Yesterday we plumbed the depths and reviewed the two worst apps  when it comes to private messengers on your cellphone and today we  continue our search for the ultimate private communication tool. Over  the next couple of days we will write reviews about the best options for  your cellphone, and explain why they are the best and how to use them.  One great option is Signal.

With a startup company called  Whisper Systems, security researcher Moxie Marlinspike and roboticist  Stuart Anderson created TextSecure and RedPhone in 2010. Whisper Systems  was acquired by Twitter in November of 2011 "primarily so that Mr.  Marlinspike (Moxie) could help the then-startup improve its security".

TextSecure  was released by Twitter as free, open-source software in December 2011  followed by RedPhone in July 2012, both under the GPLv3 license. In  order to continue the development of TextSecure and RedPhone as a  collaborative open-source project, Marlinspike later left Twitter.

I  was an early adopter of both RedPhone and TextSecure, the latter being a  full replacement for my SMS app as it could send and receive standard  SMS. If the other side had TextSecure installed, the messages were free  and encrypted over the TextSecure servers. It was easy to operate and an  easy sell for every Android user to install. The app worked! RedPhone  on the other hand was choppy and I couldn't persuade anyone to drop  Skype or other calling services. It simply didn't work as well. At least  not whenever I tried it. Fast forward now to today's version.

In  March 2015 Signal was created, unifying RedPhone and TextSecure as an  iOS app. At this stage the SMS app was removed which meant all  communications had to go Signal to Signal user or Signal to TextSecure  user. The Android Version was released later.

Signal was the first  true end-to-end encrypted chat and calling software on iOS which was  also compatible with Android. The iOS version was amazing and fully  open-source!

There are some aspects of Signal which I dislike but some of those might just be my paranoid, tinfoil hat thinking.

The  first issue which raises a little red flag is funding. The project has  received financial support from, among others, the Freedom of the Press  Foundation, the Knight Foundation, the Shuttleworth Foundation, and the  Open Technology Fund. This last one is a U.S. government program which  has also funded other privacy projects such as the anonymity software  Tor and the encrypted instant messaging application Cryptocat.

Even  TOR and Cryptocat have been funded by some U.S. government program. I  understand that if you are a non-profit organization and you offer  something which is free and open-source, you take what you can get in  terms of funding. Still, I just always feel uncomfortable when I read  about U.S. Government funding. On the other hand Edward Snowden has  stated that we can trust everything from Open Whisper Systems. With this  type of endorsement, I will therefore let the funding issue slide.

The  next thing is the use of a cellphone number. You don't sign up with a  username, PIN, email or anything else, but with your cellphone number.  In other words, we have the same problem here as we have with WhatsApp  and Telegram: your login is your username.

Now since Signal is  open-source and can be seen and verified by everyone, this cellphone  issue wouldn't appear to be a setback. Whilst all communications are  fully encrypted, I still dislike this aspect of Signal. However, the big  point which makes Signal one of the best options around is the fact  that your messages are not stored permanently on the servers but get  deleted once they have been delivered.

My final gripe would be the  fact that Google services are needed. Usually you can install an  application via APK on a BlackBerry or on a CyanogenMod powered  cellphone without the need of Google services. Such is not the case  here! Signal have explained that only the push gets submitted to Google  and no text whatsoever touches the Google servers. However, I still feel  uncomfortable installing any kind of Google service on my cellphone.  Why should I be forced to do so with Signal? Well, this is an important  issue and as such Moxie has addressed this in his comments which are now  below:

"First, I'm concerned primarily with the security of our  users, and am interested in targeting a demographic that does not know  what a checksum or signature is. You might call them "newbies," but  personally I think we're doing a good job if these are the bulk of our  users.

It may be an unpopular opinion, but I think the two worst  security moves that an average user can make are rooting their device,  or ticking the "allow 3rd party APKs" box in Android's settings. As bad  as Google is, I believe that these actions make users susceptible to  something that is much worse.

We are reluctant to distribute raw APKs for a few additional reasons:

1)  No upgrade channel. Timely and automatic updates are perhaps the most  effective security feature we could ask for, and not having them would  be a real blow for the project.

2) No app scanning. The nice thing  about market is the server-side APK scanning and signature validation  they do. If you start distributing APKs around the internet, it's a  reversion back to the PC security model and all of the malware problems  that came with it.

3) No crash reporting. We are able to react very quickly to crash bugs through exception reports.

4)  No stats. We are largely dependent on Play for knowing how many users  we have, what types of devices they're running, and what version of  Android they have. This allows us to make decisions about where to  prioritize development and which platforms we should be supporting.

5)  Avoiding Play alone is not a privacy win. Many people seem to be under  the impression that avoiding Play prevents their device from phoning  home to Google, but that's not the case. On 2.2+, if you have the GSF on  your device, it will phone home whether you have a Play account  registered or not.

So that's where we are. I believe that the decision not to distribute prebuilt APKs achieves the following balance:

1) It does not encourage the average user to tick "allow 3rd party APKs" in Android settings.

2) It allows "power" users who can appropriately manage the risks to install TextSecure without Play by building from source.

The  thesis essentially being, if you aren't able to build TextSecure from  source, you probably aren't capable of managing the risks associated  with 3rd party sources."

As you can see from the above explanation, 2.2+ will phone home anyway irrespective of your having a Play account or not.

Coming  back to some of the other positive aspects. If you run an out-of  the-box Android phone, you will love Signal. On iOS you will surely love  it as well! Signal offers Chats, and Group Chats with the Groups and  members in the Groups not being stored on Signal servers. Signal uses  Curve25519, AES-256, and HMAC-SHA256 as their encryption algorithms. The  best part is, all of this happens on your phone. The entire encryption  is done on your phone and Signal has no key or knowledge about any of  your communications. Signal allows sending of high-quality group  messages, text, pictures, and video messages. In addition, Signal does  have one privacy feature that you don't usually see with a messaging  app: an option to "enable screen security."

Usually when you  switch apps a screenshot is taken and some users might prefer not to  have this stored on their device. There is a no-screenshot option which  is turned off by default, adding to the secure cross-platform  communication ability.

Other security features are best described by Signal themselves:

"The  Axolotl ratchet in Signal is the most advanced cryptographic ratchet  available. Axolotl ensures that new AES keys are used for every single  message, and it provides Signal with both forward secrecy and future  secrecy properties. The Signal protocol also features enhanced  deniability properties that improve on those provided by OTR, except  unlike OTR all of these features work well in an asynchronous mobile  environment."

Another killer feature is calling. Here, Signal have  really nailed it, with the quality of the encrypted call being crystal  clear. I've never had a call drop or had a choppy connection. When a  call is established both parties see two words displayed on the screen,  and each can verify with the other if they see the same. If so, the call  is fully encrypted. End-to-End without any eavesdropping.

Interestingly  enough, Moxies services were needed to make WhatsApp end-to-end encrypted using parts of the Signal encryption. We highlighted this yesterday with the problem being WhatsApp do not encrypt every message.

If  you are using iOS or Android, Signal is a hard to beat, killer app when  it comes to privacy. The chat and group chat features are working just  as advertised and it's pure end-to-end, own-device encrypted. With a  call function which is second to none, Signal is a perfect solution when  it comes to privacy. The only concerns we have are the forcing of the  Google service, plus also the option of no username.

Part 3: we will be reviewing Threema.

Share this post