Signal is a cross-platform encrypted messaging service developed by the Signal Foundation and Signal Messenger. It uses the Internet to send one-to-one and group messages, which can include files, voice notes, images and videos. It can also be used to make one-to-one and group voice and video calls, and the Android version can optionally function as an SMS app.
Signal uses standard cellular telephone numbers as identifiers and secures all communications to other Signal users with end-to-end encryption. The apps include mechanisms by which users can independently verify the identity of their contacts and the integrity of the data channel.
Signal’s software is free and open-source. Its clients are published under the GPLv3 license, while the server code is published under the AGPLv3 license. The Android app generally uses the proprietary Google Play Services (installed on most Android devices) for functions such as push notifications. However, the app will fully work on a phone where these aren’t installed, since it has its own fallback open-source implementation of the needed functions.
The non-profit Signal Foundation was launched in February 2018 with initial funding of $50 million from Brian Acton. Signal has more than 10 million downloads on Android.
Signal allows users to make one-to-one and group voice and video calls to other Signal users on iOS, Android, and desktop. Group calls support up to 5 people with further plans to expand. All calls are made over a Wi-Fi or data connection and (with the exception of data fees) are free of charge, including long distance and international. Signal also allows users to send text messages, files, voice notes, pictures, GIFs, and video messages over a Wi-Fi or data connection to other Signal users on iOS, Android and a desktop app. The app also supports group messaging.
All communications between Signal users are automatically end-to-end encrypted. The keys that are used to encrypt the user’s communications are generated and stored at the endpoints (i.e. by users, not by servers). To verify that a correspondent is really the person that they claim to be, Signal users can compare key fingerprints (or scan QR codes) out-of-band. The app employs a trust-on-first-use mechanism in order to notify the user if a correspondent’s key changes.
On Android, users can opt into making Signal the default SMS/MMS application, allowing them to send and receive unencrypted SMS messages in addition to the standard end-to-end encrypted Signal messages. Users can then use the same application to communicate with contacts who do not have Signal. Sending a message unencrypted is also available as an override between Signal users.
TextSecure allowed the user to set a passphrase that encrypted the local message database and the user’s encryption keys. This did not encrypt the user’s contact database or message timestamps. The Signal applications on Android and iOS can be locked with the phone’s pin, passphrase, or biometric authentication. The user can define a “screen lock timeout” interval, providing an additional protection mechanism in case the phone is lost or stolen.
Signal also allows users to set timers to messages. After a specified time interval, the messages will be deleted from both the sender’s and the receivers’ devices. The time interval can be between five seconds and one week long, and the timer begins for each recipient once they have read their copy of the message. The developers have stressed that this is meant to be “a collaborative feature for conversations where all participants want to automate minimalist data hygiene, not for situations where your contact is your adversary”.
Signal excludes users’ messages from non-encrypted cloud backups by default.
Signal has support for read receipts and typing indicators, both of which can be disabled.
Signal allows users to automatically blur faces of people in photos to protect their identities.
Signal messages are encrypted with the Signal Protocol (formerly known as the TextSecure Protocol). The protocol combines the Double Ratchet Algorithm, prekeys, and an Extended Triple Diffie–Hellman (X3DH) handshake. It uses Curve25519, AES-256, and HMAC-SHA256 as primitives. The protocol provides confidentiality, integrity, authentication, participant consistency, destination validation, forward secrecy, backward secrecy (aka future secrecy), causality preservation, message unlinkability, message repudiation, participation repudiation, and asynchronicity. It does not provide anonymity preservation, and requires servers for the relaying of messages and storing of public key material.
The Signal Protocol also supports end-to-end encrypted group chats. The group chat protocol is a combination of a pairwise double ratchet and multicast encryption. In addition to the properties provided by the one-to-one protocol, the group chat protocol provides speaker consistency, out-of-order resilience, dropped message resilience, computational equality, trust equality, subgroup messaging, as well as contractible and expandable membership.
In October 2014, researchers from Ruhr University Bochum published an analysis of the Signal Protocol. Among other findings, they presented an unknown key-share attack on the protocol, but in general, they found that it was secure. In October 2016, researchers from UK’s University of Oxford, Queensland University of Technology in Australia, and Canada’s McMaster University published a formal analysis of the protocol. They concluded that the protocol was cryptographically sound. In July 2017, researchers from Ruhr University Bochum found during another analysis of group messengers a purely theoretic attack against the group protocol of Signal: A user who knows the secret group ID of a group (due to having been a group member previously or stealing it from a member’s device) can become a member of the group. Since the group ID cannot be guessed and such member changes are displayed to the remaining members, this attack is likely to be difficult to carry out without being detected.
As of August 2018, the Signal Protocol has been implemented into WhatsApp, Facebook Messenger, Skype, and Google Allo, making it possible for the conversations of “more than a billion people worldwide” to be end-to-end encrypted. In Google Allo, Skype and Facebook Messenger, conversations are not encrypted with the Signal Protocol by default; they only offer end-to-end encryption in an optional mode.
Up until March 2017, Signal’s voice calls were encrypted with SRTP and the ZRTP key-agreement protocol, which was developed by Phil Zimmermann. As of March 2017, Signal’s voice and video calling functionalities use the app’s Signal Protocol channel for authentication instead of ZRTP.
To verify that a correspondent is really the person that they claim to be, Signal users can compare key fingerprints (or scan QR codes) out-of-band. The app employs a trust on first use mechanism in order to notify the user if a correspondent’s key changes.
Once the messages are received and decrypted on a user’s device, they are stored locally in a SQLite database that is encrypted with SQLCipher. The key to decrypt this database is also stored locally on the user’s device and can be accessed if the device is unlocked. In December 2020, Cellebrite published a blog post announcing that one of their products could now access this key and use it to “decrypt the Signal app”. Technology reporters later published articles about how Cellebrite had claimed to have the ability to “break into the Signal app” and “crack Signal’s encryption”. This latter interpretation was rejected by several experts, as well as representatives from Signal, who said the original post by Cellebrite had been about accessing data on “an unlocked Android phone in their physical possession” and that they “could have just opened the app to look at the messages”.
Signal relies on centralized servers that are maintained by Signal Messenger. In addition to routing Signal’s messages, the servers also facilitate the discovery of contacts who are also registered Signal users and the automatic exchange of users’ public keys. By default, Signal’s voice and video calls are peer-to-peer. If the caller is not in the receiver’s address book, the call is routed through a server in order to hide the users’ IP addresses.