I missed the bolded part earlier, which you are ALSO wrong on.
Not only could this have been deduced from various company statements on security, various official documents exist which make it plain that BBM cross-platform is TLS-encrypted, ie this one, quoting:
BBM Security note TLS in BBM TLS in BBMBlackBerry 10, iOS, and Android devices send all data to each other through the BlackBerry Infrastructure over a TLS connection. In certain scenarios, BlackBerry 7.1 and earlier devices also send data this way. TLS is a common web standard used across all major desktop and mobile web browsers for secure online banking and shopping. A TLS connection between a device and the BlackBerry Infrastructure is designed to protect BBM messages from eavesdropping or manipulation by an attacker.
Re: "scrambling", the
only instance where data security in BBM relies only on the old "scrambling" technique is for legacy BBOS devices when one of the links is
not traversing the public internet. Otherwise, BBM on BB10 devices is
MORE secure than it was on BBOS devices because all communications
AT MINIMUM travel via TLS encrypted tunnels, and typically use TLS
COMBINED with traditional BBM "scrambling".
So how is the competition doing? A few data points:
WhatsApp
- Sent
all traffic unencrypted until 2012-08
[1]
- When they added encryption in 2012-08, they did it poorly, leaving mobile numbers vulnerable and worse, using easily-guessed encryption keys
[1]
- Serious flaws in WhatsApp encryption persisted up until at least 2013-10
[2]
- WhatsApp chat logs are readable by any other app on the device
[3]
- In fact, Dutch and Canadian authorities concluded in 2013 that WhatsApp violated their countries privacy laws by insecurely storing non-user contact details
[4]
- Crypto weaknesses in WhatsApp “the kind of stuff the NSA would love”
[5] Apple iMessage
Among other things, does not implement (as BBM does) "certificate pinning" - allowing attackers to spoof legitimate iMessage servers. (
source)
Viber
Sends shared files and location data unencrypted, stores data on Amazon cloud servers unencrypted
and accessible to anyone (
source 1,
source 2)
LINE Messenger Messages and data are sent completely unencrypted over carrier networks (
source)
WeChat
Plagued by a variety of technical security vulnerabilities, in addition to being subject to widespread surveillance by Chinese authorities (
source)
.