What is Signal Private Messenger and how does it Work?

Updated: 25 February 2021
Updated: 25 February 2021

Fact-checked by

Signal Private Messenger is a secure messaging service that functions in a similar way to Facebook Messenger or WhatsApp, but with added privacy.

Is Signal Private Messenger Safe?

Signal Private Messenger is a free, not-for-profit, open source, messaging service that doesn’t track you or serve ads.

The app’s main purpose is to replace the standard messaging application, with messages being sent through a secure connection.

However, while you are assured of maximum privacy and protection when sending messages to another Signal user, if the recipient of the message does not use Signal, then all bets are off. In this case, Signal functions as an ordinary application.

You are given the option to invite your friends to Signal, thus creating an encrypted connection to use. And the application automatically warns you when the interlocutor doesn’t have Signal installed.

It is extremely easy and comfortable to use, with the option to import your contacts and previous messages, and it also allows you to make voice and video calls.

As for SMS and MMS, their costs are the same as in the contract with your mobile provider.

It’s completely free, and there are no tricks involved.

Signal is an open-source application

Being open source, Signal’s source code is public and anyone can have a look at it and investigate it to see if there are any inconsistencies or intrusive lines of code.

This allows security professionals to publicly audit the software and let anyone know about potential vulnerabilities.

This has been done several times, with auditors concluding that Signal is a legit secure messaging app that uses correctly configured security, and shows no signs of vulnerabilities or back doors.

Closed-source applications such as Facebook Messenger and WhatsApp, on the other hand, do not reveal their source code to the public and there is no way you can know what goes on beneath the surface. Besides that, you can’t even determine if the promised security and protection standards are actually delivered. Snapchat was even discovered to have an internal tool that allowed employees to spy on its users.

Signal uses end-to-end encryption

This eliminates the need for any third-party to encrypt your messages before and after being sent. The way this works is this:

  • The messages you send are encrypted on your phone and kept safe on that device alone, without being sent to any other external source
  • Access is only granted to you and the recipient. Other than that, absolutely no one can see or read the messages unless they are in possession of either phone
  • Even in that situation, you are given the choice to use a passcode to encrypt all messages, so even if your phone gets stolen, without the password, no one can read your messages

But then again, this only applies when both of you are using Signal. Otherwise, the connection is not secure and there is no encryption applied to any message.

Criticism Against Signal Private Messenger

Is it the Holy Grail of messenger-type private platforms? We had a look at some users’ criticism:

1. Contact synchronization

The team behind Signal implemented a rather simple system of discovering your contacts when using the app. It uses your real phone number to do that. However, many users said that this was a privacy risk, that there might be some leaks.

On the other hand, Signal representatives denied the privacy risks, claiming that:

  • Signal does NOT register, keep, or even see your contacts. Only the user in person can access the contact list. No one else.
  • For the registration part, the Signal app is very permissive and “tolerant”, shall we say. It gives you the choice to do it from a random phone or even with a disposable SIM card, and then use the app on your actual phone. It has no restrictions in this sense.

2. Availability on the Google Play application

Just until recently, Signal was only available to download on Google Play. The issue here is that Google Play Services are required to run the Google Play app, and have to play by Google’s rules.

Google would know everyone using the app, and in case of an attack on Google’s servers, hackers could get hold of user details.

Users can also get it from the official site as well.

3. Does Signal retain the user’s metadata?

No, it does not.

The Signal application itself retains only the information regarding the date and time when the user first registered on the application, as well as the last time he or she has last connected to it. Other than that, Signal doesn’t keep any metadata.

However, Signal is in no way accountable for how other companies and services choose to use their code.

The Signal code is currently being used by many applications, and whether they choose to change it or respect the users’ privacy is entirely up to them. Signal can’t interfere.

Some of these apps are Facebook Messenger, WhatsApp, and Skype. It can only be a good thing that they choose to incorporate the Signal Protocol in their apps. It’s a major step forward in the world of privacy and encrypted communication.

However, these apps are also not as secure or privacy-oriented as Signal is.

Firstly, it’s because they are closed source. This speaks for itself. Not being able to check the source code and see for yourself whether they’re honest or not is a big letdown.

Secondly, these third-party apps can indeed collect metadata from the users, the identity and location of both recipients. The contents of the messages are indeed private, but other aspects are not.

4. The baseband processor

All cell phones and smartphones contain a so-called “baseband processor”, a closed-source chip that could, in theory, be used as a surveillance tool that breaks apart any sort of encryption used by any app.

This would mean that whoever has access to these chips is able to check, in real time, the contents and details of your messages, calls, and all the information on a phone.

This may or may not be baseless, and is in no way a reflection of Signal.

Is Signal Private Messenger safe to use?

The app uses a unique protocol called the Signal Protocol, an encryption method considered by many as being the most advanced encryption protocol ever devised. It’s a combination of several elements of well-known encryption suites and algorithms including HMAC-SHA256, AES-256, Double Ratchet Algorithm and many others.

Other security features include locking the app with a passcode or a fingerprint, and the “incognito keyboard” that blocks Android from “learning” from your keystrokes. It also lets you verify the identity of all your contacts by incorporating a unique safety number to every conversation, which you can then compare with other contacts.

In the end, what Signal does, no one else has managed to achieve until now, at least not on the same level.

Its security mechanisms and encryption protocols, as well as the privacy-oriented policy, all make Signal the most secure messaging app out there.

Written by: Bogdan Patru

Connect with the author:

Author, creative writer, and tech-geek. Bogdan has followed his passion for the digital world ever since he got his hands of his first pc. After years of accumulating knowledge and experience, the good Samaritan in him whispered him one day about the virtue of sharing that knowledge with those who needed it. It was 2014 when that idea would grow into a life-defining passion. One that keeps driving him to this day.

Leave a Reply

Your email address will not be published. Required fields are marked *