Is Signal secure? How the encrypted messaging app compares to other apps on privacy protection

Signal is one of the most private and secure messaging apps available.Westend61/Getty Images
  • Signal is a secure messaging app that encrypts all communication from end to end, making all data accessible only to the sender and recipient.
  • Signal records no metadata about your contacts or messages, so it's virtually impossible to infer anything about your communication based on your use of the app.

You might know that Signal is a popular messaging app that bills itself as being very secure, offering end-to-end encryption for a very high level of privacy.

It's not necessarily obvious, though, what all that means, and how Signal's technology affords any more protection than other messaging apps.

How Signal's encryption works

Signal offers end-to-end encryption, which essentially means that your messages are scrambled into an unintelligible collection of characters before leaving your device and are not decrypted back into meaningful content until reaching the Signal app on the recipient's device. Advertisement

The Signal app boasts more privacy than its competitors.Signal
These encrypted messages can only be unlocked using a key that is shared between the two private conversations. No one else has access to the key or can decrypt the message – not even the developers of the Signal app.

Because there is no "back door" to decrypting Signal messages, Signal can't decrypt messages for the government, for example, even under subpoena – not because of policy, but because it's not technically possible.

Signal's encryption algorithm isn't proprietary or even unique. The encryption software used by Signal is open-source (and used by other messaging apps, including WhatsApp) and available for download on GitHub. This actually allows Signal to be more secure, because the open-source software is subject to public scrutiny by developers and security experts. It exposes bugs, flaws, and vulnerabilities sooner than if the software were closed and proprietary.
Advertisement

How Signal is different than other encrypted messaging apps

While the encryption software in Signal might not be unique, the app still has privacy advantages over other messaging apps. Signal records no data about its users or the conversations taking place within the app.

This is in contrast to other apps, like Apple iMessage and WhatsApp, to name two examples, which often store significant amounts of metadata, such as who you spoke to and detailed time logs of when those conversations occurred. In a recent blog post, Signal creator Matthew Rosenfeld (known online as Moxie Marlinspike) explains that the Federal government used a subpoena in 2016 to access Signal's user data.Advertisement

But as Rosenfeld writes, "there wasn't (and still isn't) really anything to obtain. The only Signal user data we have, and the only data the US government obtained as a result, was the date of account creation and the date of last use – not user messages, groups, contacts, profile information, or anything else."

Related coverage from Tech Reference:

{{}}