poster

SIGNAL Messenger

Published by Mohammad Faheem


WhatsApp is undoubtedly the world's most popular messaging application. With over 2 billion users worldwide, its user base has always been increasing day by day. Its ease of use and simplicity made it the famous messaging app it is today. But the majority of users seem to be in the dark about how their privacy is being exploited or the security risks they undertake just by having this app installed on their phones. Although numerous exploits have been found in the app over the years – some of them being so dangerous so that a hacker can access all data on a phone just by sending a video via the messaging app or even worse, just by initiating a video call – its user base doesn’t show any signs of going down. Those who understood the gravity of this issue, such as the UN and the Trump administration officials, recommend others to get rid of the app, or to get their phones replaced, after it was seen that the app was used to hack phones of high-profile individuals.

Most, if not, all of the blame goes to its parent company, Facebook. Being part of multiple surveillance programs, it only passed down its non-ethical, data-selling policies when it acquired WhatsApp, which is why it would make sense that these “accidental” security holes were made intentionally, to perform surveillance over its massive amount of users. WhatsApp was bought by Facebook for a staggering $19 billion, it's largest-ever deal made by the company at that time. But Facebook had bigger, not-so-good plans with the app, which would make it even more money. This was kind of made obvious when the app’s cofounder commented on the acquisition: “I sold my users' privacy”.

And when we see news about these security holes being used in the wild, we can’t help but wonder if we really do have to use this app as our means of primary communication. However, while experts are recommending to uninstall WhatsApp completely, our digital world has evolved so much, that online messaging has become a part of our lives. So, an alternative is essential for an app with a history of security holes and leaks is necessary. And while there exist multiple alternatives, this article focuses on one, and in my opinion, the best in particular: Signal Messenger

WhatsApp’s end-to-end encryption is based on the same Signal protocol that the Signal app uses for communication. But even though the core and most important component is common in both apps, they differ widely overall. First and foremost, Signal is completely open-source. Its code is available to use, modify (or to suggest edits) for anyone, making it possible for anyone to check out the code for any possible loopholes, errors, or maybe room for improvement. Hence, it has less potential for hidden vulnerabilities. When a large community is focused on a piece of code, you can be rest assured that it’ll be the best you can get from it. Several third-party organizations have audited Signal’s code and their reports have always emerged as the app being secure. Although WhatsApp implements the sourced protocol from Signal, the app itself is closed-source, meaning its code isn’t available to anyone other than the core staff working for the app. When fewer people work on a piece of code, there’s always the possibility of something being missed or being left behind, which might be a huge security hole. This is what will be used later for nefarious purposes.

screenshots
Privacy-oriented features in Signal

While being foremost in terms of security and privacy, the app is a bit lacking in features that WhatsApp has, while having some features on its own. For example, while Signal does not support group voice/video calls at the moment (though the developers are working on it), it has had disappearing messages – which are automatically deleted after a specified period of time – since 2016 but the feature is still in beta stage in WhatsApp. Other perks that Signal has include view-once media messages (like in Instagram), backups that are locally stored and encrypted, and they don’t default to unencrypted storage in Google Drive or Apple iCloud (oh, by the way, that’s how WhatsApp’s online backups are stored – unencrypted, in plain text. So it isn’t necessary to hack your phones to get all of your texts; if somebody gets access to your cloud storage, every single of your backup data is at his/her mercy).

Signal recently rolled out the feature to blur faces in photos before sharing it to others. If you're one of those who wants to conceal yours (it others’) identity, then this will be a good news for you. Another privacy-orientated feature of Signal is Screen Security, which will essentially block other apps on your phone, or yourself, from taking screenshots of your chats on Signal. App preview from the recents screen is blurred too, providing a sort-of opaque wall to other apps. This way, you can be sure that even if there’s an app that is peeping on your activities on your phone, it can’t capture what’s happening inside your Signal app.

CONCLUSION:

All-in-all, Signal seems to be a better messaging app when it comes to privacy and security. But it might be hard to convince people to move from WhatsApp to Signal, especially since a lot of enterprises and small-scale businesses depends on it. In the future, there might come a day when WhatsApp’s surveillance becomes too much that it forces us to change to an alternative. WhatsApp, by itself, wouldn’t be as bad as it is now if it weren’t for its association with Facebook.To sum up, in the end, you have to make the final decision balancing your privacy and feature needs. Would you want to trust your data with a company whose sole purpose is to make money from its users, or with a non-profit organisation, whose every step taken is for the sake of its users? Corrupted governments use WhatsApp, Facebook Messenger etc. as a surveillance tool to spy on its people, and Signal is one of the apps that’s been rising in these countries, as people are aware about how secure their data is when using it. If you want to make the move to Signal, it’s supported on a wide variety of platforms, including the Google Play Store, Apple App Store, Microsoft Windows, Linux and Mac. Get it from https://signal.org/install.

REFERENCES:

  1. https://www.techspot.com/news/82843-hackers-can-use-whatsapp-flaw-way-handles-video.html

  2. https://www.zdnet.com/article/update-whatsapp-now-bug-lets-snoopers-put-spyware-on-your-phone-with-just-a-call/

  3. https://www.reuters.com/article/us-un-whatsapp/u-n-says-officials-barred-from-using-whatsapp-since-june-2019-over-security-idUSKBN1ZM32P

  4. https://edition.cnn.com/2020/01/23/politics/jared-kushner-saudi-arabia-jeff-bezos-phone-hack/index.html

  5. https://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet

  6. https://www.usatoday.com/story/news/2013/06/06/nsa-surveillance-internet-companies/2398345/