A new study by Surfshark has raised alarms about the future of privacy in messaging apps as the European Union pushes forward with its Child Sexual Abuse Regulation, dubbed “Chat Control.”
Set for a vote on October 14, 2025, the proposal aims to combat serious online crimes by requiring messaging platforms to scan private communications or provide lawful access to encrypted services.
However, privacy advocates warn that these measures could dismantle end-to-end encryption, a cornerstone of secure digital communication, putting users, vulnerable groups, and businesses at risk.
Surfshark’s analysis of 10 popular iOS messaging apps, including Apple’s Messages and the nine most downloaded apps in 2025, highlights the current state of privacy protections.
Nine of the 10 apps employ end-to-end encryption, with Signal and iMessage offering quantum-secure cryptography for enhanced security.
However, Apple’s Messages app falls short when messages are sent to Android devices, converting them to unencrypted SMS/MMS, which leaves them vulnerable to interception.
Discord stands alone as the only app studied that lacks end-to-end encryption for text-based messages.
The study underscores Signal’s leadership in privacy, scoring 0.99 out of 1 for its minimal data collection- only phone numbers for app functionality—and its avoidance of user tracking.
In contrast, apps like LINE, Discord, Rakuten Viber Messenger, and Meta’s Messenger scored below the average of 0.52, with LINE ranking lowest.
Notably, Messenger by Meta collects 30 out of 35 data types listed in the App Store, often for purposes like advertising and user behavior analysis, raising significant privacy concerns.
The EU’s Chat Control proposal has sparked widespread opposition. Eight member states currently oppose the regulation, while 12, including France with its 81 Members of the European Parliament (MEPs), support it.
Seven countries, representing 36 percent of the EU population and 260 MEPs, remain undecided, with Germany’s 96 MEPs holding significant sway.
Critics argue that mandating message scanning would create vulnerabilities exploitable by malicious actors, undermining the trust in Europe’s digital infrastructure.
“Having end-to-end encryption for communication and other digital services is just essential hygiene. Without it, all other efforts by apps to protect user privacy and security become largely meaningless. Proposals to introduce message scanning would inevitably create vulnerabilities that malicious actors could exploit. There is no such thing as partial encryption: either it is intact, or it is broken. Therefore, weakening encryption risks undermining trust in Europe’s digital infrastructure and setting a dangerous global precedent,” says Vytautas Kaziukonis, CEO at Surfshark.
The study also flagged privacy risks from AI features, present in 90 percent of the analyzed apps. Features like conversation summarization or AI assistants could expose private data to app owners or third parties, further complicating the privacy landscape.
