Signal has seen millions of new users flock to its app over the last few months, but is it safe? We reached out to three security experts to learn more about Signal and how it deals with your data.
WhatsApp took a hit in January when it asked users to consent to sharing their data with Facebook, who acquired the company in 2014, or lose access to their chats.
Just ten days later, Signal went down as it struggled to deal with the millions of new users that had signed up to the messaging app. Thankfully, the outage didn’t last long and Signal later tweeted that it had expanded its capacity to accommodate the influx of new users.
Months have passed now and, though it has extended its deadline, WhatsApp still wants you to agree to its new terms. We’ve already looked at whether WhatsApp is safe, but is Signal a safe alternative if you’re considering jumping ship? Here’s what three security experts said…
Signal and end-to-end encryption
“Signal is an encrypted messaging app and for many, is a secure way to communicate with friends and family because of its end-to-end encryption,” Chief Scientist and McAfee Fellow, Raj Samani told Trusted Reviews.
But, what is end-to-end encryption?
“What this means is that messages sent on the app are encrypted, so that only the intended receiver’s device can actually read the message,” explained Samani.
“The same applies to any exchanges on the app via voice calls. In short, this keeps third party services and even Signal itself from seeing the content of messages, making it a popular choice for people wanting to use a messaging app with enhanced privacy and security.”
According to F-Secure CISO, Erka Koivunen, end-to-end encryption really started to gain traction when WhatsApp adopted it in 2016, despite Signal having already rolled out the feature in 2014.
“WhatsApp practically pioneered with turning in end-to-end encryption (E2EE) for the masses in 2016,” noted Koivunen.
“Apple’s iMessage was first of course, and Signal had already launched, but it wasn’t until WhatsApp joined the movement to make E2EE mainstream”.
In fact, the two apps actually share the same end-to-end encryption protocol.
“Whatsapp uses Signal’s protocol (or a derivative of it) for secure messaging and key management,” said Koivunen. “It should be secure-enough. The only practical difference is who the users must trust, Facebook vs. Open Whisper Systems”.
Signal vs other messaging services
So, what are the benefits to using Signal over other messaging apps like WhatsApp and what are the drawbacks?
“Signal saw a surge in downloads after WhatsApp announced it would require data sharing with Facebook, its parent company, and also after notable endorsements from particular users,” said Samani.
“As Signal is not owned by a big tech conglomerate and operates as an independent non-profit, this can be a benefit for some users seeking greater privacy”.
Like WhatsApp, Signal is a free messaging service.
“The app is also free to download and is available for iOS and Android, as well as for PCs running MacOS, Windows and Linux”.
However, it isn’t without its drawbacks. While Signal does support end-to-end encryption, messaging people who do not have Signal installed will cause your messages to be unencrypted, as they are being sent outside the app.
The app also lacks the impressive resources that WhatsApp has access to via Facebook and cannot be backed up to the cloud. While this may boost privacy for users, some users rely on the cloud to backup their chats.
“Signal has always been more clunky than WhatsApp,” said Koivunen. “It shows that Signal doesn’t have the vast resources and the UX expertise that Facebook possesses. Similarly, Signal’s systems nearly gave in when there was a huge surge to register for their service last week. Signal has deliberately been designed to not backup in the cloud. WhatsApp message archives get backed up to iCloud or Google Drive in clear text if user so allows”.
But, WhatsApp and Signal aren’t the only messaging apps in the app store.
“Telegram features channels and it has nerdy features like the ability to share arbitrary files, even large ones”, said Koivunen, though it’s important to note that Telegram’s encryption only applies to Secret Chats.
Signal and your data
One of the biggest differentiators between Signal and WhatsApp is who run the apps.
“As a non-profit and privacy focused app, Signal claims to have no financial motivations to share its user’s private information,” assured Samani. “The only information Signal claims to collect is the telephone number but even that it cannot link back to your identity.”
Of course, it isn’t just Signal’s security you need to worry about. Hackers can intercept your data through other apps, reminds Principal Security Researcher at Kaspersky, David Emm.
“It’s not always a question of the security of the app itself. Android includes a built-in Accessibility Service and attackers have been known to exploit the capabilities of this service in order to collect user data. For example, last year we discovered stalkerware that could use this standard function to see the text of incoming and outgoing messages from instant messengers.”
Emm recommends that users take precautions when it comes to protecting their mobile data. This includes only downloading apps from official marketplaces, reading the user agreement, installing a security solution on your phone, never clicking on suspicious links and paying attention to your apps permission requests.
“For example, a flashlight app clearly doesn’t need access to the microphone,” he said.
So, should you move your WhatsApp chats to Signal?
“The majority of features on Signal are also present on WhatsApp, making it like-for-like in terms of its user offering”, said Samani. “But, with Signal’s privacy stance it is widely regarded as one of the safest messaging apps currently available. And, while WhatsApp also features encryption and both apps use Signal’s encryption protocol, Signal’s is fully open source, which means that security researchers can regularly examine the platform for security vulnerabilities.”
The important part is that you do your own research before downloading any new app.
Lastly, we asked whether the experts would let their kids download Signal
“As children become more and more connected online, the risk of engaging with harmful content across these platforms and unknowingly sharing personal information increases,” warned Samani.
“With any technologies you allow your children to use, it’s important to monitor them when using internet-connected devices and begin to have conversations with kids early about potential online dangers. This will arm children with the knowledge they need to stay safe online. It is also important to remember the responsibility also lies with parents to ensure their children are only signing up for services they’re old enough and wise enough to use”.
If you’re interested in protecting your data online, make sure to check out our guide to the best VPNs. You can also visit our best phones and best Android phones guides if you’re in the market for a new smartphone.