WhatsApp stepped-up its security game by rolling out end-to-end encryption for its 700 million users earlier this year. Open Whisper System’s Signal, released in 2014, is relatively new to the game but has amassed a lot of security focused disciples owing to its great encryption. For the uninitiated, many of the private messaging apps like WhatsApp, Facebook Messenger, Google Allo use Open Whisper System’s secure protocol to enforce encryption. For the average user, if all these messaging apps already sport Open Whisper system’s strong encryption, why so much fuss in switching over to Signal? So, today I’ll point out 5 security reasons to switch from WhatsApp to Signal:
1. WhatsApp Doesn’t Encrypt Metadata
Let me give you a quick heads-up on what metadata means. From Techterms.com: “Metadata describes other data. It provides information about a certain item’s content. For example, an image may include metadata that describes how large the picture is, the colour depth, the image resolution, when the image was created, and other data.”
Similarly, in the context of messaging, metadata means the data about the actual text message which may include the sender’s phone number, recipient’s phone number, date and time of the message. At first glance, it’s easy to discard messages metadata as it might seem trivial. But make no mistake. Using metadata, researchers can create a network that describes with whom and when the individual communicates. For instance, back in 2013, Microsoft’s research team published a paper, which described a system to discern your age, gender, sexuality solely on the basis of things you liked on Facebook. Pretty creepy, right?
Similarly, while WhatsApp cannot read your actual message, it can hand over the metadata of the message to comply with the laws. The law authorities may analyse this data to find out the date, time and all the people you’ve been in contact with. Signal, the good-guy takes pride in acknowledging that it encrypts this metadata, so when time comes, it virtually has nothing substantial to hand over.
2. WhatsApp Lacks In-app Encryption
WhatsApp enabled end-to-end encryption for the messages that go through the internet but missed a basic functionality — no encryption for the messages stored on your phone. So what good is encryption for messages over the network if somebody happens to steal your device without a passcode? They can obviously go through all your messages.
To combat this, Signal encourages you to set-up a passphrase of your own. Then, all text messages in Signal are encrypted with your passphrase before being stored locally. You can also choose to lock Signal automatically after a certain amount of time.
3. WhatsApp’s Online Backups Are Unencrypted
Backing up your WhatsApp messages to your Google Drive can come very handy. After all, there’s no telling when your phone could fail you or even worse, get stolen. Restoring messages from Google Drive could prove as a lifesaver in those situations. Unfortunately, storing your data in the cloud poses an even bigger risk when it comes to security. As backup data is stored in Google Drive, your Google credentials are the single layer of security here. Don’t trust me? See this screenshot from WhatsApp settings, which clearly says that messages you backup are not protected by end-to-end encryption while in Google Drive:
If God forbid, your Gmail gets hacked, or if Google has to comply with a warrant, remember all your conversations are going to be exposed. But that is not all. Even if you have online backups disabled, but the other party you’re conversing with has it enabled, you’re going down, too. You know the time when you’ve to suffer for other’s faults? Yes, this is one such moment.
Signal solves this problem by well, not providing a fully-featured backup option. It only includes a simple manual backup/restore to plain text option if you need.
This may not be the most convenient option, but in the end, it all boils down to one single thing: features vs security. And Signal does what it does best — focusing on security.
4. WhatsApp is Proprietary (And Owned by Facebook!)
End-to-end encryption provides only one side of the story. For the complete picture, it’s necessary to understand how the encryption has been integrated. With closed source apps like WhatsApp, it’s next to impossible to review the code and see how well the encryption has been integrated. On the other hand, Signal’s code base is open source and can be analysed by researchers to find if security measures are enforced properly.
Furthermore, Facebook owns WhatsApp, and Facebook’s business model is based on advertising. Remember, how in August WhatsApp declared that they’ll be sharing some of your data with the parent company Facebook? Primarily, it shared your phone number to offer better friend suggestions and of course, more relevant ads! Even if you opted-out during the 30-day period, it still shared some data with Facebook.
In contrast, Open Whisper Systems is a non-profit community of volunteers, as well as a small team of dedicated grant-funded developers.
5. Signal has Better Security-focused Settings
I’d also like to point out two little security-focused settings that Signal has. The first one is “Disappearing messages“, which stays true to its name and lets you send self-destructing messages. You have the option to send messages, which self-destruct after 5 seconds to all the way up to a week.
The second one is “Screen security“, which prevents anyone from taking a screenshot of your conversation. Obviously, it is not fool-proof as someone could always take a picture from another phone.
Although these two are not headline-grabbing features, little details like these are why I’m inclined towards Signal.
Exactly How Secure is Signal?
Signal provides top-grade encryption, the reason why even NSA whistleblower Edward Snowden recommends using it. If you really want to know what data Signal can share about you, if the time comes, it’s this: the time of your Signal account creation and the date of last connection to Signal’s servers, that too with reduced precision to a day. That’s pretty much it. No, really. Not even metadata, let alone actual message content. For reference, Signal was subpoenaed recently and here’s the information they disclosed.
SEE ALSO: How to Encrypt Your Android Device to Secure Personal Data
So Are You Making the Switch to Signal?
These were my five security reasons on why you should switch to Signal. From a security perspective, Signal emerges as a clear winner. If you’re looking for more featured-pack experience, you are probably better off with WhatsApp or Telegram. However, if you’re paranoid about your privacy, make the switch to Signal today!
Download: Signal for Android | Signal for iPhone
These are all great points. I use signal as well and really like it. Recently, I have just come across wire, made by one of the cofounders of Skype and while it does not have a couple of signals signature features like password protection over the app, I personally can see myself using wire down the road over signal. There are a couple of reasons: i personally like the consistency of groups across different devices, shared media across different devices, and the call quality. Signal is mostly consistent on American made phones or phones with nicer build quality. I had a Huawei P8 lite and couldn’t get MMS texts and couldn’t keep a group running in signal. I have a Google pixel now, and it works fine, but this doesn’t help for friends and family running more affordable handsets.
Furthermore, Signal has always advertised itself as a method for making encrypted calls as well as messages, but the quality leaves quite a bit to be desired. The functions of signal were initially developed under two separate parent apps: telegram and redphone for Android and signal for ios, which didn’t make encrypted calls at all. Eventually, the functions of telegram and redphone were just placed in one universal app, and devs chose signal. However, signal suffers extremely inconsistent and choppy call quality. It is just bearable on WiFi and borderline impossible over data. Simultaneously, signal requires a phone number to activate which, surprisingly leaves a couple of my friends left using less secure methods of communication (people with iPads and ipods but still have a flip phone), or with none at all. Finally, signal does not have a desktop app, which is essentially standard across all encrypted and insecure chat apps. Wires protocol is a modified version of the openwhisper protocol (the same protocol as signal), that allows for its system to take emails instead of requiring phone numbers. This means users can have aliases like on programs such as telegram, but with full encryption as opposed to secret chat encryption… Alias features are nowhere to be found on signal, and only work on WhatsApp if someone doesn’t have your number. Account names on wire are as customizable as account names on Twitter.
While I like signal, I’m trying to make the switch to wire because it is entirely encrypted like signal, has self destructing messages like signal and provides encrypted channels for all major methods of communication: talk, text, and video, making it the first encrypted video chat app that is freely available to the public. When it comes to the scope of everyday needs that wire addresses for most users, I personally think it’s a more comprehensive experience.Also the quality of video and voice is excellent. Sometimes it’s a little nuanced in establishing a connection, but overall it’s leaps and bounds ahead of signal in quality.
Finally, wire just looks better too.