Signal is a secure, free, and open source messaging application that uses end-to-end encryption to securely send and receive all kinds of communications with other Signal users. Using the Internet for all encrypted communication, Signal comes highly recommended by some of the top privacy and security advocates.
In this Signal review, we’ll look at the capabilities, usability, and security that Signal offers. We’ll also talk about how the design of the service provides extremely strong protection for your privacy. Signal is truly impressive, so let’s cut the chatter and dig in to the review.
Signal Pros and Cons
+ Pros
- End-to-end (E2E) encryption
- Encryption algorithms: Signal protocol, with Perfect Forward Secrecy (PFS) for text messages, voice messages, and video calls
- Open source software
- Disappearing messages (aka self-destructing messages)
- Published transparency reports
- Logs minimum amount of data
- Does not log IP Addresses
- Can replace your phone’s SMS messaging app
- Focus is totally on individual users
- All Signal products are free of charge
– Cons
- Requires a telephone number to sign up
Now we’ll briefly cover the main features of Signal encrypted messenger.
Feature summary
Here are some key features to consider when deciding whether the Signal app is right for you:
- Signal is generally considered the most secure messaging app in existence.
- 100% open source code. The code is available on GitHub.
- The Signal Messaging Protocol was independently audited in 2016.
- The service is fully GDPR compliant.
- Clients for Android, iOS, Mac OS, Windows, Linux.
Company information
In 2013, Moxie Marlinspike (real name Matthew Rosenfeld) founded Open Whisper Systems to develop the Signal app and protocol. In 2018, Marlinspike and Brian Acton founded Signal Messenger, LLC, to take over the development of both the Signal app and the Signal Protocol.
Signal Messenger, LLC is funded by the Signal Technology Foundation (aka Signal Foundation), a 501(c)(3) non-profit organization. All products of the Signal Foundation are published as free and open-source software.
Where is your Signal data stored?
When you use Signal, your data is stored in encrypted form on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on. As Signal points out,
Notably, things we don’t have stored include anything about a user’s contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user’s groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user’s groups), or any records of who a user has been communicating with.
All message contents are end-to-end encrypted, so we don’t have that information either.
This is great for your privacy, since no one can get any more information than that without physical access to your device or those of the people you communicate with.
This is different from apps like Wire messenger, which stores info about your contacts on central servers. However, it does mean that if you want to keep copies of your messages, you will need to configure Signal to back them up and restore them on your device.
Follow this link for instructions on using Signal backup and restore.
Third-party testing and audits of Signal
Even when a product is 100% open source like Signal, you don’t really know how good it is until someone checks it out. Here are some published findings by experts you can review to see how good Signal really is.
Signal security audits
A formal security analysis of the Signal protocol was conducted in 2016. According to that analysis, conducted by researchers from Germany, Switzerland, the United States, and Canada, there were no major flaws in the design. It showed that the protocol was cryptographically sound.
This analysis has been updated several times since, without changing the researcher’s conclusion that the protocol is sound. The last update was published in July, 2019.
Note: In September, 2019, a bug in the user interface of the Android version of the Signal app was discovered that could have allowed an attacker to eavesdrop on Signal users.
According to Vice.com, the bug was fixed the same day it was reported. This incident shows both the responsiveness of the Signal team, and the importance of keeping your copy of the Signal app and desktop updated.
Signal hands-on testing
For purposes of this Signal review, I tested out the mobile app for Android, along with the Linux desktop app.
Note: Signal is different than many other secure messaging apps in that you need to install and register it on a mobile phone before you can use it anywhere else. Therefore, I’ll address the mobile (Android) app first.
Installing Signal on an Android phone
Installing Signal on an Android phone involves downloading the app from Google Play and registering your phone using your telephone number. Some people object to registering using a phone number instead of an email address or anonymous username.
But registering with your phone number lets Signal connect easily to your phone’s contact list. Another benefit to this approach is that it lets Signal replace your phone’s built-in messaging app on Android devices.
Note: You can download an Android Signal APK here, and install the app that way, but Signal recommends against it unless you are an advanced user with special needs that would justify doing so.
Once you finish installing and registering your account, the Signal app will use your Internet connection to securely communicate with other Signal users by text, voice, video, group messaging, even file sharing, all using the secure Signal protocol.
Note: If you replace Android’s messaging app with Signal, you will need to distinguish between Signal users and non-users before sending messages. That’s because Signal cannot send encrypted SMS or MMS messages, meaning messages to non-Signal users will not be secure. Signal notifies you whenever you are messaging someone with a Signal account, and will offer you an easy way to invite non-users to join Signal when you connect to them.
Working with Signal
When you open Signal app you’ll see a list of your current phone contacts who are Signal users. The interface itself is clean and includes a wealth of information about the status of your contacts and your communications with them:
Tap the listing for a particular contact to open it. You’ll see the full thread of your conversation with that contact, the same as you would with any other messaging app.
But Signal has a number of features that can enhance your privacy, adjust the user interface, or just have fun adding things like animated stickers. Here are some of those features:
- Secure connection indicators – For iOS and Desktop Signal apps, all communications are always secure. For the Android app, the text input field for a conversation will show the words, “Signal message” and the Send icon will be blue and include an image of a closed lock when the connection is secure.
- Message reaction emojis – Quickly reply to messages with emoji reactions.
- View-once media – On mobile devices you can configure individual photos and videos to disappear after they have been viewed once.
- Group chats – Stay connected with your family and other groups of people.
- Insights – For Android users, a system that shows you what percentage of your Signal messages were sent encrypted.
- Disappearing messages – Set messages to disappear from both your and the recipient’s devices after a set amount of time has elapsed.
- Safety Numbers – Verify that you are communicating with the device you expect to be talking to by comparing safety numbers.
- Encrypted stickers – Add some fun without compromising your security.
Not only are the Signal mobile apps good looking and feature packed, they are also well made. Reviews are also good with Signal receiving ratings of 4.8 out of 5 stars at the Apple app store and 4.5 out of 5 stars at the Google Play store.
Signal Desktop clients
Signal officially supports the following desktop platforms:
- Windows
- Mac OS
- Linux (64 bit and 32 bit)
Installing Signal Desktop for Windows or Signal Desktop for MacOS is just like installing any other app. It only takes a moment to download, and seconds to install.
Installing Signal Desktop for Linux isn’t a particularly user-friendly process. You need to be able to do a bit of work on the Linux command line, but after a couple of steps you’ll have Signal Desktop for Linux installed and ready to run.
Because your phone number is the only way Signal can identify you, you need to link your account to Signal Desktop. Launching Signal Desktop for the first time displays a QR code you can use to make the connection It will look something like this:
Follow the directions on the bottom of this window to connect Signal Desktop to your mobile device and sync your data between the two.
Once the desktop is synched to your mobile phone, you’ll see that clean Signal interface along with your contacts.
I’ll leave it up to you to explore what else the Signal Desktop can do besides displaying those fun stickers!
Support
Signal Support is a searchable collection of around 70 articles addressing the most common questions and topics a Signal user might want information on.
For cases where this isn’t enough, you can hit the Contact Us link at the top of the page to submit a help ticket.
How secure and private is Signal
When it comes to security, the Signal messaging protocol is generally considered to be the most secure messaging protocol available. It is so good that many other messaging products, including Facebook Messenger, Skype, and WhatsApp, claim to have adopted the protocol for use in their own products.
When it comes to privacy, Signal is also a winner. As we discussed earlier, Signal only records three bits of information about their users. This is far less information than other services collect.
And you can take the privacy protections even one step further. This article has detailed instructions for registering a Signal account without disclosing your personal phone number.
Transparency reports
Signal has published only one transparency report, which you can see here. The report, from October 2016, is incredibly detailed, even including transcripts of the subpoena used, and all the additional communication that passed back and forth.
It would be great to see more transparency reports, on a regular schedule, like we see with other services. For example, we noted regular transparency updates in our ProtonVPN review. As another example, Surfshark has a warrant canary that is updated daily.
Signal business features
Unlike other messaging services, such as Wire, Signal offers only a single, free version. There are no pricing tiers, no extra-cost features, and no business-specific features. This is consistent with the idea behind the product, which is to become the most secure messaging app available. Nothing more, nothing less.
Signal prices
The Signal pricing model is about as complicated as the list of Signal business features. The price for everything they publish is zero.
Everything is free and open source software.
While you can use everything from Signal free of charge, the Signal Technology Foundation is an independent 501c3 nonprofit. They are committed to developing open source privacy technology that is desperately needed in this world of endless surveillance. You can make a contribution to the organization by visiting this page, and following the directions you find there.
Conclusion: Consider using Signal in 2021
Signal is clearly one of the leading secure messaging apps available today. While some people dislike the requirement to register with a phone number, the design of the whole system is such that it is hard to see this as a major problem. I have no qualms about recommending Signal to anyone investigating encrypted messaging services for personal use.
It is also a great alternative to WhatsApp that people are flocking to in 2021 as privacy concerns mount with WhatsApp and Facebook.
But you don’t need to take my advice on this. Users are flooding into the Signal camp from all directions. According to this February 2020 article at The Verge, The European Union has told its staff to switch to Signal for all its public instant messaging.
And let’s not forget these endorsements from big-name privacy and security advocates:
The most recent “big name” recommendation for Signal came from Elon Musk in response to the latest WhatsApp privacy issues.
What else is there to say?
Is Signal right for you?
It is hard for me to imagine someone reading this post for whom Signal would not be the right secure messaging app. And remember: If the need to register with a phone number really bothers you, read this article for alternatives to giving Signal your personal phone number.
One other reason not to try Signal: if most of the people you need secure messaging for are already using another secure messaging service like Wire or Telegram, it might make sense to join them there instead of trying to get them to all move to Signal.
Beyond those cases, I believe that anyone looking for a secure messaging service should try Signal now.
For alternatives, check out our roundup of the best encrypted messaging apps.
Last updated on January 14, 2021.
Signal Review
-
Rating
first you have to have notional scrutiny clearvoyance to pass the examen, and if you follow a bright light, you will most certainly fail due to the blinded by the bright light outcome.
https://www.rt.com/op-ed/513732-signal-messenger-us-national-security/
Well that’s interesting. Thanks for sharing.
I have one fundamental question about Signal:
Why US govt forced Lavabit to hand their keys and has let Signal go free?
https://yasha.substack.com/p/signal-is-a-government-op-85e
adding this to open masked discussion.
Yes, those are some interesting claims. And while we like Signal, we also recommended other options in our recent Secure Messenger roundup guide, so pick whichever one you are most comfortable with.
Hello guys and friends
Signal now is the world’s most secure collaboration and messaging app ever !
Israeli claim [about being hacked by Cellebrite] is FAKE , LIE AND UNKNOWN !
No body can decrypting signal app even them (server ) !
About whatsapp yes but about signal never !
They did send to me letter that was containing signal is safe !
Signal database is safe
Server are safe
Collaboration is safe
All data is safe
Do not worry about that !
I promise to All
Best cheers
Good luck .
Also there is some links of Moxie to Twitter, since Twitter bought Whisper Systems and ended up directly employing Moxie. This info is not widely known, but should also be included in the review.
The 2FA bit is incorrect. Signal does have a second step needed to log into the account (called the Signal pin), apart from the OTP needed to login.
Fixed
Thank you Sven. You may consider adding the 2FA thing in Pros, since not all messengers have it.
Hmm. I’m quite puzzled why an entire section was devoted to installing Signal onto an Android device, but not iPhone. What’s up with that??
Heinrich tests VPNs and other privacy tools on an Android phone, which is more popular than iOS. That’s what’s up.
“Signal” does not use E2E!
Easy test:
– start a conversation on your Signal Windows app with a friend while your mobile, where you have the Signal app, is network OFF, or shut down the phone
– turn OFF your network on your PC and turn ON your mobile
Result: all your messages will sync on your mobile, meaning that they use their servers to deliver the message and not E2E.
You can host your own server if you don’t feel secure using Signal server.
Thank you for the instructive review. Nevertheless, I have some doubts as regards Signal:
– Signal and WhatsApp (and Wire, which apparently is a fork) apparently have developed the encryption together. This seems to indicate that there is only one, two tweaks in the code required and the encryption has similar “gaps” like WhatsApp (especially in group chats).
– End-to-end encryption in groups chats appears to be much more difficult than in one-to-one chats. With regard to their video feature, Signal says that they can do encryption for up to five participants. Why such limit here, if not there? (I am not a programmer or an IT scientist.)
– Signal is – contrary to its own claim – not (!) in conformity of GDPR. The European High Court has cancelled the Privacy Shield regulation. Since Non-U.S.-citizens do not enjoy the protection of the U.S. civil rights, it is without such regulation not excluded that Signal might be forced to open “doors” – which in the past they were able to deny in respect of the data of American citizens.
– To my opinion, whenever an option in an app is available, it will be used. Signal can replace the SMS app on the phone, you just have to switch it “on”. But who guarantees that “off” means “off”? When I switch on flight mode and switch off tracking, but change the switches later on, Google “miraculously” reports to me, where I have been and when before.
– Signal has no plausible and lasting financial concept, to my understanding. Every single additional user and every additional feature of the app increases the risk that they run out of money. And then? Same story as with WhatsApp back in 2014?
@whipper-snapper,
Do you have a link to the claim? This will be interesting if true. Thanks.
What’s new in this updated Signal review?
And can you make something that clearly shows what has been edited since last time? Or perhaps go with Android Police style of updating. (Example: https://www.androidpolice.com/2020/11/04/oneplus-expands-nord-lineup-with-two-new-budget-models/#1 )
Heinrich verified all info is updated and correct.
Perhaps not well known – Signal has received funding from the government. How do you feel about it now?
Doesn’t seem to be significant in terms of actual security impact: https://www.reddit.com/r/signal/comments/8jb4vc/signal_funded_by_the_goverment/
You could say the Internet (ARPAnet) was funded by the U.S. government too, or Tor, or…
Also bluntly we know the U.S. government and allies are tapping many Internet exchanges. If they have the traffic and the computing power to throw at things then I’m sure they can decrypt most things if the target is high enough value.
Sven,
thanks for another great article.
And with all the craziness in the U.S. it is very timely.
I have been sending people to RestorePrivacy.com lately because you make the material pertinent, consistent, boil it down for the less technically inclined, and you are an independent voice.
Your site is a of great value to everyone!!!
Thanks Chris!
Is there a way to view when a person was last online? This is useful when I don’t want to bother someone who hasn’t been active.
Hello guys and friends
Signal now is the world’s most secure collaboration and messaging app ever !
Israeli claim is FAKE , LIE AND UNKNOWN !
No body can decrypting signal app even them (server ) !
About whatsapp yes but about signal never !
They did send to me letter that was containing signal is safe !
Signal database is safe
Server are safe
Collaboration is safe
All data is safe
Do not worry about that !
I promise to All
Best cheers
Good luck .
Here’s some troublesome news: Cellebrite is claiming to have gained access to Signal’s database
I’m not sure if this is Signal’s problem or Android’s, as judging from the way they got access to the database is by gaining access to the Android Keystore to get the right key to decrypt Signal database.
Wow, that’s alarming, but also not too surprising. Cellebrite has built a business around cracking “secure” technology. I just found this:
Israeli Phone-hacking Firm Claims It Can Now Break Into Encrypted Signal App
—————-
Previous Cellibrite news:
Cellebrite Says It Can Unlock Any iPhone for Cops (2019)
——–
Cellebrite and other iPhone hacking tools purchased by U.S. public schools (2020)
UPDATE: It looks like Cellebrite has quietly retracted and deleted their announcement about “hacking” Signal. Perhaps this was just a publicity stunt?
https://signal.org/blog/cellebrite-and-clickbait/
PS Thank you very much for this helpfull review!
PS2 One thing that bothered me after my first SIgnal download was that I got messages about who of my contacts were using Signal. That meant that Signal could screen my contacts list.. I immediately deleted the app then. I have a question about this: is it possible to prevent Signal to notificate others and to notificate specific others that I’m on Signal? Or to prevent Signal to use my contacts automatically?
On Dec 01 Joe Rogan interviews Moxie about Signal, and Joe complains about Signal notifying everyone in his contacts list. Although I cannot seem to find any comments about that feature being a Con prior to Dec 1, it seems a lot have popped up since then. Guess a lot of Signal users also listen to Joe Rogan, and are influenced accordingly?
Thank you for the carefull review! however I miss the subject ‘(quality of) videocalling’. Quite relevant in Covid-19 days.. 🙂
The above information was worthful and helpful to me. It can understand by everyone and you have explained briefly about the Avast. There are plenty of software exhibits in the market, in those, this is the best part of me. I hope you will provide more information about software along with downloads.
Recently i install Signal app Really it’s have Great features of privacy , Frankly Guys it’s nice and best App For our Privacy . Thanks to Signal Team
I don’t think Jitsi is end-to-end encrypted though. At least not yet. https://jitsi.org/blog/e2ee/
Older versions discussion https://github.com/jitsi/jitsi-meet/issues/409
WickrMe and WickrPro are end-to-end encrypted but it is closed source. WickrPro also limit number of users unless you pay.
@C,
I just found Jitsi Meet, which is open source, end-to-end encrypted, free and even better… NO ACCOUNT REQUIRED!! It seems to work well. I found it highlighted in an article by Mozilla. https://jitsi.org/jitsi-meet/
Did Signal fix the problems of messages disappearing and never communicating? My partner and I used Signal three years ago but frequently would not receive each other’s messages.
We have the same problem. My partner and I used signal cause we thought it is safer than other app but it’s worst I guess. My partner tried contacting me but I didn’t received anything.
This is also a problem we found when testing out Session, which is also based on the Signal protocol. I’d recommend trying Wire or Wickr — we have reviews on those as well, and each offers a free (personal use) version.
Try Threema. I am using it for years now and have never noticed any problem. It is secure as Signal.
Thanks for all the info! Am not tech-savvy at all, still working my way through reading and trying to understand. Because of current circumstances, some weeks ago a course I take has shifted to meeting via zoom. Read the Citizen Lab article, because it mentioned, at the time, a few servers were in China and that data could be stored or passed through China, I still don’t want to get a zoom account because of their privacy policy. Now everyone in my course group has a zoom account, I was given some phone numbers based in the country I live in to call directly into the meeting. But somewhere I saw a diagram of how that works then which showed a cloud and cloud server, couldn’t find the page again. Wrote to zoom whether I could be assured if I called such a number in the country where I live to join the zoom meeting that none of my data would be stored in or pass through China, haven’t heard back. Does anyone reading this know the answer to that? I do not want to use zoom, think participation in a zoom call by any means likely results in a lot of data being collected.
Read the article here about wire, signal looks the better option, but doesn’t have group video, I think. Also, my phone doesn’t even have a data plan, though I think somehow it should be possible to get that signal app on there. I think it’s android (you can tell I don’t understand these things well, so I’ve been reading here trying to help myself). Anyways, even if I had signal I couldn’t use it to join my group’s zoom meeting.
Very many talks, webinars, meetings are offered via zoom these days, sometimes the information is not made available in another medium as well (youtube, soundcloud). It almost feels like I’m being asked to violate my conscience jut to be able to join these zoom meetings! Are there suggestions what to use instead of zoom? Or, does anyone know how to safely join a zoom meeting???
In the course of trying to find out about calling directly into a zoom meeting have read a little about data ethics, data sovereignty, net privacy and security concerns. Your efforts here to inform people how to protect themselves effectively are very valuable and very much appreciated!!! Thank you to all of the restore privacy team!!!
Hallo. Can you make complete article like this for whatsapp? I want share to my friend about whatsapp is not good for privacy. So its will more easy to invite them to signal.
Thank you.
Thanks for your review. Can you test the messaging app called SURESPOT? Would you recommend it? I am still searching for a whatsapp alternative and your reviews help a lot to convince my friends. Have a nice day
Signal has a Note to Self feature which allows users to message themselves.
Yes, it’s a good feature and I use it quite often to save my stuff and to write notes. Also Telegram has a “personal” area, but Telegram is cloud based and it’s not that secure.
Excellent review. I’m already a Signal user, I tested different encrypted, privacy focused tools and I can confirm it’s a really good IM, perhaps the best.
Just one thing: you say that Signal does not have two-factor authentication, but it has a registration PIN that in fact is a two-factor authentication. It’s used to register Signal with a particular number.
With Wire exposing metadata in plaintext and moving it’s holding company to the US, Signal seems a better alternative. Looking forward to reviews on Threema, Riot.im and Keybase.
Look for a Keybase review in the next couple of weeks.
Very complete review, thank you. I already use Signal, but that’s one more review I can send to my friends to convince them to install and use Signal!
Thanks Anthony. Please do share the review with your friends. The more Signal users the better!
I convinced my friends as well. But they are complaining about the quality of images and especially video’s. Also they don’t like that there is no auto save option. You must select all images one by one to save it. Now they want to go back to Whatsapp.
My point is if Signal wants to grow and attract more people from Whatsapp they should do something about their usability. On Iphone its even worse.
Yes, I agree with you, H.H. My most missed features from WhatsApp are (1) the ability for me to CANCEL (force-delete) a message I sent prematurely or (impending disaster!) sent to the wrong person; and (2) the ability to select any message or group of messages for manual deletion/editing/forwarding/archiving (i.e. with Signal, you can’t manipulate individual messages after they’ve been sent or received; you can only download or delete the ENTIRE chat thread).
hi Marc, You cán delete a single message is my experience, just by tapping the message and then you ‘ll see the trash bin in the bottomline of icons. I’m not a native English speaker, hopefully I made myself clear. good luck!
On Android, you CAN select images en masse and save them all at once: from within the chat window containing the images you desire to save, tap the three vertical dots (menu icon) in the upper right corner of the screen; select “All Media”; then LONG-PRESS the first image you wish to save; this activates the equivalent of a “Command Lock” (Mac keyboards), wherein all further selections are ADDED to the first (rather than replacing the first), thereby allowing multiple images to be selected simultaneously; any additional images desired can either be individually tapped, or, by tapping on the tiny square-with-the dotted-square-outline icon in the upper right corner, ALL of the images in this chat can be selected instantly; finally, just tap the down-arrow in the upper right corner (careful not to jab the trash can!), and viola, ALL of your images are saved simultaneously! I’d be surprised the iOS interface and functionality weren’t very similar.
Good review. Thanks. Answered a lot of questions that I had.
Glad to help J.M.