Is Signal secure? How the encrypted messaging app compares to other apps on privacy protection
Signalis a secure messaging app that encrypts all communication from end to end, making all data accessible only to the sender and recipient.
- Signal records no metadata about your contacts or messages, so it's virtually impossible to infer anything about your communication based on your use of the app.
It's not necessarily obvious, though, what all that means, and how Signal's technology affords any more protection than other
How Signal's encryption worksSignal offers
These encrypted messages can only be unlocked using a key that is shared between the two private conversations. No one else has access to the key or can decrypt the message – not even the developers of the Signal app.
Because there is no "back door" to decrypting Signal messages, Signal can't decrypt messages for the government, for example, even under subpoena – not because of policy, but because it's not technically possible.Signal's encryption algorithm isn't proprietary or even unique. The encryption software used by Signal is open-source (and used by other messaging apps, including WhatsApp) and available for download on GitHub. This actually allows Signal to be more secure, because the open-source software is subject to public scrutiny by developers and security experts. It exposes bugs, flaws, and vulnerabilities sooner than if the software were closed and proprietary.
How Signal is different than other encrypted messaging apps
While the encryption software in Signal might not be unique, the app still has privacy advantages over other messaging apps. Signal records no data about its users or the conversations taking place within the app.This is in contrast to other apps, like Apple iMessage and WhatsApp, to name two examples, which often store significant amounts of metadata, such as who you spoke to and detailed time logs of when those conversations occurred. In a recent blog post, Signal creator Matthew Rosenfeld (known online as Moxie Marlinspike) explains that the Federal government used a subpoena in 2016 to access Signal's user data.Advertisement
But as Rosenfeld writes, "there wasn't (and still isn't) really anything to obtain. The only Signal user data we have, and the only data the US government obtained as a result, was the date of account creation and the date of last use – not user messages, groups, contacts, profile information, or anything else."
Related coverage from Tech Reference:
- Luxury icons Sabyasachi and Oberoi open up about their 'perfectionist quirks' like checking the color of egg yolks and slashing clothes so they can’t hit the edit table
- Indian Prime Minister Narendra Modi warns against complacency in the fight against COVID-19
- Best budget smartphone deals under ₹20,000 in the Amazon Great Indian Festival Sale 2020
- EXCLUSIVE: Amazon AI executive explains three things every business needs to address before using machine learning
- Gionee launches new budget smartphone F8 Neo in India at ₹5,499