The best end-to-end encrypted messaging app has a host of security features. Here are the ones you should care about.
As police-brutality protests continue throughout the United States, people have increasingly turned to the encrypted messaging app Signal, and for good reason. As law enforcement increasingly surveils crowds, Signal represents most people’s best way to communicate safely. And thanks in part to a $50 million infusion from former WhatsApp CEO Brian Acton over two years ago, the formerly niche app is more accessible than ever.
For the first few weeks of May, Signal saw between 9,000 and 10,000 downloads each day across iOS and Android, according to the analytics company Apptopia. On May 31 that number jumped to nearly 15,000. On Wednesday alone, around 32,000 people installed it. By doing so, they can now take advantage of Signal’s end-to-end encryption, which means that no one—not the government, your phone company, or Signal itself—can read the contents of messages as they pass between devices.
Signal is not the only end-to-end encrypted messaging app; iMessage has it, as do stand-alone apps like Telegram. But Signal stands apart, both for its rich features and the fact that its code has been open source for years, meaning cryptographers have had plenty of opportunities to poke and prod it for flaws.
WIRED has long encouraged readers to use Signal. Here, we’re offering tips on how to get the most out of it once you do.Know Its Limits
For those who are new to encrypted messaging, the most important thing to remember is that it’s not magic. Having Signal on your phone does not make you invincible. Most importantly, remember that if you’re messaging with someone who doesn’t have Signal installed, nothing’s encrypted. It only works for Signal-to-Signal communications. And make sure you have a strong password on your phone in the first place, since anyone who has physical access to your device can still read your messages.
Signal also has a desktop app, which should be plenty secure for the vast majority of people; just be aware that desktop environments face a litany of threats. And using Signal on multiple devices means more places your messages can be compromised or stolen.Get Set Up Safely
Signal requires you to provide a phone number when you join, which essentially serves as your user name. That doesn’t mean you have to use your actual phone number, though. To avoid giving it up, use a Google Voice number instead.
To do so, head to Google Voice in your browser, log in with a Google account, and select a new phone number. Google will ask you to verify it by providing your actual phone number, where it’ll send a code that will let you complete your registration. You can now use that Google Voice number for your Signal account, keeping it separate from your main line.
You should feel comfortable letting Signal access your device’s contacts; it stores that information on your phone, not in the cloud. The app does periodically send truncated, hashed phone numbers back to Signal’s servers, which is how it checks if any of your contacts are also using it, but it also says it discards that information “immediately.” That way, the app can alert you when one of your contacts signs up for Signal; if you’d rather not get those updates, tap your profile icon, then Settings, then Notifications, and toggle off Contact Joined Signal.
On Android, you can make Signal your default messaging app by going to Settings > Apps & notifications > Advanced > Default Apps > SMS app, and picking Signal. Just remember that not everyone you text also has it installed, and that an iOS user you’re texting with might check their Signal app less often than iMessage. (iOS still doesn’t let you change the default messaging app, sorry!)
Last thing: Signal recently introduced profile PINs, which will make it easier for you to keep your account data even when you transfer devices. You can set one up when you join, or head to Privacy > Signal PIN in your app settings to set or change yours anytime.Protect Your Screen
It’s important to make sure that what happens in Signal stays in Signal. That means keeping people from seeing what you’re doing there from a lock screen or when switching apps. There’s not much point in having an app for sensitive messages if they just pop up on your display whenever you receive one.
To turn off Signal lock screen notifications on iOS, go to Settings > Notifications, then scroll down and tap Signal > Show Previews > Never. On Android, the process is similar. From your home screen, head to Settings, then Apps & Notifications, where you can turn off all notifications. If you need more granular control, you can find that in the Signal app itself, where the steps are the same no matter what platform you’re on. Tap your profile, then Notifications, then Show, where you can choose whether to display the name, content, and actions for an incoming text, or just the name, or nothing at all. You can also mute notifications for a specific conversation for a set amount of time by tapping on a message thread, then the contact header, and then Mute. You can silence a contact’s notifications for an hour, a day, a week, or a year.
Signal also has a Screen Lock feature that requires your password—or FaceID or TouchID, whatever you use to get into your phone—to view the app’s contents. Within the Signal app on either platform, tap your profile, then Privacy, then toggle the Screen Lock option to on. Android gives you a little more granularity, with a Screen Lock Inactivity Timeout option that lets you set the feature to kick in after a certain amount of time.
While you’re there, go ahead and toggle Enable Screen Security. That’s what keeps Signal contents from showing up in your app switcher on both Android and iOS. On Android, it also prevents screenshots of Signal activities on your own device, but not for whoever you’re messaging.Make Messages Disappear
While you can always delete messages manually along the way, that action only applies to your own phone. The people you’re chatting with still have it on their devices. To ensure that the conversation is deleted on both ends of a thread, you should embrace “disappearing messages” instead.
There’s no way to apply disappearing messages universally; you have to do it separately for each contact. The steps are basically the same whether you’re on iOS or Android. From within a chat, tap on the name of your contact. Toggle over Disappearing Messages, and set the amount of time you want them to be live before the vanish—anywhere from five seconds to one week. A timer icon will show up in your thread; either of you can change the disappearing time by tapping on it and adjusting as needed. That’s also how you can disable disappearing messages altogether.
It’s a handy feature, but a quick reminder that people can still screenshot your conversations to keep a record, so don’t assume they’re gone forever—especially if you don’t trust whoever’s on the other end of the line.Place an Encrypted Call
Signal’s not just for messages; you can make end-to-end encrypted calls from the app as well. To do so, just tap the pencil icon within the app like you would to start a chat. Pick a contact. On Android, you’ll then see a choice been a phone icon and a video icon in the upper right corner to place a call instead of typing. On iOS, tap the phone icon, then tap the camera icon to show video from your side of the call.
An important note here: If you do make calls from Signal on iOS, make sure first to head to Privacy within the app and toggle off Show Calls in Recents. Otherwise, your Signal call history will sync with iCloud, creating an unnecessary record of your conversation. And if you’re extra cautious, go to Settings > Privacy and toggle on Always Relay Calls; that’ll route your calls through Signal’s servers and hide your IP address in the process.Send (and Blur) Photos and Videos
As on other messaging apps, you can use Signal to send photos and videos. But Signal has recently invested in a few privacy-friendly media features that set it apart.
First thing’s first: If you take a photo from within Signal—just tap the camera icon either from your contact list or within a chat—it doesn’t automatically save to your camera roll, which means it doesn’t get backed up to your cloud photo library. That’s good! The fewer ways you can accidentally leave a trail, the better. If you want to keep an image for posterity, you can tap the save icon in the upper right corner. Otherwise, just send it and move on.
You can also make sure that your photo and video don’t stay on the recipient’s device long. Before you hit send, note the infinity icon next to the chat bubble. That means that the media you’re about to share can be viewed indefinitely. Tap it once, though, and it’ll switch to a 1x, meaning that the photo or video will disappear from the conversation as soon as it’s been viewed. A record will remain in the thread that media was shared, but the image itself will no longer be visible.
One last thing: Just this week, Signal added a new Blur feature to its in-app camera. It’s still rolling out, but when it hits your device you’ll see a circular checkerboard icon at the top of your Signal camera screen; tap it and it will automatically blur any faces it detects in the photo. You can also adjust manually if it goofs.Extra Measures
This list is not 100 percent comprehensive. Some features are too minor to mention, others intended for niche use cases. But there are a few other stray tips that might be helpful to know as you get used to using Signal.
Read Receipts: People feel strongly about these! If you’re one of them, head to Settings > Privacy and toggle them off when you’re in the app.
Stickers: As part of its long-term quest to find broad appeal, Signal recently added a limited selection of stickers to liven up your secret chats. (Incorporating them required some tricky encryption itself.) Just tap the sticker icon in the chat compose window to peruse your options.
Block Party: Block! Block! Block! Block! To shut down unwanted conversations, either tap on their name from within a chat and toggle over Block This User, or strike preemptively by tapping your profile icon, then Privacy > Blocked > Add Blocked User and select who you don’t want to hear from.
Private Type: On Android, third-party keyboard apps can retain a record of what you type and swipe; not ideal when you’re trying to send private messages. Under Privacy, go ahead and toggle on Incognito Keyboard to keep them in the dark.
And that should be enough to get you started! Just remember, as you get used to the advanced settings and figuring out what combination of disappearing messages and screen locking works for you, that you’ve already taken the most important step of all: downloading Signal in the first place.
All Rights Reserved for Brian Barrett