Written by: Bogdan Patru
Signal Private Messenger is simply the most secure messaging application on the market. It has the same functions as, let’s say, Facebook Messenger or the WhatsApp messenger, but with the added security protocols.
Protocols that are extremely sturdy and well encrypted.
The app’s main purpose is to replace the standard messaging application, with the messages being sent through a very secure connection, one that’s near impenetrable.
However, the gist of it is that, while you are assured of maximum privacy and protection when sending messages to another Signal user, if the recipient of the message does not use Signal, then all bets are off. In this case, Signal functions as an ordinary application.
You are given the option to invite your friends to Signal, thus creating an encrypted connection to use. And the application automatically warns you when the interlocutor doesn’t have Signal installed.
Moreover, it is extremely easy and comfortable to use, with the option to import your contacts and previous messages, and it also allows you to make voice and video calls.
As for SMS and MMS, their costs are the same as in the contract with your mobile provider. There are no changes here like extra fees.
It’s so easy and seamless to use that you would surely manage to convince all your friends to use it as well.
It’s completely free, and there are no tricks involved.
Top encryption protocols and maximum security with nothing to lose. What could be better?
Signal is an open-source application
Being an open source software, Signal’s source code is public, and anyone can have a look at it, investigate it to see if there are any inconsistencies or intrusive lines of code.
Essentially, this allows everyone to check for themselves whether the encryption protocols are up to par or not. In fact, the application was audited in 2016 by a number of independent specialists in the field.
The conclusion? Signal is entirely bulletproof, and its encryption protocols are in the very top.
This is actually one of the biggest advantages to security software and the one aspect that can make or break them. If they’re open source, then they can be independently audited and analyzed.
Closed-source applications, on the other hand, do not reveal their source code to the public, and there is no way you can know what goes on beneath the surface. Besides that, you can’t even determine if the promised security and protection standards are actually delivered.
What’s more, Signal uses an end-to-end encryption
This basically eliminates the need for any third-party to encrypt your messages before and after being sent. The way this works is this:
But then again, this only applies when both of you are using Signal. Otherwise, the connection is not secure and there is no encryption applied to any message.
Is it the Holy Grail of messenger-type private platforms, though? The only way to find that out is by analyzing some of the users’ criticism:
1. Contact synchronization
The team behind Signal implemented a rather simple system of discovering your contacts when using the app. It uses your real phone number to do that. However, many users said that this was a privacy risk, that there might be some leaks. It was unsafe, in general, they said.
It would have been a whole lot better to achieve this using e-mail or a username-password encryption.
On the other hand, Signal representatives denied everything, claiming that:
2. Availability on the Google Play application
Just until recently, Signal was only available to download on Google Play. While this was understandable and, more than that, seemed like the right choice, a lot of people rebuked this option. They said that the Google Play Services that are required to run the Google Play app are subservient to Google, and thus they would have access to meddle with Signal’s functions.
They could, in theory, put some invasive codes in the application and, somehow, gain access to the users’ devices and their private correspondence.
While it’s generally a good idea to download it from Google Play, users can also get it from the official site as well. Evidently, it’s a Google-free link and it has nothing to do with Google anymore.
3. Does Signal retain the user’s metadata?
No, it does not.
The Signal application itself retains only the information regarding the date and time when the user first registered on the application, as well as the last time he or she has last connected to it. Other than that, Signal doesn’t keep any metadata.
However, Signal is in no way accountable for how other companies and services choose to use their encryptions or principles.
The Signal Protocol is currently being used by many applications, and whether they choose to change it or respect the users’ privacy is entirely up to them. Signal can’t interfere.
Some of these apps are Facebook Messenger, WhatsApp, and Skype. It can only be a good thing that they choose to incorporate the Signal Protocol in their apps. It’s a major step forward in the world of privacy and encrypted communication.
However, these apps are also not as secure or privacy-oriented as Signal is.
Firstly, it’s because they are closed source. This speaks for itself. Not being able to check the source code and see for yourself whether they’re honest or not is a big letdown.
Secondly, these third-party apps can indeed collect metadata from the users, the identity and location of both recipients. The contents of the messages are indeed private, but other aspects are not.
4. The baseband processor
The issue here is with the fact that all cell phones and smartphones contain a so-called “baseband processor”, a closed-source chip that could, in theory, be used as a surveillance tool that breaks apart any sort of encryption used by any app.
This would mean that whoever has access to these chips is able to check, in real time, the contents and details of your messages, calls, and all the information on a phone.
The problem is that this is a far-fetched allegation that was not proved to be accurate, and the suspicions are baseless. Either way, it’s not related to Signal in any way, shape or form.
As previously said, the app uses a unique protocol called the Signal Protocol, an encryption method called by most experts as the best ever developed. It’s the combination of many other well-known encryption algorithms like HMAC-SHA256, AES-256, Double Ratchet Algorithm and many others.
Other security features consist of the increased security of your conversation by locking the app with a passcode or a fingerprint, and the “incognito keyboard” that eliminates the autonomous learning mechanism of the typing. It also lets you verify the identity of all your contacts, by incorporating a unique safety number to every conversation, which you can then compare with other contacts.
In the end, what Signal does, no one else has managed to achieve until now, at least not on the same level.
Its security mechanisms and encryption protocols, as well as the privacy-oriented policy, they all make Signal the most secure messaging application out there.