Signal, a popular messaging app, came into the spotlight this week following reports that several senior Trump administration officials had used the tool to conduct war planning — inadvertently including a journalist in the message group.
The app, which was started in 2014 and has hundreds of millions of users, is popular among journalists, activists, privacy experts and politicians — anyone who wants to secure their communications with encryption.
But the app’s use by government officials resulted in an intelligence breach that took place outside the secure government channels that would normally be used for classified and highly sensitive war planning. The incident has raised questions about Signal’s security and why government officials were using it. (Federal officials are generally not allowed to install Signal on their government-issued devices.)
Here’s what to know.
What is Signal used for?
Signal is an encrypted messaging application that is used to communicate securely. It encrypts messages from end-to-end, meaning that what a user says is encrypted on their device and isn’t decrypted until it reaches the recipient. This method protects the message from being intercepted and read by anyone, including internet service providers, hackers or Signal itself, while it is in transit.
Users can also set Signal messages to disappear after a certain length of time. Users who want their messages to disappear can turn on the feature in the settings for each of their individual chats.
Who owns Signal?
Signal is owned by an independent nonprofit in the United States called the Signal Foundation. It is funded by donations from its users and by grants.
The foundation was started in 2018 with a $50 million donation from Brian Acton, a co-founder of WhatsApp, another messaging platform that was purchased in 2014 by Facebook. Mr. Acton left WhatsApp to start the Signal Foundation after disputes with Facebook, which is now known as Meta, about plans to make money from his messaging service.
Mr. Acton joined Moxie Marlinspike, a cryptographer who designed Signal’s security system, to create the Signal Foundation. The foundation is structured to prevent Signal from ever having an incentive to sell user data.
“There are so many great reasons to be on Signal,” Mr. Marlinspike, who stepped down from the foundation’s board in 2022, wrote in a post on X Monday. “Now including the opportunity for the vice president of the United States of America to randomly add you to a group chat for coordination of sensitive military operations. Don’t sleep on this opportunity.”
Is Signal secure?
Yes. Signal is widely regarded as the most secure messaging app on the market, because of its encryption technology and other measures designed to secure users’ data.
Its underlying encryption technology is open source, which means the code is made public and allows technologists outside the nonprofit to examine it and identify flaws. The technology is also licensed and used by other services, like WhatsApp.
That encryption technology has been key when Signal has been a target of foreign hackers. Russia has attempted to surveil when Ukrainians are using Signal, and in February, Google researchers said that Russian hackers had tried to hijack users’ Signal accounts. While the second attack was effective, it worked by tricking users into adding rogue devices to their Signal accounts, not by breaking Signal’s encryption.
In the event of a security breach, Signal is designed to retain as little user data as possible, so that minimal information is exposed. Unlike other messaging services, the company doesn’t store users’ contacts or other identifying data that could indicate how a person used the service.
That doesn’t mean Signal is the ideal service for communicating war plans. If a user’s device is compromised, their Signal messages could be read — and using a government-approved communication system could prevent officials from inadvertently including a journalist in a war planning discussion.
Representatives for Signal did not immediately respond to a request for comment.
Is Signal safe for texting?
Yes, generally, although users should be careful to vet new contacts, just as they might on any other social platform.
And when adding people to their group chats, they may want to take an extra moment to make sure they’ve included the right contacts.