As announced in July last year, when the first version of the app was released, Signal now also allows the sending and receiving of (group) text messages, pictures and video messages, and all this content is encrypted via the TextSecure protocol, which has been independently audited.
According to white hat hacker and security researcher Moxie Marlinspike, who’s one of the company’s founders, in the future Signal will become a unified app that will work on iPhones, Android-based phones, and desktops.
In the meantime, the app is fully compatible with TextSecure and RedPhone, two Android apps also created by Open Whisper Systems, which offer encrypted text and voice communication, respectively.
The great thing about Signal – apart from it being extremely easy to use – is that it’s code is open source and available for anyone to peruse and audit for security and implementation flaws.
“We cannot hear your conversations or see your messages, and no one else can either. No exceptions. You can even tap and hold on a contact’s name to see advanced identity verification options,” the company explains. “Everything in Signal is always end-to-end encrypted and painstakingly engineered in order to keep your communication safe.”
The app uses the ZRTP protocol for secure voice communication and supports forward secrecy, meaning that even if an attacker get his hands on your encryption key, he’ll be unable to decrypt all the messages you exchanged before that moment.
“Signal uses your existing phone number and address book. There are no separate logins, usernames, passwords, or PINs to manage or lose,” the company pointed out. “Messages and incoming calls are fully asynchronous; push notifications let you know when new messages have arrived, so they’ll be waiting for you if the app is in the background, your battery dies, or you temporarily lose service.”