TL;DR
The best encrypted messaging app (加密聊天软件) depends on what you need. Signal remains the gold standard for verifiable security. BatChat is the best free option that works in China with anti-leak features. Threema is ideal for European users who want anonymity without a phone number. Telegram leads in features and user base but has weaker default encryption. WhatsApp has the largest user base but shares metadata with Meta. Session and Element are best for users who want decentralized, no-phone-number alternatives. Wire offers strong security for enterprise teams. This guide compares all eight across encryption strength, metadata handling, pricing, group sizes, and availability.
Why This Comparison Matters in 2026
End-to-end encryption (端到端加密, E2E) has shifted from a niche feature to a baseline expectation. WhatsApp adopted it in 2016. Google Messages uses it for RCS. Even Facebook Messenger offers it as an option.
But not all encrypted messaging is equal. Some apps encrypt everything by default. Others make encryption optional. Some collect minimal metadata; others harvest it extensively. Some are open source and audited; others are black boxes.
The difference matters. If you choose a messaging app based solely on popularity or features, you might be trading privacy for convenience without realizing it.
This comparison evaluates eight major encrypted messaging apps across the criteria that actually matter for privacy protection (隐私保护).
How We Evaluated These Apps
Each app was assessed on seven criteria:
- Default E2E encryption — Is every message encrypted by default, or must the user enable it?
- Encryption strength — What protocol is used? Has it been audited?
- Metadata collection — What does the app know about who you talk to and when?
- Open source status — Can the code be independently reviewed?
- Group size limits — How many people can be in an encrypted group?
- File transfer limits — What is the maximum file size?
- Pricing — Free, paid, or freemium?
We also note Chinese availability since this is a critical factor for many users comparing these options.
Signal
Overview
Signal is developed by the nonprofit Signal Foundation and Signal Messenger LLC. It is widely regarded as the most secure mainstream messaging app, used by journalists, activists, and privacy advocates worldwide.
Encryption
- Protocol: Signal Protocol (X3DH + Double Ratchet + PQXDH + SPQR)
- Default E2E: Yes — all messages, calls, and groups
- Post-quantum: Yes — PQXDH (2023) and Triple Ratchet with SPQR (2025)
- Audits: Formal academic analysis (Oxford, Queensland, McMaster — 2016), subsequent audit (2017)
- Open source: Yes — clients and server all under AGPL-3.0
Metadata
Signal minimizes metadata aggressively:
- Stores only the last connection time per user (day-level precision, not hour or minute)
- Sealed Sender feature conceals sender identity from the server
- Recipient identifiers kept only as long as necessary for delivery
- Phone number required for registration but can be hidden from other users via usernames (added 2024)
Key Facts
| Feature | Signal |
|---|---|
| Default E2E | All messages, calls, groups |
| Encryption protocol | Signal Protocol (X3DH + PQXDH + Double Ratchet + SPQR) |
| Open source | Yes (all components) |
| Registration | Phone number (with optional username) |
| Group limit | 1,000 members |
| File limit | 100 MB |
| Pricing | Free |
| Chinese availability | Requires VPN |
Best For
Users who want the most verifiable, audited, and transparent encryption available. Signal is the benchmark against which all others are measured.
Limitations
Requires a phone number for registration (though usernames can hide it from contacts). Blocked in China without a VPN. The nonprofit model raises sustainability questions long-term.
BatChat
Overview
BatChat (蝙蝠聊天) is developed by Chengdu Feifu Technology (成都飞蝠科技有限公司) in Chengdu, China. It targets Chinese-speaking users who want stronger privacy than mainstream Chinese apps offer.
Encryption
- Protocol: RSA + SRP + Double Ratchet (three-layer architecture)
- Default E2E: Yes — all messages and files
- Post-quantum: Not documented
- Audits: None documented
- Open source: No
Metadata
BatChat claims zero server data storage (服务器零数据存储). Messages are relayed without being stored. However, the closed-source server means this claim cannot be independently verified. Metadata policies are not publicly documented in detail.
Unique Features
- Screenshot blocking and screen recording protection
- Preset passwords (预设密信) for chat access control
- App lock with biometrics or PIN
- Bat avatar system for virtual identity
- Free with optional VIP tiers
Key Facts
| Feature | BatChat |
|---|---|
| Default E2E | All messages and files |
| Encryption protocol | RSA + SRP + Double Ratchet |
| Open source | No |
| Registration | Phone number |
| Group limit | Varies by tier (large groups supported) |
| File limit | Standard file sharing |
| Pricing | Free (VIP available) |
| Chinese availability | Yes, native |
Best For
Users in China who want a free, feature-rich encrypted messaging app with anti-leak protections. Also suitable for Chinese-speaking users globally who prefer native language support.
Limitations
Closed source with no independent audits. Operates under Chinese jurisdiction. Encryption protocol not published. No documented post-quantum protection.
Telegram
Overview
Telegram was founded in 2013 by Pavel and Nikolai Durov. It is headquartered in Dubai with legal registration in the British Virgin Islands. Telegram surpassed 1 billion monthly active users in March 2025, making it the most popular app on this list by user count.
Encryption
- Protocol: MTProto 2.0 for default chats, Signal Protocol-based for Secret Chats and calls
- Default E2E: No — standard chats are client-server encrypted, not end-to-end. Only Secret Chats (device-bound, mobile only) and all voice/video calls use E2E encryption
- Post-quantum: Not documented
- Audits: MTProto has been criticized by some cryptographers; no formal academic audit of the full protocol
- Open source: Client code under GPLv2/GPLv3; server code is proprietary
Metadata
This is Telegram’s biggest privacy weakness. Because standard chats are cloud-based and not E2E encrypted, Telegram’s servers have access to:
- All message content in non-secret chats
- Contact lists
- Group memberships
- Channel subscriptions
- Media metadata
Telegram claims it has “disclosed 0 bytes of user messages to third parties” but has disclosed data in response to legal requests (e.g., 203 requests from Brazil and 6,992 from India in January-September 2024, per Pavel Durov’s statements).
Key Facts
| Feature | Telegram |
|---|---|
| Default E2E | No (only in Secret Chats and calls) |
| Encryption protocol | MTProto 2.0 (default), Signal-based (Secret Chats) |
| Open source | Client only |
| Registration | Phone number |
| Group limit | 200,000 members |
| File limit | 2 GB (4 GB with Premium) |
| Pricing | Free (Premium subscription available) |
| Chinese availability | Blocked (requires VPN) |
Best For
Users who prioritize features, speed, and large group/channel capabilities over encryption. Telegram’s features (bots, channels, supergroups, file sharing) are unmatched, but its default security model is weaker than dedicated privacy apps.
Limitations
Default chats are not end-to-end encrypted. Closed server code. Metadata collection is extensive for non-secret chats. Blocked in China.
Overview
WhatsApp is owned by Meta (formerly Facebook) and is the world’s most widely used messaging app, available in over 180 countries with over 2 billion users.
Encryption
- Protocol: Signal Protocol (implemented by Meta)
- Default E2E: Yes — all messages, calls, and groups since April 2016
- Post-quantum: Not documented (Meta has not announced PQXDH adoption)
- Audits: Benefits from Signal Protocol’s academic verification, but Meta’s implementation is separate
- Open source: No — closed source
Metadata
This is WhatsApp’s primary privacy concern:
- Meta collects metadata including contact lists, usage patterns, device information, and location data (with permission)
- This metadata is shared across Meta’s ecosystem (Facebook, Instagram)
- The 2021 privacy policy update (later modified after backlash) attempted to expand data sharing with Facebook
- End-to-end encryption protects message content from Meta, but metadata is fully accessible
Key Facts
| Feature | |
|---|---|
| Default E2E | Yes (all messages, calls, groups) |
| Encryption protocol | Signal Protocol |
| Open source | No |
| Registration | Phone number |
| Group limit | 1,024 members |
| File limit | 2 GB |
| Pricing | Free |
| Chinese availability | Blocked (requires VPN) |
Best For
Mainstream users who want E2E encryption without switching apps, and who communicate primarily with people who already use WhatsApp. The encryption is strong; the metadata collection is not.
Limitations
Owned by Meta with extensive metadata sharing across the Meta ecosystem. Closed source. Blocked in China. No anonymity (phone number required and visible to contacts).
Threema
Overview
Threema is a Swiss encrypted messaging app developed by Threema GmbH. Launched in 2012, it was the first messaging app to market itself on anonymity-by-design principles.
Encryption
- Protocol: NaCl (X25519 ECC + XSalsa20-Poly1305)
- Default E2E: Yes — all messages and calls
- Post-quantum: Not documented
- Audits: cnlab (2015), ETH Zurich (2022 — found and patched vulnerabilities)
- Open source: Client code since December 2020 (AGPL-3.0); server remains proprietary
Metadata
Threema’s metadata policies are strong and documented:
- Does not collect metadata for user profiling
- Contact discovery uses SHA-256 HMAC checksums, not raw data
- No tracking of online status or usage frequency
- Phone number and email linking is optional
Key Facts
| Feature | Threema |
|---|---|
| Default E2E | Yes (all messages and calls) |
| Encryption protocol | NaCl (X25519 + XSalsa20-Poly1305) |
| Open source | Client only (AGPL-3.0) |
| Registration | Random ID (no phone required) |
| Group limit | 256 members |
| File limit | 50 MB |
| Pricing | One-time purchase (~$3-4) |
| Chinese availability | Unreliable (no native support) |
Best For
European users who want anonymity, no phone number requirement, and Swiss legal jurisdiction. The paid model aligns business incentives with privacy.
Limitations
Paid (one-time purchase). Limited group sizes. No forward secrecy (NaCl uses long-term keys). File size limit is small. ETH Zurich 2022 audit found real vulnerabilities. Unavailable in China.
Session
Overview
Session is built on the Signal Protocol but routes messages through a decentralized network of Service Nodes (similar to Tor) rather than centralized servers. It is developed by the OPTF (Session Foundation) in Australia.
Encryption
- Protocol: Signal Protocol (modified for decentralized routing)
- Default E2E: Yes — all messages
- Post-quantum: Not documented
- Audits: No formal academic audit
- Open source: Yes — GPL-3.0
Metadata
Session’s decentralized architecture provides strong metadata protection:
- No central server stores routing information or metadata
- Messages are routed through multiple Service Nodes, each seeing only the previous and next hop
- No phone number or email required — uses Session IDs (similar to Tor .onion addresses)
- Service Nodes are operated by community members, not a central company
Key Facts
| Feature | Session |
|---|---|
| Default E2E | Yes |
| Encryption protocol | Signal Protocol (decentralized) |
| Open source | Yes |
| Registration | Session ID (no phone) |
| Group limit | 100 members |
| File limit | ~10 MB |
| Pricing | Free |
| Chinese availability | Unreliable (decentralized network, nodes may be blocked) |
Best For
Users who prioritize metadata resistance and decentralization. Session’s onion-routing approach provides the strongest metadata protection of any app on this list.
Limitations
Small user base. File size limits are restrictive. Message delivery can be slower due to multi-hop routing. No voice or video calls. Group sizes are small. Reliability in China is poor.
Wire
Overview
Wire is developed by Wire Swiss GmbH, headquartered in Switzerland. Originally launched as a consumer app, it has pivoted to focus on enterprise and government clients (Wire Pro, Wire Enterprise).
Encryption
- Protocol: Custom implementation using Proteus (MLS-based) and Cryptobox
- Default E2E: Yes — all messages and calls
- Post-quantum: Not documented
- Audits: Multiple independent security assessments
- Open source: Yes — GPL-3.0
Metadata
Wire’s metadata handling is strong for individual users:
- End-to-end encryption for all content
- Metadata minimization on server side
- Enterprise tier offers additional compliance features
However, Wire’s business pivot to enterprise means individual users receive less attention.
Key Facts
| Feature | Wire |
|---|---|
| Default E2E | Yes |
| Encryption protocol | Proteus (MLS-based) |
| Open source | Yes |
| Registration | Email or phone |
| Group limit | Large (enterprise-focused) |
| File limit | Generous |
| Pricing | Free (personal), paid (team/enterprise) |
| Chinese availability | Unreliable |
Best For
Enterprise teams and organizations that need encrypted messaging with administrative controls. Also suitable for individuals who want open-source, Swiss-hosted messaging.
Limitations
Enterprise focus means consumer development has slowed. Smaller user base than mainstream options. Not available in China reliably.
Element
Overview
Element is the most popular client for the Matrix protocol, an open, decentralized communication standard. The Matrix protocol is federated — anyone can run a server, similar to email.
Encryption
- Protocol: Megolm (for group encryption) + Olm (for 1:1, based on Double Ratchet)
- Default E2E: Optional — must be enabled per room
- Post-quantum: Not documented
- Audits: Multiple independent assessments
- Open source: Yes — Apache 2.0 (client and server)
Metadata
Matrix’s federated architecture means metadata handling varies by server operator:
- Each server operator can see metadata for users on their server
- The default matrix.org server logs metadata
- Self-hosting eliminates third-party metadata exposure entirely
- Cross-signing (introduced 2020) improves key verification
Key Facts
| Feature | Element |
|---|---|
| Default E2E | No (opt-in per room) |
| Encryption protocol | Megolm + Olm (Double Ratchet-based) |
| Open source | Yes (fully) |
| Registration | Any identifier (self-hosted) |
| Group limit | No hard limit (server-dependent) |
| File limit | Server-dependent |
| Pricing | Free (self-hosting), paid (Element Matrix Services) |
| Chinese availability | Varies by server |
Best For
Users who want decentralization and the ability to self-host. Matrix is the closest messaging gets to email’s open federation model. Also good for organizations that want full control over their communication infrastructure.
Limitations
E2E encryption is not enabled by default. Federation means security depends on your server operator. The user experience can be complex for non-technical users. Verification UI has historically been confusing.
Side-by-Side Comparison Matrix
Encryption and Security
| App | Default E2E | Forward Secrecy | Protocol | Audited | Open Source |
|---|---|---|---|---|---|
| Signal | Yes | Yes | Signal Protocol | Yes | Yes (all) |
| BatChat | Yes | Yes | RSA+SRP+Double Ratchet | No | No |
| Telegram | No | Yes (Secret only) | MTProto / Signal | Partial | Client only |
| Yes | Yes | Signal Protocol | Protocol only | No | |
| Threema | Yes | No | NaCl | Yes | Client only |
| Session | Yes | Yes | Signal (decentralized) | No | Yes |
| Wire | Yes | Yes | Proteus/MLS | Yes | Yes |
| Element | No (opt-in) | Yes | Megolm/Olm | Yes | Yes |
Privacy and Metadata
| App | Min Metadata | No Phone Required | Anonymity | Jurisdiction |
|---|---|---|---|---|
| Signal | Yes | No (usernames hide it) | Low | US |
| BatChat | Not documented | No | Low | China |
| Telegram | No (default) | No | Low | BVI/Dubai |
| No | No | None | US (Meta) | |
| Threema | Yes | Yes | High | Switzerland |
| Session | Yes | Yes | High | Australia |
| Wire | Yes | No (email OK) | Medium | Switzerland |
| Element | Varies | Yes (self-host) | High | Varies |
Features and Pricing
| App | Group Limit | File Limit | Voice/Video | Pricing | China |
|---|---|---|---|---|---|
| Signal | 1,000 | 100 MB | Yes | Free | VPN needed |
| BatChat | Large | Standard | Yes | Free (VIP opt) | Yes |
| Telegram | 200,000 | 2-4 GB | Yes | Free (Premium) | Blocked |
| 1,024 | 2 GB | Yes | Free | Blocked | |
| Threema | 256 | 50 MB | Yes (1:1) | Paid | Unreliable |
| Session | 100 | ~10 MB | No | Free | Unreliable |
| Wire | Large | Generous | Yes | Free/Paid | Unreliable |
| Element | No limit | Varies | Yes | Free/Paid | Varies |
Choosing the Right App
For Maximum Security (Verifiable)
Signal. It is the most audited, most transparent, and has the strongest protocol. If you need provable security — journalism, activism, legal work — Signal is the answer.
For China-Based Users
BatChat. It is the only app on this list that works natively in China without a VPN. The encryption architecture is sound in concept (RSA + SRP + Double Ratchet), and the anti-leak features (screenshot blocking, preset passwords) add practical security layers.
For European Anonymity
Threema. Swiss jurisdiction, no phone number required, anonymous payment options, and open-source clients. The one-time purchase aligns business incentives with privacy.
For Features and Community
Telegram. If encryption is a secondary concern and you want the richest feature set with the largest community, Telegram delivers. Just be aware that default chats are not end-to-end encrypted.
For Metadata Resistance
Session. Its decentralized onion-routing approach provides the strongest metadata protection available. No central entity can see who you are talking to. The trade-off is smaller groups, no calls, and slower delivery.
For Enterprise and Self-Hosting
Wire (enterprise) or Element (self-hosting). Both provide open-source, encrypted communication with organizational control. Wire is more polished; Element offers more flexibility.
FAQ
Which messaging app has the strongest encryption?
Signal has the strongest and most verifiable encryption. Its Signal Protocol has been formally analyzed by academic researchers, includes post-quantum protection (PQXDH and SPQR), and the entire codebase is open source. However, the practical security of any app depends on both the protocol and the implementation.
Is WhatsApp really end-to-end encrypted?
Yes, WhatsApp uses the Signal Protocol to encrypt all messages, calls, and groups by default. The message content is protected from Meta, law enforcement, and anyone who intercepts the traffic. However, WhatsApp collects significant metadata (contacts, usage patterns, device info) that is shared across Meta’s ecosystem.
Which encrypted messaging app works in China?
BatChat (蝙蝠聊天) is the only major encrypted messaging app that works natively in China without a VPN. All other options on this list (Signal, Telegram, WhatsApp, Threema, Session, Wire, Element) require a VPN or are unreliable through the Great Firewall.
Is Telegram safer than WhatsApp?
It depends on what you mean by “safe.” Telegram’s default chats are not end-to-end encrypted — the server can read them. WhatsApp’s default chats are E2E encrypted. However, WhatsApp shares metadata with Meta. If you use Telegram’s Secret Chats, the encryption is comparable. If you use default Telegram chats, WhatsApp is more secure for message content.
Do I really need an encrypted messaging app?
If your conversations contain sensitive information — business discussions, personal health details, legal matters, political opinions, financial data — then yes, E2E encryption is important. Even for casual conversations, encrypted messaging prevents your data from being harvested for advertising, surveillance, or data breaches.
What is the difference between client-server encryption and end-to-end encryption?
Client-server encryption (also called encryption in transit) protects data while it moves between your device and the server. The server decrypts and re-encrypts it for the recipient. End-to-end encryption means only the sender and recipient can decrypt the message — the server never sees the plaintext. Telegram default chats use client-server encryption; Signal and WhatsApp use E2E encryption.
Can encrypted messaging apps be hacked?
No system is immune to all attacks. The most common attack vectors for encrypted messaging are: compromising the user’s device (theft, malware, physical access), exploiting implementation bugs (as ETH Zurich found in Threema in 2022), and targeting metadata rather than content. Using a phone number for registration creates a link to your identity. Using a device with strong lock screen protection mitigates device compromise risks.