Is Signal App Really Safe? How Safe Is It Compared To WhatsApp?
Thinking of switching to Signal? Is Signal safer as compared with WhatsApp? How do you know it’s as safe as it claims to be? Many WhatsApp users are marching towards Signal. This move was instigated by the recent announcement made by WhatsApp that meant a more elaborate form of customer data sharing with Facebook.
Is Signal app really safe?
‘Say Hello to Privacy’ reads Signal’s tagline. Though most of Signal’s features are similar to WhatsApp, here’s what makes them different. First and foremost, let’s understand where each of the apps comes from. While WhatsApp is acquired by one of the biggest tech companies of today i.e. Facebook, Signal is owned by a non-profit organization, Signal Foundation and the app is further developed only through the donations made by their customers.
How much private is private?
Though WhatsApp claims to be end-to-end encrypted, did you know that your back-up messages that transfer to the cloud and the metadata that connects the two ends are not? On the other hand, Signal doesn’t at all send your data to the cloud. Instead, your back-up files are saved locally in your phone so that only you have the key to them. The metadata is also encrypted on Signal.
The keyboard is not your friend, in most cases.
WhatsApp vs Telegram vs Signal: A Rundown (2021)
We will be comparing these three instant messengers on basis of security. We will discuss all the things you get and lose by choosing one of these messengers over the others, so you can make a well educated choice about which app you want to use.
Before anything, I would like to begin with security first as it’s the most debatable and contentious topic among the three messaging services. So let’s start off with WhatsApp’s security model first in this battle against Telegram and Signal.
One thing that WhatsApp definitely has going for it is its end-to-end encryption. Plus, E2E on WhatsApp is available on every single mode of communication that the app enables. So all your messages, video calls, voice calls, photos, and anything else you share is end-to-end encrypted on WhatsApp.
What that means, is that you and the recipient are the only people who can read the messages you send to them. WhatsApp can’t decrypt the contents of your messages, calls, photos, etc, thus ensuring your security and privacy.
That said, it’s noteworthy that WhatsApp uses the E2E protocol developed by Open Whisper Systems, which is the name behind Signal messenger. That’s a good thing, because the Signal protocol is open source, widely peer-reviewed, and is generally considered one of the best protocols for implementing end-to-end encryption in messaging platforms.
It’s also noteworthy that even though all your communication on WhatsApp uses E2E encryption, the company does not encrypt backups (cloud and local). Also, it does not encrypt the metadata which is used to carry communication between two endpoints. This is one of the major criticisms of WhatsApp’s security model. While metadata does not allow anyone to read your messages, it lets authorities know whom and when you messaged someone, and for how long.
But that’s on the back-end. What about security features on the user-facing side of WhatsApp. Well, WhatsApp offers a built-in app lock feature on both the Android and iOS apps, so you can lock your WhatsApp chats with biometrics. Moreover, you get support for two factor authentication (2FA) on the app, which is great for security as well.
Overall, WhatsApp does a pretty solid job of ensuring security for its users. That said, WhatsApp has suffered a couple of major privacy nightmares, especially the recent issue with group chats getting indexed on Google search. That issue has been fixed, however, it was not a good look for the messaging app.
As far as security is concerned, Telegram does offer some protections to its users. However, there are multiple pain points in the way Telegram encrypts your messages and other information. For one, while Telegram supports E2E encryption, it’s not enabled by default. The only way to use E2E encryption on Telegram is to use its secret chats feature.
Messages sent in a secret chat are E2E encrypted, which is nice, but regular chats are not. This means means that the messages are encrypted on your device and then they are decrypted on Telegram’s server. Again, the messages are encrypted on the server and sent to the recipient’s device for final decryption. As you can see, in this process, Telegram has the encryption keys on the server-side and can, in theory, access your normal chats.
For what it’s worth, Telegram states that it manages its message storage and decryption keys in a way that one would require court orders from multiple legal systems around the world to be able to access any of your data. In fact, the company says that it has shared 0 bytes of data with third-parties and governments to this date.
Even if you’re using secret chats, Telegram uses its own proprietary encryption protocol, MTProto, to encrypt your messages. This may very well be fine, but since its a closed-source protocol, security researchers can’t verify it. As such, security researchers believe that using an open-source and widely trusted protocol such as the Signal protocol would have been better than using a proprietary closed-source encryption protocol in Telegram.
On the user-facing side of things, Telegram, like WhatsApp, also offers a built in app lock. However, end-to-end encryption is incredibly scarce in the app. Telegram groups are not encrypted because Secret Chats are only supported for single-user communication. Moreover, Telegram’s desktop client doesn’t support E2E encryption on any platform other than macOS.
Clearly, Telegram’s security isn’t nearly as robust as WhatsApp’s or Signal Messenger’s.
Signal is by far the best when it comes to security, be it on the back-end or on the user-facing side of the service.
As mentioned above, Signal uses the open-source Signal Protocol to implement end-to-end encryption. And just like WhatsApp, the E2E encryption covers all forms of communication on Signal.
While WhatsApp encrypts messages and calls (and that’s enough for most users), Signal goes one step further and encrypts the metadata too. In order to protect user privacy from all corners, Signal devised a new way to communicate between the sender and the recipient and it’s called Sealed Sender. Basically, with Sealed Sender, no one will be able to know — not even Signal — who is messaging whom, which is amazing.
In addition, you have some incredible privacy features on Signal that is going to make your messaging experience even more private and secure. For instance, you can lock Signal with a passcode or biometrics. Then there is 2FA and an option to block screenshots within the app and the recent screen. And recently Signal added a new feature to blur faces automatically before sending images. That’s cool, right?
Not to mention, Signal by default encrypts all the local files with a 4-digit passphrase. And if you want to create an encrypted local backup then you can do that as well. The app now also supports encrypted group calls.
There was recently some reporting about Cellebrite cracking Signal’s security. However, Signal has since debunked that news and you can read more about it here. All in all, in terms of security and privacy protection, Signal stands head and shoulder above WhatsApp and Telegram and that make it the most secure messaging app between the three.
The Verdict: WhatsApp vs Telegram vs Signal
On the other hand, Telegram messenger may not be the best in terms of security. However, it offers a boatload of features that are enough to make any group admin drool. Plus you do get end-to-end encryption on Telegram, albeit restricted to secret chats.
To sum everything up, I’d suggest going with Telegram if you want more features than the average messenger. You can consider Signal if you’re looking for the essential messaging and calling features along with a high-standard of security. However, WhatsApp is looking more dicey than ever now with the new policy update.