Edward Snowden’s Favorite Messaging App: How It Works

Signal encrypted messaging and calling app for Android

Source: Whispersystems.org

If you’re an Android user looking for a more secure way to send text messages and make calls, you’re in luck. Encrypted chat and call app, Signal, is coming to Android six months after it was first released for iOS. The app is not only open-source, but comes from a respected developer of apps recommended by the man widely credited with starting the current debate about the reach and capability of government surveillance.

As Dell Cameron reported for The Daily Dot back in March, Signal is a favorite app of NSA whistleblower Edward Snowden, who released a YouTube video explaining the importance of communicating securely, even for ordinary users with nothing to hide. Snowden explained that the easiest way for both government intelligence agencies and criminal hackers to gain access to your communications is to intercept them while they’re in transit.

The only way to protect your messages from being intercepted by third parties is to communicate using a service that provides end-to-end encryption, which prevents anyone but the sender and the recipient from being able to read the message. To anyone else, the message will simply appear as an indecipherable sequence of letters and numbers.

In the video released in March, Snowden endorsed Signal, which is open-source and had just launched for the iPhone. The service uses VoIP and the ZTP protocol, which was developed by PGP email encryption creator, Phil Zimmermann, and is used to encrypt conversations in a number of open-source programs. Snowden said of Signal, “It’s very good, I know the security model.” He added, “They don’t protect you from metadata association, but they do strongly protect your content from precisely this type of in-transit interception.”

For Android options, Snowden suggested RedPhone and TextSecure, both from Signal developer, Open Whisper Systems. The organization is now combining the two Android apps into a version of Signal for Google’s platform (so that the functionality of both apps is combined into a single app, like the one that exists on iOS). The move combines TextSecure’s text capabilities with RedPhone’s calling functionality. As with the iOS version of the app, any text, image, or video that you send from the Android version of Signal is encrypted before it leaves your phone. That means that even Open Whisper can’t see what you’re sending.

A report by Der Spiegel late last year revealed that the NSA classifies apps like RedPhone as a threat to surveillance. At the time, Open Whisper Systems founder and RedPhone developer Moxie Marlinspike (also known as Matthew Rosenfeld) told the publication that was a promising revelation, noting, “It’s satisfying to know that the NSA considers encrypted communication from our apps to be truly opaque.”

Rich McCormick reports for The Verge that in the wake of Signal’s Android release, current RedPhone users will be prompted to download the new Signal app, while current TextSecure users will just need to install an update to add RedPhone’s ability to place and receive secure calls. The app enables you to use your existing phone number and address book instead of setting up a separate login, and Open Whisper emphasizes that all conversations between devices running Signal are end-to-end encrypted.

“We cannot hear your conversations or see your messages,” Open Whisper’s website explains, “and no one else can either. Everything in Signal is always end-to-end encrypted, and painstakingly engineered in order to keep your communication safe.” With the app’s Android release, that means that Android and iOS users will be able to send encrypted messages to one another despite the different operating systems. The next step will be a desktop app, which has been promised but hasn’t yet been released.

So should you use Signal on Android and iOS? Snowden thinks you should. As Cameron reported in March, if ordinary users begin adopting such systems, that will have the effect of removing the stigma of encryption — a stigma that comes about from the misconception that people who seek privacy and protection for their communications and activity must be doing something wrong. With that stigma eradicated, Snowden projects that encryption will then spread among those who really need it, such as sources with information to share who are trying to communicate with journalists.

Upon Signal’s Android release, Snowden tweeted that he uses the app everyday. Snowden’s endorsement is likely reason enough for most users to trust the app, though if you’re still skeptical, you can look through the app’s code on GitHub, and the code of other Open Whisper Systems projects, to hunt for security vulnerabilities yourself.

Andy Greenberg reports for Wired that while the streamlining of RedPhone and TextSecure into a single app doesn’t make Open Whisper Systems’ encrypted communication tools available to anyone who couldn’t already access them, the release “does represent a milestone in those privacy programs’ idiot-proof interface, which in Signal is just as straightforward as normal calling and texting.” Marlinspike told the publication last year that usability is just as important to him as the strength of Signal’s encryption. He added, “The hard part is developing a product that people are actually going to use and want to use.”

More from Gear & Style Cheat Sheet: