ItsGeekToMe.co

Q:  I have an iPhone, and I use iMessage for almost everything.  I figured it was safe because of the “blue bubbles.” Hey, it’s Apple, right? But, my brother, who uses an Android, keeps telling me my texts are wide open to hackers. Is he right? Should I be worried about my data being stolen through my texts?

– Name and City Withheld by Request

A:  It seems every time I read the news lately there is another headline about a “sophisticated” data breach or a new zero-day exploit targeting our most personal devices. Just last week, the Cybersecurity and Infrastructure Security Agency (CISA) issued a 21-day warning for a critical iOS update to patch vulnerabilities like CVE-2026-20700 that could allow attackers to execute code and steal data. And yes, this was Apple, so their devices and operating systems certainly aren’t invulnerable to attack like many people seem to think.  Being a good net citizen and Geek, I updated my iPhone immediately, only to find that there was a patch to the patch released within a couple days.  It makes one wonder: in this age of digital surveillance, is any of our data truly safe?

I hate to be the one to break it to you, but your brother is – annoyingly – partially right.  When it comes to the security of your digital conversations, the color of the bubble matters a lot more than just aesthetic preference. But even those blue bubbles have a few “leaks” you might not know about. Let’s break down the good, the bad, and the plain old “unencrypted” of the messaging world.

Let’s start not with the blue bubbles, but with green ones. If you are texting your brother from an iPhone to his Android, you are likely using Short Message Service (SMS) or its slightly more modern cousin, Multimedia Messaging Service (MMS). These kinds of messages are like a postcard sent via snail mail.  Anyone who handles it, to include your cellular carrier, the recipient’s carrier, or a hacker with the right equipment to intercept cellular signals, can see exactly what you wrote.  SMS and MMS were built for a simpler time when security wasn’t even on the radar.  With that said, SMS/MMS are perfectly fine for casual messaging or sending non-sensitive pictures.  But you should absolutely refrain from sending anything private or personal.

So, let’s talk about your blue bubbles.  These are how your iPhone represents Apple iMessages, which are a massive step up because they use End-to-End Encryption (E2EE) by default.  This means messages are scrambled on your iPhone and only descrambled after they have reached their destination: the recipient’s Apple device.  Nothing in between – not even Apple itself – can read the contents of these messages while they are in transit.

There are a few exceptions to this seemingly iron-clad encryption, such as messages to certain businesses, and messages that get backed-up to iCloud.  The major “gotcha” is, of course, that iMessage is only available on Apple devices, so to communicate with non-iPhones, you must find an alternative that is compatible with both platforms, and yes, they do exist.

The gold standard is called Signal.  It’s a non-profit, open-source app that uses the aptly named Signal Protocol, which has been audited by experts for years.  It collects almost zero metadata – it doesn’t even know to whom you are talking, much less what you’re saying.

Then there’s Threema, if you want to be truly anonymous.  Threema doesn’t even require a phone number.  You get a random ID, and everything is stored locally on your phone.

A very popular alternative to built-in messaging protocols is WhatsApp.  Although it is owned by Google’s parent company Meta (which understandably gives some security advocates the heebie-jeebies), under the hood WhatsApp uses the Signal Protocol for encryption.  It’s far more secure than SMS, but it does collect more metadata (such as who you talk to and when) than Signal.

Bottom line: Choices like this are always highly personal, since only you can truly know what your needs are, how sensitive the data you send is, and how secure you want your messaging to be.  Asking questions like this one is a great start so you can get the knowledge you need to make informed choices.  Say, that’s a great segue into a quick reminder that I’m still seeking your reader questions!  Who knows?  Yours may be the next question to appear in this space, even if you won’t let me publish your name.

---

To view additional content, comment on articles, or submit a question of your own, visit my website at ItsGeekToMe.co (not .com!)