When it comes to security and privacy, Signal is often considered the gold standard in encrypted messaging apps. But to what extent is this reputation justified? In this article, we investigate how safe the Signal app is, including the Signal Protocol — the underlying cryptographic protocol that secures Signal and other similar apps, such as WhatsApp, Facebook Messenger, Google Messages for RCS end-to-end encryption, and Skype for its Private Conversations feature (now discontinued).

What is the Signal app?

Signal is a free end-to-end encrypted (E2EE) messaging app. E2EE means messages are encrypted on the sender’s device and can only be decrypted by the intended recipient, not by Signal while in transit or in storage. As such, it is a compelling alternative to popular but proprietary and less privacy-friendly apps such as WhatsApp and Facebook Messenger (we’ll look at this in more detail below).

Who owns Signal?

Both Signal and the Signal Protocol are open source, which means that anyone can verify, use, and modify their code. They are developed by the Signal Foundation, a US-based 501(c)(3) nonprofit organization(nova janela) founded by renowned cryptographer and privacy activist Moxie Marlinspike and WhatsApp co-founder Brian Acton, who donated $50 million to jump-start the foundation after leaving Facebook in 2018.

How does Signal make money?

With the stated goal of creating “privacy tools that allow people to communicate freely without fear or inhibition”, the Signal Foundation’s non-profit independence allows it to reject the typical Silicon Valley funding model and prioritize privacy over shareholder profits, much as the Proton Foundation does for Proton.

Crucially, the Signal Foundation “has no data to sell, no advertisers to sell it to, and no shareholders to benefit from such a sale”. To support the development of Signal and the Signal Protocol, it receives funding from:

  • Individual donations (primary source)
  • Signal Sustainer(nova janela) subscriptions (a growing revenue stream that regularizes individual donations)
  • Philanthropic grants
  • Brian Acton’s endowment (which remains a financial stabilizer for the Foundation)

Is Signal secure?

All messages on Signal are secured using the Signal Protocol, a modern asynchronous end-to-end encrypted messaging protocol built from three major components:

1. X3DH (Extended Triple Diffie–Hellman)

Before you send your first message to a contact, your app grabs their public keys from the Signal server. Using these, it creates a shared secret that only your device and your contact’s device can compute.

Even though the server helps pass messages around, it learns nothing about the secret. Think of it like leaving a locked package at someone’s door that only their unique key can open.

Signal has now upgraded the original X3DH key agreement protocol to make it post-quantum resistant, a design that the company is calling PQXDH(nova janela), which has been widely praised(nova janela) by security experts.

Learn more about asymmetric-key cryptography

2. Double Ratchet

This algorithm ensures your messaging keys constantly change, automatically and invisibly. Once a conversation starts, every message is encrypted with new keys that never get reused. This provides forward secrecy(nova janela), so even if one message is compromised, all the others will remain secure.

3. Sesame

This algorithm manages message encryption sessions in an asynchronous and multi-device setting. Because each message has a unique, one-time key, Signal can handle things like:

  • Messages arriving late
  • Messages arriving out of order
  • Temporary loss of connection

To do this, Sesame keeps a small “stash” of unused keys locally on your device, so it can decode delayed messages safely. It also handles multi-device support (messages are encrypted multiple times — once for each device) and group messaging (each person gets their own unique encrypted copy of your message).

Because each and every message is uniquely encrypted, your conversations remain private even if the Signal server is hacked or you lose your device.

The data itself is secured using proven cryptographic primitives such as AES‑GCM or ChaCha20‑Poly1305 with d25519 digital signatures to prove a message really came from the right person.

On the Signal app, you can verify the identity of new contacts by comparing Safety Numbers on other trusted channels. You can also set a registration lock PIN (Signal PIN) to prevent SIM-swap hijacks where a hacker re-registers your Signal account on another device.

Security concerns with the Signal Protocol

Although the Signal Protocol is generally considered safe and secure, there are some concerns you should know about.

0-click deanonymization attack

In early 2025, a security researcher (a high-school student going by the name “Daniel”) published a proof-of-concept 0-click deanonymization attack(nova janela) that could geolocate users of Signal and other apps (such as Discord) within a 250-mile radius by abusing how content-delivery networks (CDNs) — mainly Cloudflare — cache images.

Cloudflare responded by rolling out a patch, but “Daniel” claims this does not fundamentally solve the problem. For its part, Signal views the issue as one with how CNDs work, and therefore outside of its scope. If true anonymity is required when using Signal, it recommends using an open(nova janela)source VPN(nova janela) or Tor(nova janela).

Inconsistent auditing

The Signal Protocol has undergone numerous independent third-party audits(nova janela). Issues were found but have since been fixed. The protocol itself (not just specific implementations) remains widely regarded as cryptographically strong, and formal analyses(nova janela) over the years have found no major flaws in its core design, such as its forward secrecy, E2EE, or Double Ratchet algorithm.

However, there is no fully up-to-date audit covering the full app ecosystem, including all current versions and app platforms, sever and storage code, the user interface, and update mechanism.

Is Signal private?

Any app that uses the Signal Protocol is secure, meaning no unauthorized users (including the company itself) can access the contents of your text messages and voice or video calls.

However, the Signal Protocol doesn’t secure your metadata, so the app developers can see who you speak to, when you speak to them, how often, and for how long. So the Signal Protocol does not, in itself, provide privacy.

What sets Signal (the app developed by the Signal Foundation) apart from most other apps that use the the Signal Protocol, is that it doesn’t harvest your metadata. Signal only keeps “the date and time a user registered with Signal and the last date of a user’s connectivity to the Signal service”. This claim has been proven in court(nova janela).

Signal privacy concerns

Again, while widely praised for its respect for your privacy, there are some (fairly minor) concerns.

Phone number

You must register with a valid phone number to match contacts. However, since 2024, Signal has introduced usernames, allowing you to hide your phone number from others (even in group chats) and prevent others from finding you by your number. Contacts are stored locally only and can’t be accessed by the Signal Foundation. This setup also makes it relatively easy to find other people you know who use Signal.

Reliance on SGX

Signal lets you see which people in your contacts use the app without exposing your contact list to the company or relying on a centralized database of phone numbers. It does this using Intel Software Guard Extensions (SGX) enclaves, which enable private contact discovery and prevent Signal from accessing or storing users’ address books.

However, SGX is (nova janela)vulnerable to a number of threats(nova janela) — notably side-channel attacks — that could uncover which phone numbers are being checked during contact discovery and who else on your contacts list uses Signal. These vulnerabilities present no danger to the end-to-end encrypted contents of your messages or calls.

Signal acknowledges SGX is not ideal(nova janela) but says alternative contact systems are currently too slow at global scale without hardware acceleration.

Reliance on AWS

Signal primarily relies on Amazon Web Services (AWS) to host its infrastructure, including its SGX enclaves, which is subject to legal demands from the US government and other US law enforcement agencies. These could theoretically use their privileged access to attack or bypass SGX isolation.

Why switch to Signal?

Despite these quibbles, Signal remains widely regarded among security professionals as the most secure messenger app that capable of going head-to-head with, and providing a privacy-friendly alternative to, the commercially-owned “big players” in the messenger app space.

Chart comparing Signal with other messaging platforms

Signal vs. SMS

Short Message Service (SMS) was developed long before security and privacy were core design concerns in modern communication. The result is that SMS messages are an open book, easily read by your mobile service provider, your government, and criminal hackers.

Unlike with Signal, SMS messages are not encrypted in any way, so your mobile service provider can read everything you send and receive. In the event of a data breach, that information could be exposed publicly. Plus, mobile carriers can hand this information over to third parties in certain circumstances. In the United States, for example, the Electronic Communications Privacy Act(nova janela) allows police to freely access SMS messages over 180 days old; accessing newer messages requires a warrant. 

SMS messages are also highly vulnerable to man-in-the-middle attacks(nova janela) via SS7, the sprawling mass of outdated technologies dating back to the 1970s that continue to underpin the entire SMS network. These weaknesses have been exploited by both state actors and criminal hackers, making SMS the least secure option for private communication.

Learn more about why you should stop using SMS

Signal vs. WhatsApp

All WhatsApp messages are secured using the Signal Protocol, so no-one can access their contents. However, as noted above, the Signal Protocol doesn’t protect your metadata.

Given that WhatsApp is owned by Meta (which also owns Facebook), who’s entire bushiness model is to learn as much about you as possible so it can target you with ever more personalized ads, it was always a safe assumption that Meta would abuse its access to WhatsApp metadata. And, like Signal, Meta is based in the United States and is therefore subject to US law enforcement requests for user data, often without a warrant or notice.

A (nova janela)2025(nova janela) lawsuit by WhatsApp’s former security chief claims that WhatsApp employees have access to sensitive user information, including location, profile photos, group memberships, and contact lists. It also alleges that Meta repeatedly ignored major security and privacy flaws that could be exploited by hackers and other malicious entities.

Learn more about whether WhatsApp is safe to use

Signal vs. Facebook Messenger

Like WhatsApp, Facebook Messenger is owned by Meta. Also like WhatsApp, the contents of messages are end-to-end encrypted using the Signal Protocol, but the metadata can be accessed by Meta. As such, all the criticisms leveled at WhatApp above also apply to Facebook Messenger.

Signal vs. email

Most email is not end-to-end encrypted. It’s encrypted in transit using HTTPS and stored encrypted on the email provider’s servers. Generally speaking, this makes emails safe from criminal hackers. But, as the email provider does the encryption and holds the keys (like Gmail), it can access and process for advertising or compliance with third-party requests, depending on its policies and applicable law.

Proton Mail is much more secure than regular email. Emails sent between Proton Mail accounts are end-to-end encrypted, and you can send E2EE emails to non-Proton users using our Password-protected Email feature or OpenPGP. All emails stored on our servers are secured using zero-access encryption, which means even we can’t access them.

However, email is a very old system that (like SMS) was designed long before the need for security and privacy occurred to anyone. This means there is no way to hide your metadata. And because we designed Proton Mail to be compatible with the open OpenPGP E2EE standard, we don’t currently encrypt the subject line. There’s also nothing we can do to secure non-Password-protected or OpenPGP emails stored on third-party servers.

Signal vs. Threema

Threema represents a breed of opensource messaging apps that arguably rival or even exceed Signal in terms of privacy.

All Threema apps use the open-source NaCl cryptography library(nova janela) to encrypt messages end to end, and they have been audited by security professionals(nova janela). Unlike most messaging apps, you don’t need an email address or phone number to register an account, and it’s possible to purchase Threema for Android anonymously using Bitcoin —Threema is a paid app. The company says this allows you to text and make calls anonymously, and it goes to lengths to ensure that it collects minimum metadata(nova janela)

The biggest drawback with Threema is its tiny user base.

The infamous US government Signalgate “leak”

In March 2025(nova janela), a group chat among several high-level US national-security leaders was created on Signal in which highly sensitive operational plans to strike Houthi militants in Yemen were discussed.

In a stunning breach of national security, a reporter for The Atlantic was inadvertently invited to join the group chat and soon made a partially redacted transcript of it available to the public. Crucially, the entire “Signalgate” scandal was the result of purely human error, not any technical flaw in Signal.

A similar issue appears to be responsible for a successful FBI spying operation(nova janela) that targeted an immigrants’ rights activists Signal group chat. Although details are not yet clear, the FBI said the information came from a “sensitive source with excellent access”, which strongly suggests that an inside source had been invited to the chat.

Final thoughts on Signal’s security

Signal remains widely regarded as the gold standard for secure private messaging for very good reasons. The Signal Protocol is extremely secure, and unlike most other apps that use the Signal Protocol, Signal collects almost no metadata from the Signal app.

Signal is therefore vastly more private than any of its mainstream competitors, and with easy contact discovery and a wealth of advanced features, you might realistically convince your friends and family to actually use it. 

However, being hosted on AWS servers remains a concern in light of Signal’s reliance on SGX. There are a number of open-source encrypted messaging apps like Threema that try to address this and other perceived issues with Signal — such as its reliance on a centralized server and the need to supply a real phone number— some of which show great promise.

But none of these have undergone the same level of rigorous external scrutiny as Signal, and all of them have tiny user bases by comparison to Signal, which limits their practical usefulness.