TextSecure and RedPhone were Android apps developed by security outfit Open Whisper Systems. Providing secure encrypted text chat and VoIP voice call capabilities respectively, we regarded both apps as being among the best (and arguably the best) options available for keeping your conversations private on Android.
In March this year (2015) Open Whisper systems released, Signal, an app for iOS that combines the functionality of both TextSecure and RedPhone, and this week it announced that “TextSecure is becoming Signal.”
Existing Android users will find your TextSecure app automatically updated to Signal, while RedPhone users are advised to uninstall the app (and install Signal instead, if you do not already have it installed.)
What is Signal?
Signal is a free and open source app that replaces your regular SMS messenger app, allowing you send and receive SMS messages as normal, except that when texting other Signal users in your contact list, all messages are automatically encrypted.
When texting non-Signal users you are given the option to invite them to Signal, or can simply send a message as normal via (unencrypted) SMS. Note that in the past TextSecure allowed users to send encrypted messages over SMS (as opposed to the internet), but this feature was removed from TextSecure due to lack of interest, and is not present in Signal.)
In addition to sending messages, you can “phone” contacts from within the Signal app. If the contact is another Signal user then the call is encrypted and routed over the internet (similar to Skype, but much more secure. And as with Skype, calls made in this way are free).
If the contact is not a Signal user then the app loads the contact’s telephone number into your regular phone dialer, ready for a normal (unencrypted and liable to your regular phone charges) phone call.
Signal is incorporated as the default messenger app in CyanogenMod, the very popular alternative OS or Android phones, and the TextSecure protocol on which Signal is based has also been adopted by the world’s most popular instant messaging app, WhatsApp (see end of this article for a few thoughts on this.)
Privacy & Security
Both TextSecure and RedPhone, which were both widely regarded in the technology security industry as among the best privacy tools available, are were recommended by Edward Snowden, who has now given the thumbs-up to Signal.
Because Signal is open source, its code can be independently audited for backdoors and other nasty surprises. Last year a German research team did precisely this for TextSecure, and despite finding a vulnerability (now fixed), it gave the app the all-clear in its paper How Secure is TextSecure?
‘We are the first to completely and precisely document and analyse TextSecure’s secure push messaging protocol… We show that if long-term public keys are authentic, so are the message keys, and that the encryption block of TextSecure is actually one-time stateful authenticated encryption [and] prove TextSecure’s push messaging can indeed achieve the goals of authenticity and confidentiality.’
Signal encrypts and decrypts all messages client-side (i.e. on the user’s phone before transmission and upon receipt), so they cannot be intercepted in transit. Messages can also be stored encrypted on the phone.
Each text is encrypted using perfect forward secrecy (using an ephemeral Curve25519 key), so that if any keys are compromised, the attacker will only have access to one small part of the conversation. The text body itself is encrypted using 256-bit AES in CTR mode, with Curve25519 Diffie-Hellman handshake/key protection, and SHA256 hash authentication (for more information on these terms please see here.)
Signal VoIP conversations are likewise encrypted client-side, with all voice communications between the app and servers encrypted using TLS, while the contents of communications are encrypted using 128-bit AES-CBC, with SHA1 hash authentication.
This is not as strong as the encryption used by Signal for text messaging, probably due the fact that encrypting and decrypting data uses processing power, so stronger encryption would negatively impact the quality of calls. For most purposes this level of encryption should be more than sufficient, but if very high levels of privacy are required then you should probably stick to text messaging.
While all of this is very impressive, some concerns have been voiced. The first of these centers around the baseband processor that is present in every smartphone built to date. As Thom Holwerda writing for OSNews explains,
‘The problem here is clear: these baseband processors and the proprietary, closed software they run are poorly understood, as there’s no proper peer review. This is actually kind of weird, considering just how important these little bits of software are to the functioning of a modern communication device. You may think these baseband RTOS’ are safe and secure, but that’s not exactly the case. You may have the most secure mobile operating system in the world, but you’re still running a second operating system that is poorly understood, poorly documented, proprietary, and all you have to go on are Qualcomm’s Infineon’s, and others’ blue eyes.
The insecurity of baseband software is not by error; it’s by design. The standards that govern how these baseband processors and radios work were designed in the ’80s, ending up with a complicated codebase written in the ’90s – complete with a ’90s attitude towards security. For instance, there is barely any exploit mitigation, so exploits are free to run amok. What makes it even worse, is that every baseband processor inherently trusts whatever data it receives from a base station (e.g. in a cell tower). Nothing is checked, everything is automatically trusted. Lastly, the baseband processor is usually the master processor, whereas the application processor (which runs the mobile operating system) is the slave.’
What this basically means is that ISPs can, if they choose to, bypass any encryption used by any app running on a mobile phone in real-time, allowing them to readily access all content on that phone in cleartext (by simply accessing the content as it becomes encrypted/decrypted).
Or at least that is the theory – no evidence of this actually happening has yet been reported. It should also be stressed that none of this is Signal’s, fault, and is a potential flaw in all mobile security software.
It should also be stressed that an adversary using such methods to spy on smart phone users’ encrypted communications would have to be very powerful (e.g. the NSA), and would almost certainly have to specifically target a known individual’s phone (so no blanket spying).
In addition to the baseband processor problem, the issue of where open source developers receive funding from worries some observers. As with other high profile open source privacy projects such as LEAP (which is used to run RiseUp.net), WikiLeaks-alike GlobaLeaks (endorsed by Tor devs such as Jacob Applebaum), the Guardian Project (makers of ChatSecure and Orbot) , and the Tor Project itself, Whisper Systems receives generous financial assistance from US government funded agencies.
Privacy activists and open source developers argue that good math is good math, regardless of where the funding comes from, and that the funding necessary to develop secure systems is otherwise very hard to come by.
Despite these concerns (which affect all mobile apps and almost all major open source security projects respectively), Signal appears to be among the most secure applications currently available. You pays your money (or not in this case), and you takes your chances…
As of March 2015, however, Signal’s message delivery has been performed by Open Whisper Systems itself, and the client relies on GCM only for a wakeup event. For those who are still unhappy at having Google Apps (Gapps) on their device, LibreSignal is an open source Signal fork that uses Websockets instead of GCM, and therefore does not require Google Play Services to be installed.
Signal is now officially available as an .apk file, so no need for Google Play Services framework.
Signal in use
You need to register with Signal using your phone number (it is intended to replace your regular messaging app, so it needs to know this information anyway.) It will then generate a key pair. The identity of other users can be verified by reading out your ‘identity’ (public) keys to each other.
By default all your old messages and message history are imported, and Signal makes use of your default dialler contact list (at least it does in Android – we have not tested the iOS version.)
Signal features a group chat mode, and can send camera, picture, video, audio, and contact info attachments. There is also the option to encrypt messages locally, hiding access to them behind a passphrase. Remember that messages and voice calls between Signal users are not only encrypted, but are free.
Even without taking its privacy and security advantages into consideration, Signal makes an excellent SMS/MMS client that does a good job of replacing the stock one that came with your phone.
As far as security is concerned, it is probably the best option currently available for keeping your text and voice conversations private.
The baseband processor issue is a worry, but until open source baseband processor firmware becomes available (and we are not aware of any currently being developed), the only way around this issue is to only communicate on hardware with no cellphone capability, on a very secure OS such as TAILS or (maybe) CyanogenMod, and use a secure desktop messaging or VoIP app (the newly released Tor Messenger also looks promising).
Signal is available to download for Android and iOS.
A note about WhatsApp
A major problem when trying to migrate towards a more secure software environment is that this generally requires getting your friends, family and colleagues on board. After all, if your no-one you know can be persuaded to install and use Signal, then it just acts as (not at all bad, but offering no real advantages over stock) SMS client.
Despite initial alarm by privacy advocates when it was purchased by Facebook, WhatsApp now uses the TextSecure protocol, and thanks to its established popularity, it may therefore be much easier to persuade your contacts to actually use WhatsApp (in fact there is a very good chance that many of them already do!)
Unfortunately, despite using the same underlying security protocol, Signal and WhatsApp are not compatible with each other.
Because WhatsApp uses the TextSecure protocol, in theory messages are encrypted client-side and are as secure as those sent via Signal (regardless of WhatApp being owned by Facebook.) However, because WhatsApp is closed source, there is no way to verify this, or that the app does not send a copy of users encryption keys back to Facebook.
The fact the Facebook owns WhatApps also hardly inspires confidence given its abysmal privacy record, so WhatsApp can never be considered anywhere near as secure as Signal.
On the other hand, however, you probably have a lot of friends who already use WhatsApp, and are therefore more likely actually encrypt their messages using the app…