retention policies. Messages transmitted to towers between you and the person you are sending the messages through.
  • No encryption.
  • Good for communication of topics that are not risky.

Calls

  • Everyone uses it
  • Mobile company has control over it.
  • Stored in mobile company — metadata, for sure.
  • Example of insecurity: Hello, Garcie! Incident in the Philippines where a phone call between the ex-president, Arroyo, and the head of the Commission on Elections, was intercepted, witnessing the president telling the COMELEC head how much lead she wants in the next elections.
  • Good for communications that are not risky.

Facebook Messenger

  • Anyone with an FB account can use it.
  • Comes with its own app
  • Encryption promised but not verified
  • Facebook owns it
  • Instead of using the FB app, use Chat Secure instead. You can use your FB credentials to chat with other FB users. But for encryption to work, the people you are chatting with also need to be using Chat Secure and communicating with you via Chat Secure.

GoogleTalk

  • Anyone with a Google account
  • Comes with its own app
  • Encryption promised, not verified
  • Google owns it
  • You can use Chat Secure for this as well.

Signal (Recommended app)

  • Run by tech activists
  • End-to-end encryption
  • No cloud storage. You store messages on your phone or on your computer, Signal does not store messages after they have been delivered.
  • Also has encrypted calls
  • Used for sensitive communications

Telegram

  • Popular messaging app
  • End-to-end encryption only for secret chats

WhatsApp

  • Lots of users
  • Facebook owns WhatsApp although the WhatsApp developers promise to safeguard users´ privacy in their Privacy Policy
  • Only stores undelivered messages.
  • End-to-end encryption
  • Good for communicating with a lot of people
  • Still some concern about FB ownership

Wire

  • End-to-end encryption promised, in the process of verification
  • Developed by former Skype developers — of note because Skype once had backdoors for the Chinese government that they built in collusion with that government
  • Has encrypted voice calls

Additional Resources

What is encryption - https://myshadow.org/alternative-chat-apps#end-to-end-encryption-amp-perfect-forward-secrecy
MyShadow - Alternative Chat apps: https://myshadow.org/alternative-chat-apps
Why Signal and not Whatsapp

EFF's Secure Messaging Scorecard - https://www.eff.org/secure-messaging-scorecard

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License