Notes for Signal

Previously: “Signal, TextSecure, and RedPhone ecosystem notes”

Published: 2015-Mar-02
Updated: 2015-Nov-16, revision 36


1. You need a phone number plus an Android, iPhone, or iPod Touch to use Signal.

2. You need a data connection (Wifi or cellular) to use any of Signal’s end-to-end encrypted (E2EE) services.

3. Signal provides easy E2EE voice and text communications including to international Signal users; however, Signal for Android can optionally manage SMS by replacing your default SMS application.

4. Signal’s message database is independently encrypted on the device. Other apps cannot access the contents of this database. Signal (iOS) messages are not included in iCloud backups if iCloud is enabled. Signal (Android) messages are not included in Google Hangout syncing.

5. Unlike iMessage, WhatsApp, and other encrypted IM solutions, Signal allows users to verify each other’s public encryption key by sharing the public key fingerprint.

Group Messaging

6. Signal can be used to create and manage E2EE text/IM group chats.

7. Signal group chats protect 1) who is in the chat, 2) the name of the chat, and 3) the message content shared between Signal users.

Android specific

8. Signal asks to replace the default Android SMS application. It can send SMS (insecure) to non-Signal users. When Signal manages the SMS database (default SMS application), SMS (insecure) sent and received are not any more protected in transit than if you were using Android’s default SMS application.

9. If you need to send an SMS (insecure) to a contact but you have already chatted with Signal IMs, long-press the “enter” button when you are about to send the message.

10. Signal for Android can be configured to turn off SMS-sending. In this case you’ll only be able to send IMs to other Signal users. However, turning off SMS-sending only removes SMS contacts from Signal’s user interface. If you have an existing SMS conversation that is managed by Signal, you will still be able to send SMS to said contact. If someone SMSs you, you can still reply with SMS. Turning off SMS-sending in Signal is only superficial.

11. Signal SMS messages provide message content, time, date, contact (phone number), and location (cell tower) metadata to your telecommunication service provider and to your federal agencies. In the United States, this is accomplished via Section 215 of the USA Patriot Act. Signal IMs can provide time, date, and location metadata to telecommunications companies while protecting message content and contact metadata. Communication records will not show up on your phone bill when using Signal (non-SMS) encrypted communications.

iOS specific

12. Signal for iOS cannot send or receive SMS because there is no application program interface (API) in iOS for SMS. It can only send encrypted IMs.

13. Signal (iOS) is like iMessage. However, iMessage encryption keys can be replaced transparently (without your knowledge) by Apple, and iMessage does not employ Perfect Forward Secrecy (PFS). PFS allows each IM or encrypted voice call to have it’s own, unique, encryption key, making your communications much harder to crack once captured. Additionally, iMessages, by default, are synced to iCloud, making them easy to obtain by Apple or any government agency with the right paperwork. iMessages stored in iCloud are encrypted, but Apple holds those private keys and can unencrypt them for anybody it chooses.