My Signal app review aims to answer the key question in 2023 – is it safe to use? After WhatsApp updated its privacy policy this year that allows sharing user’s information with Facebook, we have one less secure messenger to choose from. But should you choose Signal?
Signal provides end-to-end encryption for instant messaging (including voice and video calls), filling the void left by WhatsApp in the wake of its concerning Facebook purchase in 2014.
The app is developed through the Signal Foundation. This is a not-for-profit organization led by Moxie Marlinspike (who co-authored the Signal Protocol) and WhatsApp co-founder Brian Acton. Their mission is purportedly to decentralize information across the globe.
Signal private messenger pros and cons
+ Pros:
- Free
- End-to-end encryption
- Open-source
- Minimal logging
- Desktop app
– Cons:
- Not all attachment types supported
How to use Signal
The Signal mobile app is mercifully easy to install and navigate. It’s simply a case of heading to the Google Play Store or the App Store and hitting download. Once the file is ready, the app guides you through a quick registration process.
To send and receive messages on Signal, you’ll need to register your phone number. This is done by entering your phone number in the online form and then the verification code you receive via SMS.
You can also install Signal private messenger for desktop, but it must first be registered with iOS or Android to send and receive messages. However, once Signal is installed on your mobile device, you can use your mobile to scan the Signal QR code from your desktop. This will link both devices and allow you to use them interchangeably.
Is Signal secure?
As we mentioned, the Signal protocol uses end-to-end encryption. This means that not even the Signal Foundation can see your messages, which has certainly earned the Signal messenger some favor ever since the notoriously invasive Facebook got their hands on the supposedly NASA-grade WhatsApp.
The major components in making this work are the X3DH protocol and the Double Ratchet Algorithm. X3DH stands for “Extended Triple Diffie-Hellman” and allows for creating a secret key between two parties. Double Ratchet then manages and develops these secret keys, renewing them every few days to reduce traceability.
The metadata is stored on Signal’s servers until the messages have been sent; it is then removed. No message logs are kept, and Marlinspike maintains that the only thing Signal does log is connection times. More specifically, Signal only retains information regarding the last day you used the app and is no more specific than that.
So far, so good. However, to get the best from our Signal review, it’s best to take a closer look at the security aspects around some of the app’s main features.
Video and voice calls
The Signal private messenger was the first app for iOS that allowed users to make easy, strongly encrypted voice calls for free. It does this by using push notifications to start the call and then using the ZRTP protocol to encrypt it.
The best thing about this is that ZRTP is transparent about when encryption is successful. To do this, it generates a random pair of words that appear on both ends of the conversation. If both callers receive the same pair of words (you can say them out loud to one another to confirm this), then you know you are secure.
Video calling works along similar lines to the normal text-based messaging – through the Signal protocol. The Signal messenger uses this to encrypt WebRTC data – which is the program that allows video calls to be made – between each end of the conversation.
If you’re familiar with issues surrounding cybersecurity, you’ll likely feel slightly alarmed by Signal’s use of WebRTC. However, while the program is known to leak IP addresses in virtual private networks (VPN), this is caused by the STUN communication methods – and Signal does not appear to use any of these in its architecture.
Verify safety numbers
Taking inspiration from ZRTP, the Signal messenger generates a unique “safety code” for each conversation. Signal’s method is more complex than ZRTP’s, using sixty digits instead of two words.
The number is accompanied by a QR code that members of the conversation can scan when meeting in person. If physical meetups aren’t possible, the users can read the number aloud to one another. Whichever method is used, the safety number is clearly shown as “verified” when this is successful.
While this may indicate that the Signal app encryption isn’t as infallible as the company claims, it does mean that users can seek easy confirmation when their conversations have been encrypted successfully.
To maintain total security, Signal will update the safety number when one conversation participant switches devices (such as if they begin to use a new phone). It will then send an automatic notification announcing that the number has been changed and requires verification.
By the way, Signal’s FAQ section states that frequent changes to the security number usually indicate foul play.
History erasing and message lifetime
Signal does not store your messages on its own server; rather, they are saved on your own device. Of course, the messages need to interact with Signal’s servers to get sent, but they are deleted as soon as this action is complete.
You also have the option to force the Signal private messenger to auto-delete chat histories after a set amount of time. This ensures total security within the given means, as it narrows the amount of time someone even has the opportunity to hack your information.
Safer notifications
Signal’s notification system leaves something to be desired. While the software has the ability to prevent anyone else from seeing your phone number, it automatically displays your mobile number in push notifications whenever you send a message.
With the X3DH protocol and the Double Ratchet Algorithm, the chances of your contact number falling into anyone else’s hands are minimal – information is only stored on the relevant devices, anyway. However, it would be a lot more reassuring if your mobile number was kept as secure as possible when sending texts through the Signal app.
Signal app troubleshooting
Few issues seem to arise with Signal in general. Among the most prevalent, however, is the inability to send messages over wifi; occasionally, the shoe is on the other foot, and users find it impossible to send messages without wifi.
Moxie Marlinspike often responds to these issues in GitHub forums, and sometimes the issue turns out to be caused by the device’s own settings. Nevertheless, he occasionally refuses to engage with the issue, leaving the user with no choice but to seek a different instant messenger.
Aside from that, Signal seems to work fine. However, it should be noted that it is blocked in Egypt, Oman, Iran, Qatar, and the United Arab Emirates. Signal initially circumvented this censorship with automatic domain fronting but has ceased doing so.
How Signal compares to Telegram and WhatsApp
Before comparing the key features of each messaging app, let’s look at the data that each of them collects from its users:
| Signal | Telegram | |
| Phone number (not linked with the user) | Phone number User ID Email address Contacts | Phone number User ID Email address Contacts Advertising data Purchase history Payment info Coarse location Product interaction Performance data Customer support |
Signal
Launched: 2014
Owner: Signal Foundation/Open Whisper Systems (non-profit)
Users: No recent statistics
End-to-end encryption: Yes
Secret chats: Yes, by default
Secure file sharing: Yes
Data storage in servers: Yes, but only for as long as it takes the message to send
Chat/Messages self-destruction: Yes
Requires mobile number: Yes
Supported platforms: Android, iOS, Windows, macOS, Linux
Telegram
Launched: 2013
Owner: Telegram Messenger LLP
Users: 200 million (monthly)
End-to-end encryption: Yes, but only in secret chats
Secret chats: Yes
Secure file sharing: No
Data storage in servers: No
Chat/Messages self-destruction: Yes, but only in a secret chat
Requires mobile number: Yes
Supported platforms: Android, iOS, Windows Phone, Windows, macOS, Linux
Launched: 2009
Owner: WhatsApp Inc.
Users: 1.5 billion
End-to-end encryption: Yes
Secret chats: Yes
Secure file sharing: No
Data storage in servers: Yes, but only until the message has been sent. (If the message has not been sent, it remains on the server for 30 days.)
Chat/Messages self-destruction: No
Requires mobile number: Yes
Supported platforms: Android, iOS, Windows Phone, Windows, macOS
Bottom line
My Signal app review has shown it to be the best private messenger in 2023. While it’s less popular than Telegram, not to mention WhatsApp, users who care about their personal information should look no further.
Signal is free, open-source, and intends to keep it this way for the foreseeable future. While it has some shortcomings, they are easily overshadowed by the vast amount of positives. If that weren’t the case, Elon Musk wouldn’t be endorsing Signal on Twitter, would he?
Recommended reads:
FAQ
Is Signal app really safe?
Yes, it is. Signal uses end-to-end encryption and doesn’t log user data. Even the phone used for account creation is not linked to you.
Is signal better than WhatsApp?
Signal is much better than WhatsApp. It doesn’t collect and doesn’t share your personal data. It also allows secure file sharing and self-destructing chats and messages.
What is the best secret messaging app?
In terms of security and privacy, Signal is the best secret messaging app. It collects virtually no data and has features that Telegram and WhatsApp lack. Those include sharing files securely and the option to set the self-destruction for any chat or message.
Is Signal really private?
Signal is the most private of all messengers. It doesn’t collect user data and doesn’t even link their phone numbers to their identity. Furthermore, Signal offers end-to-end encryption to all types of conversations, including group chats, and is generally considered to be safe to use right after you launch it for the first time.
You’d better delete the signal, it’s useless. If you want to use a private messenger, install the Utopia ecosystem
No matter what anyone says, I didn’t like the Signal at all, and its security is highly questionable. What I can’t say about the messenger in Utopia’s web3 ecosystem, which is protected by strong encryption, and doesn’t store any user data
I am sold on Signal, but a member of my family said that she read on a review that Signal interferes with the car play ability. What information does anyone have to answer my question.
Buy a de-Googled phone and you won’t need to worry about the Playstore issue…or Google’s invasion of your privacy.
Can I communicate with only people who are using Signal?
Hey, Rocko. It’s possible, although not everyone might be willing to move to Signal. But if all of your friends are already on Signal then there are no issues. Plus, it’s also possible to communicate with Signal users without the app via SMS.
Why does Signal not allow me to create a contact without needing a link to all my contacts? Why?
Greetings, Tricia. It seems that Signal only allows you to add contacts through their phone numbers. Naturally, it can only do that from your contacts list. I don’t see this as an issue as it will only add the contacts that are using Signal already. Plus, this information is only stored locally on your device and does not get sent anywhere.
And why should they need my phone number? Especially if it isn’t used for anything, as you state… Sounds a bit fischy to me…
Hi, John. The phone number is needed for verification and logging into the service. It has no other uses and is not shared with anyone else.
I know this article is about Signal, so naming other apps may not be desired. However, I’ve been very happy using Molly-FOSS recently. Molly is a “hardened version of Signal”. It looks like Signal and can be installed instead of Signal or in addition to Signal, with a second phone number. It connects to the Signal network, so you can interact with anyone using Signal. It comes in two flavors: Molly and Molly-FOSS
1. Molly is Signal, but it reintroduces local encryption (password protection) of your database. This had been a part of Signal (or TextSecure) before, but was dropped along the way. Molly uses Google’s FCM (or WebSocket, if FCM isn’t available) as well as Google Maps, just like Signal.
2. Molly-FOSS is different from Molly in that it only supports WebSocket, not Google’s FCM nor Google Maps for location.
You can add the repository to F-Droid and thus keep it updated. See the GitHub for more info and instructions:
https://github.com/mollyim/mollyim-android
Google Play Services ARE NOW REQUIRED! Google servers are used to send and recieve messages. Why has this changed? Google Play Services were never required before. 90% of my apps run without Google Play Services disabled and will never give the google play services error notification. Signal works but only when usimg the app. When not in the app it wont notify of new messages.
Does anyone know if going back to an older version will work or a way to bypass google play services?
Hi, RJ. If I understand you correctly, the issue you’re talking about has been bugging everyone for over a year now. You should try installing Signal while Google Play Services are disabled. Hope this solves your problem!
Nope google play store requires you log in with a google email
Hi, Cc, it seems you’re right. Thanks for the update!
I have ExpressVPN…is Signal redundant? Help a senior citizen out!
Hi, Ktate. It sure is not. To start with, your friends might not be using a VPN, which means your messages won’t be encrypted on their side. But if you use Signal, all messages will be encrypted. Does that mean you don’t have to use a VPN? Well, it still can help for your privacy. For example, when you use Signal, your Internet Service Provider (ISP) will know that you’re using it. But if you turn on the VPN, it will only see that you’re sending encrypted data somewhere to someone. Hope this clears things out 🙂
My cousin and I both use Signal. We want to know how much data it gobbles up when you use phone call or FaceTime modes.
Hi, Sheryl. It’s true that Signal used to gobble up data before but this should’ve been fixed by now. You can check the exact data usage numbers on your phone.
12/11/2020 two days ago Signal updated itself thru Google Play Store. For one day, I kept receiving notifications that Signal would not work unless Google Play Store was enabled (I keep ALL Google apps disabled or at least turned off); but, I could clear the notification and go on with usage as before. Today (day two) Signal has stopped working – no access to messages past or present – with the admonishment that Signal would not work unless Google Play Store was enabled. So even if Signal is not data mining, the requirement that Google Play Store be enabled for Signal to work allows Google a platform for data mining.
Even if you go to signal.org/install you get rerouted to Google Play Store. Thus, you can not by-pass Google and re-install/install/update the app straight from signal.org.
Remember, Google in all its forms and apps, to include all its subs like WhatsApp, is the largest personal information data mining entity in the world. And currently, personal information data mining is the largest source of identity theft.
My rating of Signal is now zero (0) as this appears to be a major security breach. And yes, I’ve uninstalled Signal even though it has cost me ALL of my text messages past and present.
why don’t you just update it using the latest APK?
@Agreed.
Three things I don’t understand.
1. Why would the whatsapp co-founder put money into this? Isn’t it essentially against what he wants (mining peoples data I would assume). I think his involvement needs to be investigated/explained more
2. What does signal need to store metadata on their servers? In and end-to-end system on the sender and receiver should be in the loop. Having an intermediary in there is a huge cause for concern. Telegram for instance AFAIK does not need to insert itself in the middle of your conversaton.
3. Has signal undergone a security audit(s) by anyone? If this information could be put into the article it would be useful to understand just how (in)secure it might be.
Whatsapp has been sold to Facebook, why should its old owner be involved in data mining?
These are great questions! Also tre funding of the US Gov? Highly questionable.
You wonks and your assertion that an app having received money from government entities is growing old. A crap ton of privacy and open source projects wouldn’t exist if they didn’t derive some of their funding from the US government. Getting funding from the US doesn’t “automagically” make a service bad. That statement is especially salient when the service has been audited to make sure it works as it should.
The security of this app sounds incredible! I hate the way companies collect and distribute information these days, and this seems like a perfect app to use to combat that.
I hope that everyone knows that email is a terribly insecure way to send anything of any importance. If anyone sends you important, private information through email, it is like yelling it out to the world for all to hear. I often have clients that send me their login information to social media sites so I can troubleshoot and maintain their accounts. It is much safer when sent with the Signal app.
It actually sounds interesting, I didn’t even know about this protocole. It really sounds like a great tool for privacy. Thanks for sharing this, I’m discovering new stuff everyday thanks to you guys !
This may seem too good to be true, but it bears checking out. If it’s as good as it claims, this could be a great tool for anyone who treasures their privacy. I am awed by this concept and want to thank whoever posted this article to spread the good news!