Is Signal secure? How the encrypted messaging app compares to other apps on privacy protection
- Signal is a secure messaging app that encrypts all communication from end to end, making all data accessible only to the sender and recipient.
- Signal records no metadata about your contacts or messages, so it's virtually impossible to infer anything about your communication based on your use of the app.
You might know that Signal is a popular messaging app that bills itself as being very secure, offering end-to-end encryption for a very high level of privacy.
It's not necessarily obvious, though, what all that means, and how Signal's technology affords any more protection than other messaging apps.
How Signal's encryption works
Signal offers end-to-end encryption, which essentially means that your messages are scrambled into an unintelligible collection of characters before leaving your device and are not decrypted back into meaningful content until reaching the Signal app on the recipient's device.
These encrypted messages can only be unlocked using a key that is shared between the two private conversations. No one else has access to the key or can decrypt the message – not even the developers of the Signal app.
Because there is no "back door" to decrypting Signal messages, Signal can't decrypt messages for the government, for example, even under subpoena – not because of policy, but because it's not technically possible.
Signal's encryption algorithm isn't proprietary or even unique. The encryption software used by Signal is open-source (and used by other messaging apps, including WhatsApp) and available for download on GitHub. This actually allows Signal to be more secure, because the open-source software is subject to public scrutiny by developers and security experts. It exposes bugs, flaws, and vulnerabilities sooner than if the software were closed and proprietary.
How Signal is different than other encrypted messaging apps
While the encryption software in Signal might not be unique, the app still has privacy advantages over other messaging apps. Signal records no data about its users or the conversations taking place within the app.
This is in contrast to other apps, like Apple iMessage and WhatsApp, to name two examples, which often store significant amounts of metadata, such as who you spoke to and detailed time logs of when those conversations occurred.
In a recent blog post, Signal creator Matthew Rosenfeld (known online as Moxie Marlinspike) explains that the Federal government used a subpoena in 2016 to access Signal's user data.
But as Rosenfeld writes, "there wasn't (and still isn't) really anything to obtain. The only Signal user data we have, and the only data the US government obtained as a result, was the date of account creation and the date of last use – not user messages, groups, contacts, profile information, or anything else."
Related coverage from Tech Reference:
How to change your phone number on the Signal messaging app on an iPhone or Android device
How to create a Signal chat to talk with individuals or groups on the secure messaging platform
What to know about Signal, the secure messaging app that keeps all of your conversations private
How to block or unblock someone on the Signal secure-messaging app in just a few taps
How to archive chats on the Signal mobile or desktop app, and clear out your inbox without deleting important messages