DateChangeReason
04/10/2016First release of the site
06/10/2016"Does the company provide a transparency report" for Signal changed from ""No"" to ""Yes"""Open Whisper Systems have effectively published a transparency report
12/10/2016"Does the app have self-destructing messages" for Signal changed from ""No"" to ""Yes"""Signal now supports self-destructing messages
14/10/2016Added initial assessment of Facebook MessengerFacebook Messenger now supports encrypted messages
26/10/2016"Does the app have self-destructing messages" for Wire changed from ""No"" to ""Yes"""Wire now supports self-destructing messages
29/10/2016Moved site to Cloudflare CDN, enabled cachingSite loaded too slowly outside of Australia/NZ
03/11/2016Site now has a maximum width of 1920 pixelsMain table width was restricted on widescreen monitors
06/11/2016Added that the messaging part of Signal is fully open source (client and server); however, the phone call part is not (client only)Clarification
06/11/2016Changed "Can the messages be read by the company?" for Skype from "Very likely" to "Yes"There's enough evidence to suggest that Microsoft can read Skype messages
06/11/2016Added "Does the app use certificate pinning" for Wire to "Yes"Thanks to the Wire team for clarification
06/11/2016Changed "Do you get notified if a contact's fingerprint changes?" for Wire from "No" to "Sometimes"Wire does notify users if they've previously verified the fingerprint; thanks to the Wire team for clarification
06/11/2016Added "Are messages encrypted when backed up to the cloud?" for WireThanks to the Wire team for clarification
06/11/2016Changed "Does the app use TLS to encrypt network traffic?" for Telegram from "Yes" to "No"Telegram uses its own protocol
31/12/2016Happy New Year! The first column is now fixedIt's easier to browse through the table when the first column (app name) is fixed
31/12/2016Added Viber assessmentIt's long overdue
31/12/2016Added "Does the company log timestamps/IP addresses?" for Google AlloIt's pretty clear from Google's privacy policy that they collect this information
31/12/2016Added "Does the app allow a secondary factor of authentication?" for Google AlloThe app doesn't provide 2-factor authentication
06/01/2017Instead of the first column being fixed, the header is now fixedIt's easier to browse through the table when the first header (app name) is fixed
06/01/2017Added "Does the company log timestamps/IP addresses?" for Skype It's pretty clear from Microsoft's privacy policy that they collect this information
10/01/2017Moved the Messenger column so that the apps are rated in alphabetical orderReadability
10/01/2017Added on the About page that Wire can also be used without Google Cloud MessagingThanks to the Wire team for clarification
11/01/2017Clarified in "Ratings" that although Apple encrypt iCloud backups, they have access to the encryption key and can hence read iMessages that have been backed up to iCloudClarification
11/01/2017Changed "Does the company provide a transparency report?" for Threema from "No" to "Yes" Threema does provide a transparency report; thanks to the Threema team for clarification
16/01/2017Added two more investors under "Funding" for WireBoth Janus Friis & Zeta Holdings Luxembourg, along with Iconical, fund Wire
16/01/2017Changed "Infrastructure jurisdiction" from "Switzerland" to "EU" for Wire Wire is hosted in the EU (appears to be in Ireland)
16/01/2017Changed the rating "Does the app use TLS to encrypt network traffic?" to "Does the app use TLS/Noise to encrypt network traffic?" Whatsapp uses Noise for transport layer authentication and encryption; SIgnal probably uses it, too (couldn't find any information to confirm this)
25/01/2017Added a FAQ to the "About" pageI've received a few emails asking similar questions
12/02/2017Changed "Has there been a recent code audit and security analysis?' for Wire from "No" to "Yes" Wire has now been independently audited; thank you to the Wire team and others for letting me know
25/02/17Under cryptographic primitives, I've changed any app that uses SHA-1 to redSHA-1 has been broken by Google; they have published two files with the same SHA-1 hash
25/02/17Changed "Are the app and server completely open source?" for Signal from "Yes (messaging is but phone calls is not)" to "Yes"Open Whisper Systems have released the source code for phone calls and video calling
11/03/17Changed "Does the app allow a secondary factor of authentication?" for Wire from "No" to "Yes"Wire now supports Touch ID on iOS
26/03/17Added "Does the app encrypt data on the device?" for WireIt's clear from Wire's security whitepaper that they encrypt data on iOS and Android