The comparison was last updated on 11/Jan/2021. Please contact me with any updates, if I have made any mistakes. 

 Google MessagesApple iMessageFacebook MessengerElement / RiotSignalMicrosoft SkypeTelegramThreemaViberFacebook WhatsappWickr MeWire
TL;DR: Does the app secure my messages and attachments?NoNoNoNoYesNoNoYesNoNoNoYes
Company jurisdictionUSAUSAUSAUKUSAUSAUSA / UK / Belize / UAESwitzerlandLuxembourg / JapanUSAUSASwitzerland
Infrastructure jurisdictionWorldwide (rollout on-going, unsure of exact locations, most likely Google Cloud regions) USA (Ireland and Denmark planned); iMessage runs on AWS and Google CloudUSA, Sweden (Ireland planned)UK (and potentially all jurisdictions, given it's a decentralised messaging platform)USAUSA, the Netherlands, Australia, Brazil, China, Ireland, Hong Kong, and JapanUK, Singapore, USA, and FinlandSwitzerlandUSAUSA (unsure of other locations)USA (unsure of other locations)EU
Implicated in giving customers' data to intelligence agencies?YesYesYesNoNoYesNoNoNoYesNoNo
Surveillance capability built into the app?NoNoNoNoNoYesNoNoNoNoNoNo
Does the company provide a transparency report?YesYesYesNoYesYesNoYesNoYesYesYes
Company's general stance on customers' privacyPoorPoorPoorGoodGoodPoorPoorGoodPoorPoorGoodGood
FundingGoogleAppleFacebookNew Vector LimitedFreedom of the Press Foundation / the Knight Foundation / the Shuttleworth Foundation / the Open Technology Fund / Signal Foundation (Brian Acton)MicrosoftPavel DurovUser pays / Afinum Management AGRakuten / friends and family of Talmon Marco (it's very unclear)FacebookGilman Louie / Juniper Networks / the Knight Foundation / Breyer Capital / CME Group / WargamingJanus Friis / Iconical / Zeta Holdings Luxembourg
Company collects customers' data?YesYesYesNoNoYesYesNoYesYesNoNo
App collects customers' data?Yes

(Difficult to assess given the app is integrated into Google's greater ecosystem)

(Difficult to assess given the app is integrated into Apple's greater ecosystem)
Health & fitness / purchases / financial info / location / contact info / contacts / user content / search history / browsing history / identifiers / usage data / sensitive info / diagnostics / other dataContact info / contacts /
identifiers /
diagnostics /
user content

(Contact info not sent when using anonymously)
Contact InfoYes

(Information not submitted to Apple Store)
Contact info /
contacts /
Contact info / identifiers / diagnostics

(Contact info not sent when using anonymously)
Location / identifiers / purchases / location / contact info / contacts / identifiers / usage data / user content / usage data / diagnosticsPurchases /
financial info /
location /
contact info /
contacts /
user content /
identifiers /
usage data /
Contact info /
usage data /

(Contact info not sent when using anonymously)
Contact info / identifiers / usage data / diagnostics
User data and/or metadata sent to parent company and/or third parties?Minimal

(mandatory mobile number sent to third party for registration & recovery)

(optional mobile number sent to third party for registration)
Is encryption turned on by default?YesYesNoYesYesYesNoYesYes (if device supports it)Yes (if device supports it)YesYes
Cryptographic primitivesCurve25519 / AES-256 / HMAC-SHA256RSA-1280 (encryption), ECDSA 256 (signing) / AES 128 / SHA-1Curve25519 / AES-256 / HMAC-SHA256Curve25519 / AES-256 / HMAC-SHA256Curve25519 / AES-256 / HMAC-SHA256RSA-1536 & 2048 / AES 256 / SHA-1RSA 2048 / AES 256 / SHA-256Curve25519 256 / XSalsa20 256 / Poly1305-AES 128Curve25519 256 / Salsa20 128 / HMAC-SHA256Curve25519 / AES-256 / HMAC-SHA256ECDH512 / AES-256 / HMAC-SHA256Curve25519 / ChaCha20 / HMAC-SHA256
Are the app and server completely open source?NoNoNoYesYesNoNo (clients and API only)No (apps only)NoNoNoYes
Are reproducible builds used to verify apps against source code? NoNoNoNoAndroid onlyNoiOS and AndroidAndroid onlyNoNoNoNo
Can you sign up to the app anonymously?NoNoNoYesNoNoNoYesNoNoYesNo
Can you add a contact without needing to trust a directory server?N/A, Google Messages uses RCS, which doesn't use a directory serviceNoNoNoNoNoNoYesYesNoNoNo
Can you manually verify contacts' fingerprints?YesNoYesYesYesNoNo (session only, does not provide users' fingerprint information)YesYesYesYesYes
Directory service could be modified to enable a MITM attack?N/A, Google Messages uses RCS, which doesn't use a directory serviceYesYesYesYesYesYesYesYesYesYesYes
Do you get notified if a contact's fingerprint changes?NoYesYesNoNo (session only, does not provide users' fingerprint information)YesYesNo (setting turned off by default)NoIf contact was previously verified
Is personal information (mobile number, contact list, etc.) hashed?N/A, Google Messages uses RCS, which doesn't use a directory serviceNoNoNoMostlyNoNoYesNoNoYesMostly
Does the app generate & keep a private key on the device itself?YesYesYesYesYesYesYesYesYesYesYes
Can messages be read by the company?NoNoYesNoNoYesYesNoNoNoNoNo
Does the app enforce perfect forward secrecy?YesNoYesYesYesNo (session keys do change after being used 100 times)NoYesYesYesYes
Does the app encrypt metadata?NoNoNoYesNoYesNoYesMostly
Does the app use TLS/Noise to encrypt network traffic?YesYesYesYesYesYesNoYesYesYesYesYes
Does the app use certificate pinning?Yes (>=iOS 9.3)YesYesYes
Does the app encrypt data on the device? (iOS and Android only)NoYes (if passphrase enabled)YesYes (if passphrase enabled)iOS: Yes (if passphrase enabled); Android: Yes (if master key set in the app)iOS: Yes (if passphrase enabled); Android: Yes (unsure of function)Yes
Does the app allow a secondary factor of authentication?NoNoNoNoNoNoYesYesNoYesYes (password for account used)Yes
Are messages encrypted when backed up to the cloud?Yes (>= Android P)NoYesN/A, Signal is excluded from iCloud/iTunes & Android backupsYesiOS: Yes
Android: No
N/A, Wire is excluded from iCloud/iTunes & Android backups
Does the company log timestamps/IP addresses?YesYesNoYesYesNoYesYesNoSome
Have there been a recent code audit and an independent security analysis?NoNoNoNo Yes (October, 2014)NoYes (November, 2015)Yes (October, 2020)NoNoYes (August, 2014)Yes (March, 2018)
Is the design well documented?NoSomewhatSomewhatSomewhatSomewhatNoSomewhatSomewhatSomewhatSomewhatSomewhatSomewhat
Does the app have self-destructing messages?NoNoYesNoYesNoYesNoYesNoYesYes

Red = Something of major concern.

Yellow = Something of concern.

Green = Nothing of concern.

Blank = I couldn’t find any information about it.