This report investigates how organisations are using messaging apps such as WhatsApp, Viber and Telegram in humanitarian situations, and assesses the opportunities and risks that they introduce.
A messaging application is a mobile-phone-based software programme that allows users to send and receive information using their phone’s internet connection.
Messaging apps can transmit or receive a much wider range of data types than Short Message Service (SMS) or Multimedia Messaging Service (MMS). In addition to voice calls, video calls and text, messaging-app users can send and receive files, images, audio, location data, emojis and (in some cases) documents.
Messaging apps were primarily designed for private communication between individuals or small groups, but are increasingly being used in new ways, including:
Broadcast or bulk messaging. The capacity to send messages or other content to a large number of people.
Encryption. End-to-end encryption means that the content of a message can be viewed only by the people sending and receiving messages. It cannot be decrypted and read by the company itself.
Bots or “chatbots”. A piece of code that performs automated functions within an app (often in natural language like a human − hence “chatbot”), such as replying to users’ questions with short pieces of information.
Over the past four years, messaging apps have become the primary mode of communication for millions of people around the world. This includes both individuals and aid organisations. Below are some examples of how messaging apps have been used by such organisations.
As a hotline. ICRC’s Yemen delegation used WhatsApp as a dedicated hotline for people to report incidents or request assistance.
To broadcast information. The Yuva Community Centre in Gaziantep, Turkey, uses Telegram and WhatsApp, as well as SMS, to send refugees information about the services provided by the centre.
In collaboration with local media. BBC Media Action used WhatsApp as part of a public-health information programme to circulate information about Ebola.
For internal coordination. For some interviewees, messaging apps helped staff coordinate activities more efficiently than email or voice calls. Some used messaging apps to share information (such as location-data or photos).
To use bots to automatically provide information that is tailored to individuals’ needs. The Praekelt Foundation launched a bot that provides pregnant women and new mothers in South Africa with maternal health information and support.
To use automated systems (bots) to survey people on issues that affect them. UNICEF launched a chatbot that integrates with U-Report, a service that allows people to answer polls and report on a range of issues. In Uganda, for example, the HIV/AIDS organisation Mildmay will respond to the chatbot’s messages asking questions about HIV/AIDS.
Tools and Platforms
This table below compares the key features offered by ten of the most frequently used messaging apps.
|Voice calls||Voice messages||Photo messages||Bots||Location sharing||File sharing||Video calls|
|Yes||Yes||Yes||No||Yes||Up to 160 MB||Yes|
|Signal||Yes||Yes||Yes||No||Yes||No||Yes, in Beta|
|Telegram||No||Yes||Yes||Yes||Yes||files of up to 1.5 GB||No|
|Facebook Messenger||Yes||Yes||Yes||Yes||Yes||Through an integration with Dropbox||Yes|
|FireChat||No||Yes||Yes||No||Yes||Yes (limits unknown)||No|
|Skype||Yes||Yes||Yes||Yes||No||300MB size limit||Yes|
Pros and Cons
The key advantage for many interviewees was that messaging apps are widely used by both organisations and their target audiences. This enables organisations to communicate with people using channels that those people already know and use on a daily basis.
Additional advantages include:
Messaging apps can help reduce communications costs. Messaging apps usually cost less to use than SMS or conventional phone calls. This benefits both organisations and the people they are trying to reach.
Messaging apps can be a more reliable communication method. Messaging apps offer a way to maintain contact with people across borders (such as staff or refugees), even if they frequently change SIM cards. Apps might work better in places where other communication methods are unavailable, especially if the app works well over weak internet connections.
Messaging apps can be a more secure communication method. Mobile-phone networks are insecure and the message content of all SMS messages can be accessed by mobile-network operators, who may in turn grant access to governments. Information transmitted over telephone networks via SMS or phone calls is therefore likely to be easier for adversaries to access than messaging apps which can have features like end-to-end encryption, password access and automatic message deletion. However, like any mobile-phone based method of communication, information sent over messaging apps will never be completely secure (see Disadvantages, below).
Messaging apps can speed up data collection or increase efficiency. The ability of a user to send location-data, images, or long messages without a character limit are some of the advantages a messaging app might have over SMS. Many apps also notify a user when their message has been read, which some organisations find useful for information sharing.
The greatest risk of using messaging apps is the threat to messaging app users’ security and privacy. Data that organisations collect through messaging apps might be accessed by unintended third parties, including government authorities, businesses and hostile parties.
Even if the content of the messages is protected by end-to-end encryption, other types of data will not be encrypted and can be used to identify individuals or groups. Metadata - information about the data transmitted with the app - can include the time and date on which message or files were sent, the user’s location and the identity of the person to whom data was sent. This can be used to link an individual with other individuals or groups, or be combined with other datasets to infer details about an individual. According to their terms of service, apps collect varying quantities of metadata - the most privacy-conscious apps aim to collect as little metadata as possible.
Other disadvantages to consider are:
The most popular apps are not necessarily the best ones for a particular situation. Interviewees frequently chose a messaging app based on its popularity with target audiences. This risks overlooking whether the app is secure, reliable or complies with data protection policies and laws.
Messaging apps develop and change features fast. There is no guarantee that a feature offered by an app will always be available, and companies’ policies about data usage, security and privacy may be revised without warning. For some interviewees, this forced them to dramatically change their strategy with little notice.
Discussions may stray off-topic or include material that is hurtful. Groups containing multiple members cannot filter the messages that are sent, while messages cannot be deleted once sent. Without effective moderation, hurtful or offensive messages will be preserved in the chat history and discussions with multiple people can easily veer off into trivial or irrelevant topics.
Responsible Data Issues
Broader issues around responsible data should also be considered.
Consent. To maintain fully informed consent, organisations need to constantly monitor changes in messaging app companies’ terms and conditions, and communicate any changes to their target audiences. Users are usually unaware of the privacy implications of installing and sharing data on messaging apps and often provide more information than an organisation had requested.
Access. Access to an app or mobile-internet can vary depending on affordability, connectivity, gender and age. This can significantly limit the extent to which individuals are able to participate in technology-based initiatives. For example, access to data networks can vary greatly between rural and urban areas, and some people may attempt to reduce costs by turning off access to mobile data at set times during the day. Older, low-income people are much less likely than younger, wealthier people to own and use smartphones and, in many countries, men report much higher rates of smartphone ownership than women.
Bias in data collected. Data gathered solely through one app can introduce statistical bias. Differences in individuals’ access to the internet or to mobile phones could affect the way that different populations are represented. For example, reports collected through messaging-app data might give the impression that violence was focussed in a particular area, without taking account of limited internet access in other parts of the country. Conclusions based on such skewed data can reinforce inequalities.
|End-to-end (E2E) encryption by default (1-to-1 + group chats)||E2E encryption by default (1-to-1 chats only)||E2E encryption (opt-in only)||Details of encryption||Other security features|
|Self-destructing messages||Optional passcode protection for message content||Two-factor authentication|
|Yes||Open Whisper Systems' Signal protocol.||No|
|Viber||Yes||Encryption protocol developed by Viber.||.||Yes|
|Signal||Yes||Open Whisper Systems' Signal protocol.||Yes||Yes|
|Telegram||Yes||Encryption protocol developed by Telegram known as the MTproto protocol.||Yes||Yes||Yes|
|LINE||Yes||Encryption protocol developed by Line using the ECDH protocol.||Yes|
|Facebook Messenger||Yes||Open Whisper Systems' Signal protocol.||Yes|
|Snapchat||No end-to-end encryption||Yes||Yes|
|FireChat||Yes||"Elliptic curve cryptography comparable to the Signal protocol, which works offline over the mesh network."|
|Skype||No end-to-end encryption.|
|imo||No encryption information available.|
|No end-to-end encryption|
Many interviewees concluded that the advantages of using messaging apps outweighs the potential risks. Those planning on incorporating messaging apps into their communications strategies should keep the following in mind:
Invest the time and effort needed to understand how people in the local area communicate. Organisations should learn how the people they want to reach communicate and which channels they use and trust. This may vary significantly across different environments and cultures.
Consider any government restrictions on apps or mobile internet. Content sent using messaging apps may be controlled or censored by government. Some governments will ban specific apps or shut down mobile-internet connections altogether. Organisations should therefore consider the risk that an app could become unusable at a crucial point during a crisis. Furthermore, organisations should not encourage individuals to discuss information that exposes them to unnecessary risks as individuals have been targeted on the basis of information they sent on messaging apps.
Use a range of communications channels rather than relying exclusively on a messaging app. Messaging apps should be part of a multi-platform, multi-channel communications strategy. Vulnerable groups should be able to access information in ways that suit their skills and resources, ensuring that individuals are not discriminated against as a result of their gender, age or abilities.
Consider how to extract data from the messaging app. Manually transcribing information from a messaging app into, for example, an Excel spreadsheet can be time consuming and inefficient. Some messaging apps work with application programming interfaces (APIs) - these allow different software programs to interact and can be used to extract data from the messaging app. However, some messaging apps, notably Whatsapp, block the use of APIs.
Don’t let the technology distract from the need for appropriate content. Organisations using messaging apps will have very limited impact if they don’t also provide timely, actionable and useful content for people. Managing and analysing the data received through the apps is necessary to ensure that the information collected helps to guide an organisation’s future activities.
Plan well in advance. Put in place strategies and systems for using messaging apps well before they are actually needed. This could mean creating systems for data management, developing policies and training field staff. Organisations should also consider how to moderate message channels to avoid quarrels and irrelevant discussions: this might mean nominating one or two people to “facilitate” the group.
Prioritise the privacy rights of respondents when choosing a messaging app. Organisations should investigate the privacy risks associated with using messaging apps to communicate with vulnerable individuals and communities, and try to reduce those risks. This includes choosing messaging apps with end-to-end encryption enabled by default, run by companies which collect and retain minimal amounts of data and metadata, and which have a strong record of resisting unlawful demands for private data from law-enforcement and other agencies.
Test, test and test again. Interviewees repeatedly emphasised that approaches which are effective in some regions will fail in others. Before introducing the app, organisations should conduct thorough research into key factors that affect the ability of local people to access and use it. Following the launch, organisations should use analytics tools to monitor how the app is being used, support local languages wherever possible, consider ways to promote usage among women and older people, and factor in the needs of people who may be inexperienced with these tools.
Develop a workflow and an information-management system. Carefully consider how the information gathered through a messaging app will be used to inform decision-making. Messaging apps can introduce large quantities of new information from many different sources. Without proper planning, this could overwhelm organisations, increase the risk that organisations overlook users’ privacy, and frustrate local residents if their responses are ignored. Third-party providers may be able to assist with data analysis or management, but this will introduce further risks around data protection and users’ privacy that should be considered carefully.
Collect as little data as you need (both message content and message metadata), and emphasise to users that any data they submit remains insecure. Organisations should conduct a risk assessment to gain a better understanding of what data is being collected, and what the worst-case scenarios could be as a result. Organisations should clearly emphasise to individuals that any information sent over a communications network may be viewed by an adversary at some point in the future.
Consider how the organisation will verify and validate information received. The speed with which messaging apps can exchange information increases the danger of misinformation being spread. However, verifying information requires significant time and resources. Organisations will therefore need to balance the time spent verifying information with the potential benefits of rapid communication. Alternatively, an organisation could invest more resources in verification than initially planned.
Establish feedback mechanisms. Organisations should be flexible and prepared to adapt to feedback. Suggestions from users on how the app can best serve their needs should be implemented on an ongoing basis.
This report, commissioned by the International Committee of the Red Cross (ICRC), is the product of a collaboration between the ICRC, The Engine Room and Block Party. The content of this report does not reflect the official opinion of the ICRC. Responsibility for the information and views expressed in the report lies entirely with The Engine Room and Block Party.
This report is based upon a survey of relevant literature, interviews with staff working in humanitarian organisations (including technology specialists, logistics officers and field workers), representatives of messaging app companies, and organisations that focus on providing technology for humanitarian organisations. Interviewees were identified through the authors’ and advisory groups’ networks, and through responses to an open call publicised on mailing lists and through social media. In total, researchers spoke with more than 45 people working in Asia, Europe, sub-Saharan Africa and the Middle East.
Commissioning Editors: Jacobo Quintanilla and Philippe Stoll (ICRC). Lead researcher: Tom Walker (The Engine Room). Content: Eytan Oren (Block Party), Zara Rahman (The Engine Room), Nisha Thompson, and Carly Nyst. Prepared for web version by Tom Parker. Editors: Michael Wells and John Borland.
The Engine Room is an international organisation that helps activists, organisations, and other social change agents make the most of data and technology to increase their impact.