Is Signal safe? We asked security experts about the messaging app and your data

Signal is often considered one of the most privacy-focussed messaging services in Apple and Google’s app stores, but how safe is it really? We reached out to 5 security experts to learn more about Signal and your data. 

Signal’s privacy-first approach has earned the praise of whistleblowers, privacy advocates, journalists and high-profile tech moguls over the years and made it an easy go-to when organising protests and passing on sensitive information.

Up your cybersecurity with NordVPN – Now 62% off plus a random gift of either 3 months or 1 year extra subscription with every purchase. 

Arguably the most important privacy tool on Signal is end-to-end encryption. Signal’s encryption, in particular, is powered by the app’s own open source Signal Protocol and adds an additional layer of security to almost every communication you hold over the app, from one-on-one messages and group chats to voice calls, video calls and even stickers. 

Of course, encryption isn’t the only privacy tool in Signal’s arsenal. In 2020, the company released a face blurring tool to protect the identities’ of protestors in the marches against racism and police brutality. Signal even designed face coverings that would “encrypt your face” in the real world to maintain its users’ privacy outside the app. 

Signal is considered an independent non-profit, meaning its development is supported entirely by grants and donations and it isn’t funded by any major tech company or advertisers. 

We reached out to security experts from McAfee, Searchlight Security, F-Secure, Comparitech and IDC to learn more about Signal, how the apps handles your data and how it’s encryption compares to other popular messaging apps on the market. 

Keep reading to discover what they said.

For more on messaging apps and your privacy, make sure to visit our guides to WhatsApp and Telegram, along with our more in-depth comparison of Signal vs Telegram. Finally, don’t forget to check out our ultimate security guide to learn the best ways to safeguard your data when surfing the web.

Is Signal safe? 

Signal is safer than many messaging apps because it uses end-to-end encryption, which ensures that no one (not even Signal) can intercept and read your messages.  

Unlike Telegram, which also benefits from end-to-end encryption in its “secret chats”, Signal has the feature enabled by default so you won’t have to take any additional steps to get this extra layer of privacy. 

“Signal is safe to use, mainly because it provides end-to-end encryption, which means messages are secured before they’re sent, and they are decrypted only once they arrive at the intended recipient’s device”, explained McAfee VP Antony Demetriades. 

“Essentially, it encodes your message so that only the intended recipient’s device can unlock it”. 

There are also options for users who don’t want to connect their Signal account with their personal phone number or iCloud history. 

“While the platform requires your mobile number to sign up, you can set this up using a Google voice number, while Apple users can stop their history from syncing with the cloud by turning off ‘show calls in recents’ in settings”, added Demetriades. 

Signal vs other messaging apps 

So, how does Signal compare to other popular messaging apps like WhatsApp and Telegram? 

“Out of the three apps, Signal has the best reputation for security and privacy using published encryption that has been thoroughly scrutinised and without any incentive to capture your personal information”, said Searchlight Security CTO and co-founder, Dr. Gareth Owenson. 

“WhatsApp is safe in that it uses the same secure encryption as Signal but is owned by Facebook – a company which has historically monetised personal information (principally for advertising). WhatsApp has recently come under criticism for attempting to expand the amount of data shared with Facebook”. 

Telegram has a more trustworthy reputation than WhatsApp and offers more features than Signal, but this has earned the app some unsavoury users.

“Telegram has a reputation as a secure messaging app but this is largely due to the feature set it offers rather than the strong encryption”, explained Dr. Owenson. 

“Research by Royal Holloway recently found vulnerabilities in the cryptography used by Telegram. Telegram is also popular amount darkweb criminals and other malicious actors due to its perceived security”. 

However, which app you pick will ultimately come down to what you need from your messaging service. 

“For the average person, all of the apps provide adequate security and they may prefer WhatsApp due to the number or their contacts who will use it. For the truly paranoid, stick with Signal”. 

Up your cybersecurity with NordVPN – Now 62% off plus a random gift of either 3 months or 1 year extra subscription with every purchase. 

Signal and your data  

We’ve touched on how WhatsApp’s parent company Facebook (now Meta) has a history of monetising personal information, but what about Signal? 

According to our experts, there’s little reason to be concerned about Signal sharing your data with other companies – especially when compared with the other messaging apps.

“WhatsApp and Telegram both have had a rocky relationship with user data”, said Tom Gaffney, Security Consultant at F-Secure.

“Both were implicated in the Snowden leaks and both have not provided evidence of independent code audit or security analysis. They have opaque terms related to data usage and in WhatsApp case, the parent company Facebook derives most of its money from using data it collects. So from a privacy perspective absolutely not as safe as Signal”.

Gaffney wouldn’t recommend either app for private messaging over Signal.

“Signal on the other hand is completely transparent in its operations relating to security and privacy and does not at all share or use data collected for commercial gain. It is widely respected in the security world”.

According to Signal itself, the company has no plans to be acquired by a major tech company either. 

“Signal is an independent nonprofit. We’re not tied to any major tech companies, and we can never be acquired by one either. Development is supported by grants and donations from people like you”, the company states on its website. 

Should you move your chats to Signal?

Perhaps the most important question is should you move all of your conversations and group chats to Signal – and the answer is complicated. 

“Most people’s choice in messaging app isn’t based on which app is best; we choose to use messaging apps because our friends and other contacts use them”, said privacy advocate at Comparitech, Paul Bischoff. 

“Yes, Signal would be a security improvement for everyone, but the network effect prevents mass adoption”. 

Duncan Brown, VP of European Enterprise Research at IDC, shared a similar sentiment. 

“You can do, but be ware of the relatively low number of users. So you’ll have to convince your contacts to download and use Signal if that’s your preferred messaging app. But if you are looking for a high level of security then Signal is perfect for this”, said Brown. 

If you’re willing to put the work in to convince your friends and family to jump apps, Signal is an easy choice to anyone concerned about their data. 

“If you’re interested in privacy, then Signal is the app for you”, said Demitriades. 

“It’s biggest appeal for many users is end-to-end encryption which ensures no one other than the sender and receiver’s device can access the information, whether that be governments, hackers, individuals or Signal itself”.