Signal: The Snowden-Approved Crypto App Comes to Android

Uploaded on 2015-11-24 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Since it appeared in Apple’s App Store last year, the free encrypted calling and texting app Signal has become the darling of the privacy community, recommended, and apparently used daily, by no less than Edward Snowden himself. Now its creator is bringing that same form of ultra-simple smartphone encryption to Android. 

Recently the privacy-focused non-profit software group Open Whisper Systems announced the release of Signal for Android, the first version of its combined calling and texting encryption app to hit Google’s Play store. It’s not actually the first time Open Whisper Systems has enabled those features on Android phones; Open Whisper Systems launched an encrypted voice app called Redphone and an encrypted texting program called TextSecure for Android back in 2010. 

But now the two have been combined into a Signal’s single, simple app, just as they are on the iPhone. “Mostly this was just about complexity. It’s easier to get people to install one app than two,” says Moxie Marlinspike, Open Whisper Systems’ founder. “We’re taking some existing things and merging them together to make the experience a little nicer.”

That streamlining of Redphone and TextSecure into a single app, in other words, doesn’t actually make Open Whisper System’s encryption tools available to anyone who couldn’t already access them. But it does represent a milestone in those privacy programs’ idiot-proof interface, which in Signal is just as straightforward as normal calling and texting. As Marlinspike noted when he spoke to WIRED about Signal’s initial release last year, that usability is just as important to him as the strength of Signal’s privacy protections. “In many ways the crypto is the easy part,” Marlinspike said at the time. “The hard part is developing a product that people are actually going to use and want to use. That’s where most of our effort goes.”

Open Whisper Systems’ encryption tools already have a wide footprint: According to Google Play’s stats, TextSecure had been downloaded to at least a million Android phones, all of which will now receive the Signal app in a coming update. Since 2013, Textsecure has also been was also integrated by default in the popular CyanogenMod version of Android. And last year Whatsapp gave it an enormous boost by integrating it by default into its Android app for Android-to-Android communications—a move that put Open Whisper Systems’ code on at least a half-billion Android users’ devices.

The security of those apps has been widely applauded by cryptographers who have audited them: As Johns Hopkin professor Matthew Green wrote in a 2013 blog post, “After reading Moxie’s RedPhone code the first time, I literally discovered a line of drool running down my face. It’s really nice.”

Open Whisper Systems, which is funded by a combination of personal donations and grants from groups like the US government’s Open Technology Fund, likely doesn’t enjoy the same popularity among law enforcement agencies. FBI director James Comey has repeatedly warned Congress over the last year of the dangers of consumer encryption programs, and British Prime Minister David Cameron even threatened to ban Whatsapp this summer based on its use of TextSecure.

All of that enmity has only bolstered Signal’s reputation within the privacy community—an affection that’s now been extended to its new Android app, too. “Every time someone downloads Signal and makes their first encrypted call, FBI Director Jim Comey cries,” wrote ACLU lead technologist Chris Soghoian on Twitter. “True fact.”

Wired:

« ISIS' 'Cyber Caliphate' Hacks 50,000+ Twitter Accounts
Tackling Crime On The Dark Web »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NCX Group

NCX Group

NCX Group is committed to helping customers identify and mitigate the risks inherent in today’s interconnected environments and business processes.

Cloud Foundry Foundation (CFF)

Cloud Foundry Foundation (CFF)

Cloud Foundry supports the full application development lifecycle, from inception, through all testing stages, to deployment.

Agenci

Agenci

Agenci are specialists in cyber security and information security and deliver ISO 27001 Certification.

Secret Double Octopus

Secret Double Octopus

Secret Double Octopus offers the world’s only keyless multi-shield authentication technology for users and things.

Dark Cubed

Dark Cubed

Dark Cubed is an easy-to-use cyber security software as a service (SaaS) platform that deploys instantly and delivers enterprise-grade threat identification and protection at a fraction of the cost.

Secure Recruitment

Secure Recruitment

Secure Recruitment is a specialist Executive Search business that focuses its efforts on attracting specific exceptional talent in Cyber Security.

Towerwall

Towerwall

Towerwall offers a comprehensive suite of security services and solutions using best-of-breed tools and information security services.

CloudBolt Software

CloudBolt Software

CloudBolt provide solutions for your toughest cloud challenges. From automation, to cost and security, and hybrid IT governance — we have you covered.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

ClearHub

ClearHub

The aim of ClearHub is simple: to give businesses like yours access to the best talent, all screened and technically tested by Clearvision’s expert team.

Cyber Security Authority (CSA) - Ghana

Cyber Security Authority (CSA) - Ghana

The Cyber Security Authority has been established to regulate cybersecurity activities in Ghana.

Gulf Business Machines (GBM)

Gulf Business Machines (GBM)

GBM is a leading end-to-end digital solutions provider, offering the broadest portfolio, including industry-leading digital infrastructure, digital business solutions, security and services.

ZX Security

ZX Security

ZX Security is a New Zealand owned and operated cyber security consultancy.

SecureClaw

SecureClaw

SecureClaw offers specialized cybersecurity consultation, various products, and a range of services to meet your company's business domain needs.

BARR Advisory

BARR Advisory

At BARR Advisory, we build trust through cyber resilience. We help protect the world’s data, people, and information networks through a human-first approach to cybersecurity and compliance.

Bastion Security Group

Bastion Security Group

Bastion Security combines the skills, expertise and leadership from Quantum Security, ZX Security, Helix Security and Cassini.