Signal Messenger is perhaps the most secure messaging app available. A free and open source application (FOSS), Signal uses end-to-end encryption to securely communicate with other Signal users. It relies on the internet for all its encrypted communication and is regarded as the best when it comes to privacy and security.
In this Signal review, we will examine the security and features of Signal. By the time we're done, I think you will agree with me that this app should be on your secure messaging app short list.
If you want some additional proof that Signal is worth your attention, consider this: during the great 2021 exodus of users from WhatsApp, Telegram and Signal were the two apps that people were most likely to switch to. Want to know more? Just keep reading.
Signal messaging app basics
Signal offers a full range of features for personal secure messaging. There are no special business or educational versions so if you need corporate features like centralized user control, Signal isn't for you. However, there are other options for these types of users, as we noted in our Wickr Review.
If you are looking for a secure messaging app with things like the leading secure messaging protocol (the Signal protocol), client-side end-to-end (E2E) encryption, data synced across multiple devices, and a very low price (free), then you should keep reading and learn more about Signal.
Signal Messenger is available for the iOS, Android, Mac, Windows, and Linux operating systems.
The company behind Signal
Signal is a product of Signal Messenger, LLC. But it wasn't always that way. In 2013, Matthew Rosenfeld (commonly known as Moxie Marlinspike) founded Open Whisper Systems to develop the Signal app and protocol. Marlinspike and Brian Acton founded Signal Messenger, LLC in 2018. This company now has responsibility for developing the Signal app and the Signal Protocol that provides its security.
The LLC is funded by the Signal Technology Foundation (aka Signal Foundation), a 501(c)(3) non-profit organization that publishes all its products as free and open-source software (FOSS).
Many in the security community consider Signal to be the most secure end-to-end (E2E) encryption system available for voice, video, and instant messaging conversations. This open source code has been heavily audited and is so good that it is used for E2E encrypted messages by WhatsApp, Skype, and Facebook Messenger.
If you want the technical side of things, the protocol is built on the Double Ratchet algorithm, triple Elliptic-curve Diffie–Hellman (3-DH) handshake, and prekeys. It uses Curve25519, AES-256, and HMAC-SHA256 for its encryption algorithms.
While all secure messenger services apply encryption to your messages, most don't do the same for your message metadata. Signal encrypts your metadata, and stores it on your device.
When you use Signal, your data is stored encrypted on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on.
This is different from apps like WhatsApp, which actually collects your metadata for their own use (and passes it along to Facebook too). This is also different from apps like Wire messenger that encrypt your data but store some of it on their servers.
The Signal approach is more secure. However, because your data is all encrypted and stored on your device, you will need to configure Signal to back it up if you want the ability to restore your data. To do this, you'll want to read this article on backup and restore options.
Third party audits and testing
The first formal security analysis of the Signal protocol was conducted in 2016. Conducted by researchers from Germany, Switzerland, the United States, and Canada, the audit showed that the protocol was cryptographically sound.
This analysis has been updated several times since, with the same conclusion. Beyond this original audit, there have been several other formal and informal audits of aspects of the product. For a current list of such audits check out this page in the Signal Community Wiki.
Signal published their first and only transparency report in 2016. You can read it here. It would be great to see more transparency reports, on a regular schedule, like we see with other services.
To test everything out for this Signal review, I installed Signal on an Android smartphone and also a Windows 10 desktop. Since you need to install Signal on your phone before you can use it on the desktop, we'll talk about the mobile version first.
You can download the Signal app from the Android and iOS stores like any other app. You need to give them your phone number as part of the installation, which isn't ideal. However, by doing so, you make it easy for the app to connect to your phone's contact list and replace your phone's messaging app.
Replacing your phone's messaging app can be nice, in that you get to handle SMS or MMS messages in the same place as you handle your other messages. However, Signal can't encrypt your SMS and MMS messages, so the app will notify you when you are messaging someone with a Signal account. It will also make it easy for you to invite non-Signal users to join whenever you contact them.
Once you've got Signal downloaded and installed, the first thing you will see when you open the app is a list of your Signal contacts. Tap a contact to start a chat or otherwise connect with them.
In general, Signal looks and acts like any other secure messaging app you may have used. You can do all the basics, like text, voice, and video chats, share files, send photos, and share your current location. It also supports a number of additional features you might find useful. These features include:
- Encrypted group calls. This feature was added in December 2020. Signal has added a video call button to the group chat window. Hit the button to initiate or join a video group call. The participants will appear in a grid view, and can be switched to an auto-focus view where the camera automatically jumps to whoever is speaking at the moment.
- Multiple device support. Until last year, Signal only supported calls to or from one primary device per person. Now you can make and receive secure calls from any of your devices, thanks to a technique called ICE forking. While I love being able to use Signal for calls on all my devices, I'm not even going to attempt to explain how ICE forking works. If you want to find out more, check out this Signal blog post.
- Secure connection indicators – For iOS and Desktop Signal apps, all communications are always secure. For the Android app, the text input field for a conversation will show the words, “Signal message” and the Send icon will be blue and include an image of a closed lock when the connection is secure.
- Message reaction emojis – Quickly reply to messages with emoji reactions.
- View-once media – On mobile devices, you can configure individual photos and videos to disappear after they have been viewed once.
- Group chats – Stay connected with your family and other groups of people.
- Insights – For Android users, this shows you what percentage of your Signal messages were sent encrypted.
- Disappearing messages – Set messages to disappear from both your and the recipient’s devices after a set amount of time has elapsed.
- Safety Numbers – Verify that you are communicating with the device you expect to be talking to by comparing safety numbers.
- Encrypted stickers – Add some fun without compromising your security.
Signal desktop apps
Signal officially supports the following desktop platforms:
- Mac OS
- Linux (64 bit and 32 bit)
Installing Signal Desktop for Windows or Signal Desktop for MacOS is just like installing any other app. It only takes a moment to download, and seconds to install. The Linux version is more difficult to install but should still only take a few moments.
When you launch the app for the first time, it will require you to link your phone to Signal desktop by scanning the QR code it displays on the screen. It will look like this:
Once you scan the code, you'll have the option to give the desktop app some kind of friendly name instead of DESKTOP-992O7KL or whatever Signal tries to call it. Once this is done, the desktop will sync contacts and groups with your phone and you are ready to go.
The desktop app offers many of the same features as the mobile apps do. I haven't tried to catalog the differences, but I do recommend you check the release notes ( Help -> Go to Release Notes ) when you install the desktop since Signal is constantly pushing updates.
Signal Support is a searchable archive of nearly 100 articles divided into 5 major sections. Collectively, these articles address the most common Signal questions and topics you might need support for. There's also a Contact Us link at the top of every Support page. Use this to submit a help request.
Another useful place to go if you have issues with Signal is the SignalCommunity page.
There are thousands of posts here covering any Signal topic you might imagine.
Here are a couple of frequently asked questions related to Signal and other secure messaging apps.
Is Signal messenger really safe?
The short answer is yes. Signal messenger is really safe.
The long answer is, complicated. What do you mean by safe? Is Signal the most secure and private messenger app in existence? Probably. Can I guarantee that the NSA can't crack the encryption? No. The cryptographic community says that the encryption is secure. But can anyone guarantee it with 100% certainty? No. Will quantum computers be able to break the encryption? Theoretically, yes, at some point in the future. But as far as we know, no sufficiently powerful quantum computer exists so we can't say for sure one will be able to do the job.
Is Signal more secure than WhatsApp?
While it isn't obvious at first glance, Signal is definitely more secure than WhatsApp. Both products use secure end-to-end encryption for the content of their messages. They are both equally secure as far as that goes. In fact, WhatsApp's end-to-end encryption uses the Signal protocol to encrypts its data too.
But Signal encrypts your metadata, while WhatsApp logs as much of your metadata as possible, and passes it along to Facebook. While metadata doesn't expose the contents of your messages, it does include information on who you talked to, when you connected, and much more.
Signal Review Conclusion
Based solely on the technical and user features of the product, Signal is an ideal secure messaging app for anyone. The requirement to register with a phone number is annoying, but you can get around that using the technique explained in this article.
The only other reason I can think of that you might not want to use Signal is if the people you need to communicate with are all firmly committed to using a different messaging app. If everyone is already using Telegram, or Wire, or some other secure messaging app, you will probably have to go along with the crowd and join that service. Or convince everyone to move to Signal!
There is a lot of chaos in the secure messaging space right now with people exploring alternatives to have more privacy and security with their communications. Feel free to share your two cents in the comments below.