With the encryption used on the iPhone in the recent San Bernardino attack (see this CNN article for background information), many are asking how safe their text messages and personal info are on their mobile devices.

Most individuals have wondered at one point, “Where do my text messages go?” and “How long are they archived?” To start, there are two types of text messaging transmissions: Through traditional SMS systems, where messages are transmitted to cell towers before reaching their destination; Or through cloud messaging systems that are sent via Wi-Fi or a 3G/4G connection (think Apple’s iMessage). The only major U.S. carrier who currently retains the content of your text messages is Verizon, typically for three to five days. Apple stores iMessages on their iCloud, but these messages are encrypted.

Third-party entities cannot see the transmission of text messages without the use of an application on the physical device. The Telephone Records and Privacy Act of 2006 prohibits any party other than law enforcement and intelligence agencies from viewing text messages when requested, protecting the consumer.

If an attacker somehow is able to gain access to a mobile device – likely through a malicious application from the App Store or Google Play installed on the device by the unsuspecting consumer, or through malware via a phishing email – there is a good chance that messages sent to and from the device can be seen by the attacker. To prevent these types of attacks, one should practice proper cyber hygiene. We have blogged about it plenty but if you need reminders: don’t click on links in emails, don’t open attachments in emails, don’t log into public wifi, don’t use USB drives that you didn’t buy, and on and on and on…

If you have any questions or would like to learn more about cyber hygiene or privacy associated with text messaging, feel free leave to us a message on our Contact Us page.