Signal is an encrypted instant messaging and voice call- collaborative Open Source project for the continued
ing application for Android and iOS. It uses the Internet development of TextSecure and RedPhone.[1][21]
to send one-to-one and group messages, which can include images and video messages, and make one-to-one
voice calls. Signal uses standard cellular mobile numbers 1.2 Open Whisper Systems (2013present)
as identiers and end-to-end encryption to secure all communications to other Signal users. The applications inSMSSecure
clude mechanisms by which users can independently verRedPhone
ify the identity of their messaging correspondents and the
TextSecure
Signal (Android)
integrity of the data channel. A Chrome app that can link
(c)
(b)
(a)
with a Signal client is also in development.
Signal (iOS)
1
1.1
crypted group chat and instant messaging capabilities to TextSecure. b) End of encrypted SMS/MMS messaging in TextSecure,
which prompted the creation of a fork. c) The Android version
of Signal was launched after RedPhone was merged into TextSecure. d) Signal for iOS was launched as a RedPhone counterpart
for iOS. e) Addition of encrypted group chat and instant messaging capabilities to the iOS version of Signal.
History
Background (20102013)
From its launch in May 2010[9] until March 2015, the Android version of Signal (then called TextSecure) included
support for encrypted SMS/MMS messaging.[27] From
version 2.7.0 onward, the Android application only supported sending and receiving encrypted messages via the
data channel.[28] Reasons for this included security aws
of SMS/MMS and problems with the key exchange.[28]
Open Whisper Systems abandonment of SMS/MMS encryption prompted some users to create a fork named
LIMITATIONS
Silence (initially called SMSSecure[29] ) that is meant also opt into allowing Signal to fall back to unencrypted
solely for the exchange of encrypted SMS and MMS SMS/MMS when communicating with contacts who do
messages.[30][31]
not have Signal.[22]
In November 2015, the TextSecure and RedPhone applications on Android were merged to become Signal for
Android.[32] A month later, Open Whisper Systems announced Signal Desktop, a Chrome app that can link with
a Signal client.[33] At launch, the app could only be linked
with the Android version of Signal.[34] On September
26, 2016, Open Whisper Systems announced that Signal Desktop could now be linked with the iOS version of
Signal as well.[35]
5.2
Servers
Usability
5.2 Servers
Signal relies on centralized servers that are maintained
by Open Whisper Systems. In addition to routing Signals messages and calls, the servers also facilitate the discovery of contacts who are also registered Signal users
and the automatic exchange of users public keys. Open
Whisper Systems has set up dozens of servers to handle
the encrypted calls in more than 10 countries around the
world to minimize latency.[1]
5
5.1
Architecture
Encryption protocols
The servers store registered users phone numbers, public key material and push tokens which are necessary
for setting up calls and transmitting messages.[58] In order to determine which contacts are also Signal users,
cryptographic hashes of the users contact numbers are
periodically transmitted to the server.[59] The server then
checks to see if those match any of the SHA256 hashes
of registered users and tells the client if any matches are
found.[59] The hashed numbers are thereafter discarded
from the server.[58] Moxie Marlinspike has written that
it is easy to calculate a map of all possible hash inputs to
hash outputs and reverse the mapping because of the limited preimage space (the set of all possible hash inputs)
of phone numbers, and that practical privacy preserving
contact discovery remains an unsolved problem.[60][59]
4
5.2.3
6 RECEPTION
Federation
Signals server architecture was federated between December 2013 and February 2016.
In December
2013, it was announced that the messaging protocol
that is used in Signal had successfully been integrated
into the Android-based open-source operating system
CyanogenMod.[66][67][68] Since CyanogenMod 11.0, the
client logic was contained in a system app called WhisperPush. According to Open Whisper Systems, the
Cyanogen team ran their own Signal messaging server for
WhisperPush clients, which federated with Open Whisper Systems Signal server, so that both clients could exchange messages with each-other.[68] The WhisperPush
source code was available under the GPLv3 license.[69]
In February 2016, the CyanogenMod team discontinued
WhisperPush and recommended that its users switch to
Signal.[70] In May 2016, Moxie Marlinspike wrote that
federation with the CyanogenMod servers degraded the
user experience and held back development, and that
Open Whisper Systems servers will probably not federate with other servers again.[48]
5.3
Licensing
The complete source code of the Signal clients for Android, iOS and Google Chrome are available on GitHub
under a free software license.[5][6][7] This enables interested parties to examine the code and help the developers verify that everything is behaving as expected. It also
allows advanced users to compile their own copies of the
applications and compare them with the versions that are
distributed by Open Whisper Systems. In March 2016,
Moxie Marlinspike wrote that, apart from some shared
libraries that aren't compiled with the project build due
to a lack of Gradle NDK support, Signal for Android is
reproducible.[71]
forms. Signals predecessor (TextSecure) was briey included in the F-Droid software repository in 2012, but
was removed at the developers request because it was
an unveried build and exceptionally out of date. Open
Whisper Systems have subsequently said that they will
not support their applications being distributed through
F-Droid because it does not provide timely software updates, relies on a centralized trust model and necessitates
allowing the installation of apps from unknown sources
which harms Androids security for average users.[46] FDroid subverts the other distribution platforms decentralized trust model by often building and signing their own
packages, meaning F-Droid administrators or anyone else
with access could be compelled to push out malicious
updates to any application.[73] Additionally, the keys for
most applications in the main repository are stored on machines that are accessible from the Internet[76] (i.e. not
separated by an air gap), which Marlinspike asserts is an
unacceptable security risk.[77]
6 Reception
In October 2014, the Electronic Frontier Foundation
(EFF) included Signal in their updated surveillance
self-defense guide.[78] In November 2014, Signal received a perfect score on the EFFs secure messaging
scorecard;[39] it received points for having communications encrypted in transit, having communications encrypted with keys the provider doesn't have access to
(end-to-end encryption), making it possible for users to
independently verify their correspondents identities, having past communications secure if the keys are stolen
(forward secrecy), having the code open to independent
review (open source), having the security designs welldocumented, and having a recent independent security
audit.[39] At the time, "ChatSecure + Orbot", Pidgin
(with OTR), Silent Phone, and Telegram's optional secret chats also received seven out of seven points on the
scorecard.[39]
5
March 2015, Snowden said that Signal is very good
and that he knew the security model.[83] Asked about encrypted messaging apps during a Reddit AMA in May
2015, he recommended Signal.[84][85] In November 2015,
Snowden tweeted that he used Signal every day.[32][86]
In September 2015, the American Civil Liberties Union
called on ocials at the U.S. Capitol to ensure that lawmakers and sta members have secure communications
technology.[87] One of the applications that the ACLU
recommended in their letter to the Senate Sergeant at
Arms and to the House Sergeant at Arms was Signal, writing:
One of the most widely respected encrypted communication apps, Signal, from
Open Whisper Systems, has received signicant nancial support from the U.S. government, has been audited by independent security
experts, and is now widely used by computer
security professionals, many of the top national
security journalists, and public interest advocates. Indeed, members of the ACLUs own
legal department regularly use Signal to make
encrypted telephone calls.[88]
Following the 2016 Democratic National Committee
email leak, Vanity Fair reported that Marc Elias, the general counsel for Hillary Clinton's presidential campaign,
had instructed DNC staers to exclusively use Signal
when saying anything remotely contentious or disparaging about Republican presidential nominee, Donald
Trump.[89][90]
9 References
[1] Greenberg, Andy (29 July 2014). Your iPhone Can Finally Make Free, Encrypted Calls. Wired. Retrieved 18
January 2015.
[2] Open Whisper Systems (11 October 2016). Signal Private Messenger. Google Play. Google. Retrieved 11 October 2016.
[3] Open Whisper Systems (18 October 2016). Signal - Private Messenger. App Store. Apple. Retrieved 26 October 2016.
[4] Open Whisper Systems (21 October 2016). Signal Private Messenger. Chrome Web Store. Google. Retrieved
26 October 2016.
[5] Open Whisper Systems. Signal-iOS. GitHub. Retrieved 14 January 2015.
[6] Open Whisper Systems. Signal-Android. GitHub. Retrieved 5 November 2015.
[7] Open Whisper Systems. Signal-Desktop. GitHub. Retrieved 7 April 2016.
[8] Open Whisper Systems. TextSecure-Server. GitHub.
Retrieved 2 March 2014.
[9] Announcing the public beta. Whisper Systems. 25 May
2010. Archived from the original on 30 May 2010. Retrieved 22 January 2015.
[10] Garling, Caleb (20 December 2011). Twitter Open
Sources Its Android Moxie | Wired Enterprise. Wired.
Retrieved 21 December 2011.
[11] Company Overview of Whisper Systems Inc..
Bloomberg Businessweek. Retrieved 2014-03-04.
[12] Greenberg, Andy (2010-05-25). Android App Aims to
Allow Wiretap-Proof Cell Phone Calls. Forbes. Retrieved 2014-02-28.
See also
Comparison of instant messaging clients
[17] Aniszczyk, Chris (20 December 2011). The Whispers Are True. The Twitter Developer Blog. Twitter.
Archived from the original on 24 October 2014. Retrieved 22 January 2015.
[18] TextSecure is now Open Source!". Whisper Systems. 20
December 2011. Archived from the original on 6 January
2012. Retrieved 22 January 2015.
[19] Pachal, Pete (2011-12-20). Twitter Takes TextSecure,
Texting App for Dissidents, Open Source. Mashable.
Retrieved 2014-03-01.
[20] RedPhone is now Open Source!". Whisper Systems. 18
July 2012. Archived from the original on 31 July 2012.
Retrieved 22 January 2015.
[21] A New Home. Open Whisper Systems. 2013-01-21.
Retrieved 2014-03-01.
[22] Donohue, Brian (24 February 2014). TextSecure Sheds
SMS in Latest Version. Threatpost. Retrieved 14 July
2016.
[23] Mimoso, Michael (29 July 2014). New Signal App
Brings Encrypted Calling to iPhone. Threatpost.
[24] Evans, Jon (29 July 2014). Talk Private To Me:
Free, Worldwide, Encrypted Voice Calls With Signal For
iPhone. TechCrunch. AOL.
[25] Lee, Micah (2015-03-02). You Should Really Consider Installing Signal, an Encrypted Messaging App for
iPhone. The Intercept. Retrieved 2015-03-03.
[26] Geuss, Megan (2015-03-03). Now you can easily send
(free!) encrypted messages between Android, iOS. Ars
Technica. Retrieved 2015-03-03.
[27] Open Whisper Systems (6 March 2015). Saying goodbye
to encrypted SMS/MMS. Retrieved 24 March 2016.
[28] Rottermanner et al. 2015, p. 3
[29] BastienLQ (20 April 2016). Change the name of
SMSSecure. GitHub (pull request). SilenceIM. Retrieved 27 August 2016.
[30] TextSecure-Fork bringt SMS-Verschlsselung zurck.
Heise (in German). 2 April 2015. Retrieved 29 July 2015.
[31] SMSSecure:
TextSecure-Abspaltung belebt SMSVerschlsselung wieder. Der Standard (in German). 3
April 2015. Retrieved 1 August 2015.
[32] Greenberg, Andy (2 November 2015). Signal, the
Snowden-Approved Crypto App, Comes to Android.
Wired. Cond Nast. Retrieved 19 March 2016.
REFERENCES
[35] Marlinspike, Moxie (26 September 2016). Desktop support comes to Signal for iPhone. Open Whisper Systems.
Retrieved 26 September 2016.
[36] Perlroth, Nicole; Benner, Katie (4 October 2016).
Subpoenas and Gag Orders Show Government Overreach, Tech Companies Argue. The New York Times.
The New York Times Company. Retrieved 4 October
2016.
[37] Kaufman, Brett Max (4 October 2016). New Documents Reveal Government Eort to Impose Secrecy on
Encryption Company (Blog post). American Civil Liberties Union. Retrieved 4 October 2016.
[38] Grand jury subpoena for Signal user data, Eastern District of Virginia. Open Whisper Systems. 4 October
2016. Retrieved 4 October 2016.
[39] Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?". Electronic Frontier Foundation. 4 November 2014.
[40] Exactly how does Zfone and ZRTP protect against a manin-the-middle (MiTM) attack?". The Zfone Project. Retrieved 25 January 2015.
[41] Rottermanner et al. 2015, p. 5
[42] Rottermanner et al. 2015, p. 9
[43] Greenberg, Andy (11 October 2016). Signal, the
Cypherpunk App of Choice, Adds Disappearing Messages. Wired. Cond Nast. Retrieved 11 October 2016.
[44] Marlinspike, Moxie (11 October 2016). Disappearing
messages for Signal. Open Whisper Systems. Retrieved
11 October 2016.
[45] Kolenkina, Masha (20 November 2015). Will any phone
number work? How do I get a verication number?".
Open Whisper Systems. Retrieved 20 December 2015.
[46] Kolenkina, Masha (25 February 2016). Why do I need
Google Play installed to use Signal? How can I get Signal APK?". Open Whisper Systems. Archived from the
original on 2 April 2016. Retrieved 13 October 2016.
[47] Marlinspike, Moxie (6 March 2015). Saying goodbye
to encrypted SMS/MMS. Open Whisper Systems. Retrieved 20 December 2015.
[48] Edge, Jake (18 May 2016). The perils of federated protocols. LWN.net. Retrieved 5 July 2016.
[49] Le Bihan, Michel (24 May 2016). README.md.
GitHub. LibreSignal. Retrieved 27 August 2016.
[50] Schrder et al. 2016
[51] Marlinspike, Moxie (30 March 2016). Signal on the outside, Signal on the inside. Open Whisper Systems. Retrieved 9 April 2016.
[80] Presentation from the SIGDEV Conference 2012 explaining which encryption protocols and techniques can
be attacked and which not (PDF). Der Spiegel. 28 December 2014. Retrieved 23 January 2015.
[63] Lee, Micah (22 June 2016). Battle of the Secure Messaging Apps: How Signal Beats WhatsApp. The Intercept.
First Look Media. Retrieved 6 September 2016.
[64] Moxie Marlinspike (5 May 2014). Private Group Messaging. Open Whisper Systems. Retrieved 2014-07-09.
[66] Andy Greenberg (2013-12-09). Ten Million More Android Users Text Messages Will Soon Be Encrypted By
Default. Forbes. Retrieved 2014-02-28.
[67] Seth Schoen (2013-12-28). 2013 in Review: Encrypting the Web Takes A Huge Leap Forward. Electronic
Frontier Foundation. Retrieved 2014-03-01.
[69] CyanogenMod
(Jan
7,
2014).
android_external_whispersystems_WhisperPush.
GitHub. Retrieved Mar 26, 2015.
[71] Marlinspike, Moxie (31 March 2016). Reproducible Signal builds for Android. Open Whisper Systems. Retrieved 31 March 2016.
[72] Kolenkina, Masha (22 November 2015). How can I host
my own server?". Open Whisper Systems. Retrieved 6
July 2016.
[73] Marlinspike, Moxie (12 February 2013). moxie0 commented Feb 12, 2013. GitHub. Retrieved 13 October
2016.
[89] Bilton, Nick (26 August 2016). How the Clinton Campaign Is Foiling the Kremlin. Vanity Fair. Cond Nast.
Retrieved 1 September 2016.
[90] Blake, Andrew (27 August 2016). Democrats warned
to use encryption weeks before email leaks. The Washington Times. The Washington Times, LLC. Retrieved 1
September 2016.
11
Re-
[95] Open Whisper Systems. Open Technology Fund. Retrieved 26 December 2015.
10
Literature
11
External links
Ocial website
EXTERNAL LINKS
12
12.1
Signal (software) Source: https://en.wikipedia.org/wiki/Signal_(software)?oldid=746594738 Contributors: Chadlupkes, Rwalker, ViperSnake151, Vagary, A.sutton, NMaia, l, Beeblebrox, Niceguyedc, Yobot, AnomieBOT, Jim1138, Melmann, Dewritech, Kistano, Sbmeirow, Paride, BG19bot, Nodove, Fend4self, Dodi 8238, Dhruvalpatel1994, Spiderjerky, Orschiro, Tomasbortoli, Kjblwk, Deidgeej,
Mindamax and Anonymous: 29
12.2
Images
12.3
Content license