Signal, the secure messaging app, makes it easy to chat without sacrificing security.
Signal gives you encrypted messages, as well as voice and video calls. It relies on data, so it’s a great option for free calls and texts over Wi-Fi. This can be a huge advantage for those of us who don’t want to pay for SMS text messages and phone calls, or who want to make free international calls.
It’s not only convenient, but security experts recommend Signal for a few different reasons. Signal is end-to-end encrypted, meaning that no one but your device and conversational partner’s device can read the messages you send. The team behind the software is a privacy-centered nonprofit funded by grants and donations. Perhaps most importantly, Signal is open source, meaning that the code is publicly viewable. It can be examined for potential security holes, and has stood up to auditing. All of these features make Signal one of the best options for boosting your communication security.
Getting started with Signal
When you first launch the app, it will ask you to verify your phone number.
iPhone users: Type in your number and hit “Activate This Device.” You’ll receive a 6-digit code via SMS text message. Type in the code and hit “Submit Verification Code.”
Android users: Type in your phone number, hit “Register” and wait for the app to verify your phone number.
Press the messaging icon (with the pencil). From here, you can securely message your contacts who have installed the app. From inside the conversation, you can also press the phone icon in the top right corner to start an encrypted call.
Get fancy with messaging
Use group messaging
iPhone users: From the main screen, press the message icon at the top right and hit “New group.”
Android users: Press the settings icon at the top right (three dots) and hit “New group.”
From here, you can name your group and add multiple people. You can also change the group icon by pressing on the image to the left. Later, you can always make changes to the group by pressing the conversation settings for the group at the top right.
Signal on desktop
You can use Signal on your desktop as well! Before jumping in, think about whether Signal for desktop works for your situation. If you’re having highly sensitive conversations and think you may have malicious software on your personal computer, you probably don’t want to feed your encrypted messages into that infected machine. For example, if you’re infected with malicious software designed to log your keystrokes or send screenshots to a remote attacker, encryption won’t protect your messages.
If it makes sense for you, try Signal for your desktop.
Get fancy with security
Make messages disappear
If you want to delete a specific message, press and hold the message. When the menu pops up, press “Delete.” Because Signal stores all of your messages locally and not on a remote server, you are only deleting the message on your personal device.
There’s also a way to get rid of messages after a certain amount of time by default for either individual chats or groups
iPhone users: Press on your messaging partner or group name at the top of the screen to open the conversations settings menu. Enable “Disappearing Messages.”
Android users: Press the settings icon in the top right corner. Press “Disappearing Messages.”
Choose the amount of time you’d like messages to be available before they disappear — anywhere from 30 seconds to four weeks, or a custom time of your choice. Unlike hitting “Delete” on a message, setting “Disappearing Messages” means messages disappear for both you and your conversational partner or partners.
You can always change the amount of time in your settings from this menu, or remove disappearing messages altogether.
Lock screen notification security
Even when your phone is locked, someone with physical access to the device can still read the message and sender name on your lock screen. But you can fix that.
iPhone users: Press the circular icon at the top left to open your Signal Settings > Notifications > “Show.” On this page, you can have Signal display sender name and message, sender name only, or no name or message.
Android users: Press the circular icon at the top left to open your Signal Settings > Notifications > “Show.” On this page, you can have Signal display sender name and message, sender name only, or no name or message.
Now messages aren’t readable on your lock screen.
Unlike other messenger apps, with Signal you can verify that your messages and calls are not being intercepted by a third party. Consider verifying your session for sensitive conversations.
Use safety numbers to verify your session. Open a conversation with someone. Press the person’s name at the top of the screen to open the menu for this conversation. Click “Verify safety number.” From there, you’ll see a QR code and your safety numbers.
If you’re in-person with someone and you’re seeing the same numbers, your session is secure. Another in-person verification method is to press “Scan code.” Scan the other person’s QR code with your camera.
If you and your conversational partner are seeing the same numbers, your session is secure.
If you’re not in-person, you’ll want to verify that your numbers match on a different channel — for example, over Twitter DMs, Facebook, Google Meet or a regular old phone call.
You won’t need to verify safety numbers again until someone starts a new session (usually when someone gets a new phone).
Signal is not bulletproof
Encryption won’t help with someone who has physical access to your unlocked phone. If you haven’t done so, password protect your device. Exit Signal and turn on your passcode.
iPhone users: Settings app > Face ID (or Touch ID) & Passcode
Android users: Settings app > Security > Screen lock (this may be different depending on your version)
Remember that strong encryption won’t help if your device or your partner’s device is compromised with malware. The best defense is to always install new software updates for Signal and your device itself. These updates usually contain valuable security patches; get them as soon as possible.
If your phone is ever lost or stolen, thieves can copy and read data off the device, including your encrypted messages. Luckily it’s pretty easy to protect your device with disk encryption. If you use a modern password-protected iPhone, your device is already encrypted. Newer Android devices are encrypted by default (e.g., the Google Pixel line). Those with less-updated Android devices can enable disk encryption in minutes.
Signal retains nearly no metadata — who spoke to whom, when, and the length of a call. Importantly, however, it’s not designed to prevent live eavesdroppers from capturing metadata.
iPhone users: Like other calls, you can see your Signal call history from your phone app. If you use iCloud and don’t want to upload call history on Signal (including who spoke to whom, when and the call length), double check that it’s turned off: Signal Settings > Privacy > Show Calls in Recents > Disabled.
Signal isn’t perfect — it will occasionally drop calls or texts and relies on data. But using it is one more way to protect your communications, while encouraging friends to do the same.
This article is crossposted with the Freedom of the Press Foundation. Last updated June 1, 2023.