Advertisement

Active Hackathon

Signal App: An Inside Look Into WhatsApp’s Perfect Foil

Signal App

WhatsApp’s privacy policy update has kicked up a storm recently. According to the new policy, the popular messaging app will share user data such as location, battery level, IMEI number, mobile network and related information with its parent company, Facebook.  Later, WhatsApp was forced to issue a clarification saying the messages between the users will not be shared with Facebook.

Notably, the WhatsApp policy remains unchanged in Europe, thanks to the stringent General Data Protection Regulation (GDPR).

THE BELAMY

Sign up for your weekly dose of what's up in emerging technology.

The new policy changes have broken people’s trust in the app. Many are looking for a better and more secure replacement. And Signal App seems to be the popular choice. Unlike other instant messaging apps, Signal only stores the users’ contact info. Further, all messages and calls on the app are end-to-end encrypted, meaning no third-party, not even Signal can access them.

Signal Foundation and Signal Messenger LLC, a non-profit company, rolled out its flagship app in 2014. Ironically, Signal Foundation was set up by WhatsApp co-founder Brian Acton with Signal Messenger CEO Moxie Marlinspike. Acton had exited WhatsApp in 2017, three years after Facebook acquired the messaging app.

Brief History

After the new WhatsApp terms were made public, SpaceX and Tesla CEO Elon Musk tweeted ‘Use Signal’. And Twitter CEO Jack Dorsey retweeted Musk. 

The app was also endorsed by privacy activist and whistleblower Edward Snowden. 

Signal is a one-tap install app available on Google Play Store and Apple’s App Store. The software powering the app is open-sourced and free of charge. 

In 2010, Whisper Systems launched two Android apps — TextSecure and RedPhone. While TextSecure was for sharing encrypted text messages, the latter was for making encrypted voice calls. In 2011, Twitter bought Whisper Systems, and both apps were released as open-source softwares.

In 2013, Moxie Marlinspike, co-founder of Whisper Systems exited Twitter and set up Signal to further develop TextSecure and RedPhone. Later, Acton joined hands with Marlinspike to establish the non-profit under the same name.

How Does Signal Maintain ‘Perfect Secrecy’

Most apps’ encryption systems create a permanent key pair for encryption and decryption of messages. The public key is used to identify the user and is sent to the messaging server, and the private key stays in the user’s phone. If the private key is compromised, due to hack or theft, the messages are vulnerable to decryption.

Signal’s encryption protocol combines Double Ratchet algorithm with triple Elliptic-curve Diffie Hellman handshake.

The sender and receiver use the Double Ratchet algorithm to exchange encrypted messages based on a shared secret key. A new key is generated for every message, and the earlier keys can not be figured out from the succeeding ones. This method is also called the perfect forward secrecy. At the core of this algorithm lies the concept of KDF (key derivation function) chain. KDF is a cryptographic hash function that uses a secret random key and input data to generate the output. The secret key is derived from a secret value such as a password or a passphrase using a pseudorandom function.

Further, along with the double ratchet algorithm, the two parties also use the extended Triple Diffie-Hellman (X3DH) key agreement protocol. X3DH provides forward secrecy and cryptographic deniability. This protocol is used for establishing a shared key between the sender and receiver, who authenticate each other using public keys.

However, the perfect forward secrecy on its own is not a full-proof strategy. In the event of theft, the messages still would be visible to whoever has the device. To that end, Signal App has added a time-bound ‘disappearing messages’ function.

Wrapping Up

Signal App’s popularity soars every time there is a public discourse around privacy and security. Like, in 2020, the downloads spiked at the peak of the Black Lives Matter movement.

However, to think Signal will topple WhatsApp as the most popular messaging app is a bit of stretch, considering WhatsApp still commands an impressive user base of over 2 billion people. However, it is good to see that privacy is being taken seriously, and who knows, Signal’s protocol may even become the industry-standard in the future.

More Great AIM Stories

Shraddha Goled
I am a technology journalist with AIM. I write stories focused on the AI landscape in India and around the world with a special interest in analysing its long term impact on individuals and societies. Reach out to me at shraddha.goled@analyticsindiamag.com.

Our Upcoming Events

Conference, Virtual
Genpact Analytics Career Day
3rd Sep

Conference, in-person (Bangalore)
Cypher 2022
21-23rd Sep

Conference, in-person (Bangalore)
Machine Learning Developers Summit (MLDS) 2023
19-20th Jan, 2023

Conference, in-person (Bangalore)
Data Engineering Summit (DES) 2023
21st Apr, 2023

Conference, in-person (Bangalore)
MachineCon 2023
23rd Jun, 2023

3 Ways to Join our Community

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Telegram Channel

Discover special offers, top stories, upcoming events, and more.

Subscribe to our newsletter

Get the latest updates from AIM
MOST POPULAR

A Case for IT Professionals Switching Jobs Frequently

For Indian companies, the ability to retain employees has become a tight ropewalk between transforming their working models and adopting a hybrid working model successfully. Over 60% respondents in the Qualtrics survey said that they would look for a new job, if forced to return to work from office full time.