Encrypted App Signal at Centre of US Security Controversy

Signal Messaging App at the Centre of US Security Breach

Top officials from the Trump administration reportedly used the encrypted messaging app Signal to share sensitive military plans, inadvertently adding a journalist to their conversation. This incident has led Democratic lawmakers to demand a congressional investigation into the security breach.

Under US law, mishandling classified information can be a criminal offence. However, it remains unclear whether any legal provisions were violated in this case.

How Secure Is Signal?

Signal is an open-source, fully encrypted messaging service that operates on centralised servers managed by Signal Messenger. Unlike other messaging apps, Signal does not store user conversations, contacts, or metadata. Instead, messages remain on users’ devices, with an option to automatically delete them after a set period.

The app does not use government encryption, nor is it hosted on government servers. It also avoids tracking user data or displaying ads. Users can enhance security by hiding their phone number and verifying messages through an additional safety number.

Cybersecurity expert Rocky Cole highlighted that while Signal itself is secure, the real risk comes from vulnerabilities in mobile devices. “If the phone itself isn’t secure, all the Signal messages on that device can be read,” he explained.

How Does Signal Work?

Signal provides end-to-end encryption for messages, voice calls, and video chats, ensuring that even the service provider cannot access user communications. It is available on both smartphones and computers and requires a phone number for registration.

Unlike many other messaging services, Signal does not track or store user data. Its open-source nature allows security experts to verify its encryption methods and ensure its reliability.

Signal’s president, Meredith Whittaker, defended the app’s security, calling it “the gold standard in private communications.” She also noted that WhatsApp uses Signal’s cryptographic technology to secure its messages.

Who Founded and Uses Signal?

The app was created in 2012 by entrepreneur Moxie Marlinspike. In 2018, Marlinspike and WhatsApp co-founder Brian Acton launched the non-profit Signal Foundation, which now oversees the app. Acton, who left WhatsApp in 2017 due to concerns over data privacy and advertising, provided $50 million in initial funding for the company. The company has stated that it is not affiliated with any major tech firms and will never be acquired by one.

It has grown from a niche app used by privacy advocates and activists to a widely trusted platform for journalists, government agencies, and organisations. In 2021, concerns over WhatsApp’s updated privacy terms led to a surge in Signal’s user base, as many sought an alternative that prioritised data security.

Reuters includes Signal as one of its recommended tools for whistleblowers, though it acknowledges that no system is entirely secure. The European Commission and the US Senate have also approved its use for official communications.

Despite its reputation for secure messaging, cybersecurity analyst Ben Wood expressed doubts about its suitability for handling national security discussions. This concern follows revelations that top Trump aides used the app to discuss military strikes on Yemeni Houthi militants, leading to the current security controversy.

With inputs from Reuters