Mobile messaging apps are a fundamental communication infrastructure, used by billions of people every day to share information, including sensitive data. Security and Privacy are thus critical concerns for such applications. Although the cryptographic protocols prevalent in messaging apps are generally well studied, other relevant implementation characteristics of such apps, such as their software architecture, permission use, and network-related runtime behavior, have not received enough attention. In this paper, we present a methodology for comparing implementation characteristics of messaging applications by employing static and dynamic analysis under reproducible scenarios to identify discrepancies with potential security and privacy implications. We apply this methodology to study the Android clients of the Meta Messenger, Signal, and Telegram apps. Our main findings reveal discrepancies in application complexity, attack surface, and network behavior. Statically, Messenger presents the largest attack surface and the highest number of static analysis warnings, while Telegram requests the most dangerous permissions. In contrast, Signal consistently demonstrates a minimalist design with the fewest dependencies and dangerous permissions. Dynamically, these differences are reflected in network activity; Messenger is by far the most active, exhibiting persistent background communication, whereas Signal is the least active. Furthermore, our analysis shows that all applications properly adhere to the Android permission model, with no evidence of unauthorized data access.

翻译：移动消息应用是基础通信基础设施，每天有数十亿用户通过它共享信息，包括敏感数据。因此，安全与隐私是此类应用的关键考量。尽管消息应用中普遍使用的密码学协议已得到广泛研究，但此类应用的其他相关实现特性（如软件架构、权限使用及网络相关运行时行为）尚未获得足够关注。本文提出了一种方法论，通过可复现场景下的静态与动态分析，比较消息应用的实现特性，以识别具有潜在安全与隐私影响的差异。我们将此方法论应用于Meta Messenger、Signal和Telegram的安卓客户端研究。主要发现揭示了应用复杂度、攻击面及网络行为方面的差异。静态分析表明，Messenger的攻击面最大、静态分析警告数量最多，而Telegram请求的危险权限最多。相比之下，Signal始终采用极简设计，依赖项和危险权限最少。动态分析中，这些差异反映在网络活动上：Messenger活跃度最高，存在持续的后台通信，而Signal活跃度最低。此外，我们的分析表明所有应用均严格遵循安卓权限模型，未发现未经授权的数据访问迹象。