Do you think VPNs encrypt and protect your SMS text messages? It’s tempting to believe that a Virtual Private Network service will help secure standard text messages. It’s a logical assumption, given the marketing from VPN providers. That assumption, however, is wrong.
VPN does not encrypt standard SMS messages. Their 160-character limit makes encryption impractical. Also, VPN encryption only applies to internet traffic. SMS text messages are sent over the cellular voice control channel and are not considered part of standard internet traffic.
There’s more to understand about the 1990s, old-school SMS text messages. Let’s also clarify VPNs and how to encrypt text messages properly.
A Bit More About SMS Text Messages
What is the difference between a text message and an SMS message?
A text message is a generic term for a short set of text characters, words, or several sentences sent between mobile phones or smartphone applications. Generally, there are three types of text messages:
- Standard SMS text messages: These are the oldest text messages and are limited to 160 characters. They are sent over the voice channel of the cellular network.
- Multimedia Messaging Service (MMS): MMS messages can include text, images, videos, and audio files, typically larger than standard SMS text messages.
- Modern text messages: They are sent via messenger services that use the internet to route partially- or fully-encrypted messages between smartphone apps. They are more secure and do not typically have length limitations.
How does a text message travel?
Standard SMS text messages are sent and received through the cellular network. They are transmitted between mobile devices via radio signals and routed through the mobile network operator’s SMS center (SMSC). The SMSC acts as a relay between the sender’s and recipient’s devices, delivering the message to the recipient’s device once it is within range of a cellular tower.
On the other hand, modern text messages, also known as Over-the-Top (OTT) messages, are sent and received through internet-based messaging apps such as WhatsApp, Facebook Messenger, and iMessage.
Instead of being transmitted via radio signals and routed through the SMSC, modern text messages are transmitted over the internet using Voice over Internet Protocol (VoIP) technology. This allows users to send and receive messages, images, videos, and other media through a data connection, bypassing the traditional SMS infrastructure.
Overall, the main difference between standard SMS and modern text messages is how they are transmitted. Standard SMS text messages are sent and received through the cellular network, while modern text messages are sent and received through internet-based messaging apps using VoIP technology.
Are SMS Messages Secure?
Standard SMS messages are transmitted only through one or two private cellular networks and are stored on a centralized server controlled by the cellular network provider. These systems are closed off and have limited access to the internet, making them relatively secure but not completely private.
Are SMS Messages Private?
SMS messages are not private. Short messaging service texts are clear or plain text with no encryption. The content must be logged on several servers as each message part makes its way between phones. The mobile cellular providers keep these logs for varying and undisclosed amounts of time.
MMS Builds On Top of SMS
Multimedia Messaging Service, or MMS, was developed over SMS to send different media types like pictures, audio clips, and even short, low-quality videos.
The MMS standard started in 2009 and increased the size of transmitted data to 300KB. The initial rollouts of the systems were unstable, and MMS messages were expensive and unreliable. Around the same time, mobile internet service became common, and in many markets, it was a better alternative to MMS.
More Space But Still No Encryption
With the increased message size, transmitting encrypted messaging could have been possible. The problem was that each phone would need to standardize how to encrypt and decrypt messages. Establishing a standard for the in-built MMS applications across phone manufacturers was impractical on “dumb phones,” and smartphone app developers have since focused on transmitting encrypted messages across the more-efficient Internet. Bottom line…
There’s an app for that.(tm) Apple, Inc. December 4, 2009
What Are the Uses of a VPN?
There are two uses for a VPN. A trustworthy Virtual Private Network service secures your internet traffic, preventing viewing or tampering with the data. It creates a secure, encrypted tunnel between the user’s device and the internet.
When data is transmitted over a VPN, it is encrypted and decrypted at either end of the tunnel, providing a secure and private connection even over an insecure public network.
A VPN can also allow access to region-restricted online content and websites. It alters the Internet Protocol or IP address the destination online service records. Altering this part of your metadata helps anonymize your online profile or fingerprint.
Why VPNs Can NOT Encrypt Text Messages
A VPN does not encrypt text messages.
A VPN provides security by encrypting your internet traffic from your internet service provider and other users on the same Wi-Fi network.
Since SMS text messages are sent across your mobile phone’s cellular voice control channel, they are not part of standard internet traffic. Your VPN connection is not involved.
While VPNs can provide a secure connection over the internet, they cannot encrypt SMS text messages. If you need to send sensitive or confidential information, it is recommended that you use a secure messaging app.
Alternative Methods To Encrypt Text Messages
The only viable option to encrypt an SMS text message is to use a text-pasting service like PrivateBin, which provides a link to an encrypted message. The link fits within a standard SMS length limitation.
Ideally, users should stop using SMS texts and switch to a modern messenger with end-to-end encryption.
There are a lot of messenger apps on the main app stores. In fact, we have a breakdown of 10 secure messaging apps and how well they deliver self-destructing messages.
Pro Tip: When signing up for an instant messaging service, do not allow the secure messaging app to access your contact list. Provide as little of your real information as possible.
The easiest replacement for SMS and MMS is Whatsapp. While owned by Facebook, the Whatsapp service provides end-to-end encryption for iOS and Android mobile operating systems. It’s a drop-in replacement for the default messaging apps, Android Messages and Apple iMessage.
The sign-up process uses your existing mobile phone number as your account instead of a username. Using a phone number for registration provides a decent level of identity assurance i.e., you’re texting with who you think you are texting. The privacy concern is that the Whatsapp messaging system has metadata on its user base, making only message content truly secure, but this hasn’t detracted from its popularity.
This article from the website Business of Apps notes that as of October 2018, the latest available statistics put
“WhatsApp in the number one spot in a ranking of global messenger apps, with some 200 million more users than Facebook Messenger.”
-Mansoor Iqbal, Updated: February 19, 2019
With 1.5 billion monthly active users (MAU) across 180 countries, it’s pretty clear social proof that Whatsapp is a step in the right direction, but it’s NOT the best for sending encrypted texts.
The most secure replacement for SMS and MMS is the Signal Messenger app when both parties are using the app.
Founded only one year after Whatsapp, security researcher Moxie Marlinspike and roboticist Stuart Anderson co-founded Open Whisper Systems. The company produced several versions of secure communication apps, eventually becoming the Signal Messenger app.
Use anything by Open Whisper Systems.Edward Snowden, whistleblower and privacy advocate
Whatsapp uses Signal’s encryption protocol to secure the transmission, but the important difference is in the transparency of the app and how your data is handled while stored and accessed on your phone.
- The Signal Messenger app is open-source, meaning anyone can inspect and verify its code. This provides an extra assurance that the app is doing what it promises. Whatsapp is closed and proprietary.
- The Signal Messenger forgoes risky features purposefully, not offering data backups or web-based access that might expose your text messages to being intercepted.
The sign-up process is very similar to WhatsApp. As long as both the sending and receiving users have Signal Messenger, the text messages between the two mobile devices are encrypted end-to-end.
I am regularly impressed with the thought and care put into both the security and the usability of this app. It’s my first choice for an encrypted conversation.Bruce Schneier, internationally renowned security technologist
We have a few other mobile messengers listed on our recommended tech page, which are also open-source and provide greater levels of private messaging than Signal. The listed apps include the same data protection functionality (digital certificate verification) and additional features (video and phone calls) above simple text-based communication.
Just like most emails, standard SMS text messages are like postcards. Anyone, from sending, transmitting, and receiving, can potentially read who it’s from, who it’s to, and the message contained within. Security experts agree that it’s time to upgrade to a modern private messenger to protect your user data and online privacy.
Related Questions & Tips
Are iPhone text messages encrypted?
Sometimes. If the sender and receiver use iMessage, then the Apple-only service uses end-to-end encryption to transmit these texts. This is much better than standard SMS, but the system is not completely secure. iCloud backups, including iMessage history, may be accessible by Apple.
How do I remove encryption from text messages?
Removing encryption from text messages will expose your data and make you less secure. If it is important to store unencrypted content, select one or more messages, copy and paste them into a plain-text note, or email them to yourself.
Is Google’s RCS Chat protocol replacing SMS and an answer to iMessage?
Google’s RCS will be a valuable replacement for the standard SMS. The older texting system will be kept as a fallback on Android. Still, the new protocol could leap-frog Apple’s iMessage reaching more users across phone manufacturers and cellular service providers.