Defending Messaging Apps Against Spyware Using Data Diodes
Authors: Peter Story (Clark University)
Year: 2026
Issue: 1
Pages: 62–66
Abstract: Messaging apps like Signal, WhatsApp, and iMessage use end-to- end encryption to protect users’ messages against passive government surveillance. However, these apps offer limited protection against targeted attacks: if a user’s device is compromised by spyware, the attacker will gain access to all the user’s messages. Furthermore, messaging apps are often used as an attack vector for spyware. First, we describe the threat model of encrypted messaging apps, and current defenses against spyware. Then, we propose a novel approach for hardening messaging apps against spyware using a one-way network device, known as a data diode. We anticipate this technology will be valuable to journalists, politicians, and other targets of spyware. Finally, we enumerate obstacles to deploying our proposed defenses.
Copyright in FOCI articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
