📝 Help populate this page with common questions and answers. Your account has to have at least 100 karma in r/signal to edit - or, message the mods with your suggestions and we will see what we can do.

Welcome to the r/signal FAQ!

Here you will find some common questions which have been asked here on Reddit (and elsewhere) and which have not yet been covered in the official Support Center (support.signal.org). Unless otherwise noted, all answers below are informal and provided by other Signal users like you. The information might not always be accurate, so take it with a grain of salt.

If you are unsure about something and want an official answer, please don’t hesitate to search the knowledge base articles or submit a request at the official Support Center. New questions can also be submitted at the Community Forum (community.signalusers.org). If you have any suggestions for this FAQ or notice that something is missing/incorrect/outdated, please message the mods and we will see what we can do.

General

see also Signal Messenger Basics, the General FAQ, and the Security FAQ in the official Signal Support Center.

What is Signal?

Signal is a messaging app that runs on iOS, Android and Desktop, and you can get involved in shaping its future!

Signal is maintained and run by Signal Messenger LLC, a small team of dedicated donation-funded developers, along with a large community of volunteer Open Source contributors that surround the project. All of the source code and files for this project are publicly hosted on GitHub, and anyone can get involved and contribute.

You don't have to be a developer to become a valuable part of our community. There are many other ways in which you can help, for example by submitting bug reports or feature requests, providing translations, participating in the online conversations, or just spreading the word and getting friends and family to use Signal.

What is the aim of Signal?

Together, the Signal community is working to advance the state of the art for secure communication, while simultaneously making it easy for everyone to use. We aim to make mass surveillance of private messaging a thing of the past, and to do that our biggest focus is currently user adoption; we want Signal (or something as secure as Signal) to be as ubiquitous as other messaging applications such as WhatsApp or Facebook Messenger.

Can someone who has access to the Signal servers read my messages or listen to my calls?

No. All Signal communications are verifiably end-to-end encrypted. The servers never see any of the keys that are required to decrypt any Signal communications. All of the code is open source and anyone can verify that there hasn't been a man-in-the-middle attack by comparing Safety Numbers with their contacts.

Why does Signal ask for my phone number?

Signal uses phone numbers as identifiers in order to make it as easy as possible for people to communicate privately with contacts who they would otherwise communicate with unencrypted via SMS/MMS messages or phone calls.

The number you sign up with does not have to be the one that is tied to your device’s SIM card. If you want, you can sign up with a Google Voice number, any VoIP number, or even a landline number, and hand that out to your contacts as your "Signal number".

In June 2018, Signal's developers said on the community forum that they "don’t typically talk about timelines or features until they are ready," but that they've been "brainstorming and prototyping internally for a long time" and are "actively looking into" the implementation of alternative identifiers.

Does Signal require access to my contacts?

No. Regardless of which app you're using (Android or iOS), you can revoke the app's access to your phone's address book and it should work fine. However, you will need to manually enter a recipient's number in order to start a new conversation with them. On Android and desktop, you can initiate new conversations by entering the recipient's phone number in the "Enter name or number" field; on iOS, enter the recipient's number in the "Find by phone number" field.

Giving the app access to your phone's address book allows you to 1) see locally saved names and avatars of contacts who have not yet set up their own encrypted Signal profiles, 2) look up which of the phone numbers in your address book are also registered on Signal, and 3) invite your friends to join Signal. The Signal servers are designed to not store any information about your contacts:

• https://signal.org/blog/contact-discovery/
  
• https://signal.org/blog/private-contact-discovery/
  

Do the Signal servers keep any records of which groups I am in or who I have communicated with?

No. In a 2016 transparency report, Signal's developers wrote:

We've designed the Signal service to minimize the data we retain about Signal users, so the only information we can produce in response to a request like this is the date and time a user registered with Signal and the last date of a user's connectivity to the Signal service.

Notably, things we don't have stored include anything about a user's contacts (such as the contacts themselves, a hash of the contacts, any other derivative contact information), anything about a user's groups (such as how many groups a user is in, which groups a user is in, the membership lists of a user's groups), or any records of who a user has been communicating with.

As of October 2018, the apps include a "sealed sender" technique that reduces the amount of metadata that is accessible to the service. To take advantage of this feature, all you and your contacts need to do is update to the latest versions of the apps: Android 4.30+, iOS 2.31+ and Desktop 1.18+. There are no specific or additional actions that are necessary. Sealed sender messages are automatically sent whenever possible.

How much data do Signal's encrypted voice calls use?

Even though it uses constant bitrate (CBR), it re-negotiates the bitrate based on your network connection, so it is impossible to give a definite answer. Based on this thread (which probably overestimates the overhead), you can expect about 12kB/s or less than 40MB per hour depending on your network connection.

What can I do if my messages are not being sent or delivered?

If your outgoing messages are stuck in the "sending" phase, you can try going through the support page for troubleshooting sending messages. If they get past the "sending" phase but remain in the "sent" state (one check mark) without being delivered (two check marks):

1. There is no issue with your phone if you see that the message was sent.
2. You can wait until your contact has an internet connection so that Signal can retrieve the message.
3. Ask your contact to troubleshoot notifications for their device.
4. If your contact no longer has Signal installed, you can ask them to unregister their number or remind them to install Signal again.

Source

What can I do if I receive messages late?

If you are not being notified about incoming messages, you can try going through the support page for troubleshooting notifications. If this doesn't fix the issue, contact support or file a report on one of the official issue trackers on GitHub.

Popular apps can sometimes be whitelisted by a device manufacturer so that their users don't need to troubleshoot the app's connectivity or notifications so often. Signal's developers have said: "If anyone has any contacts at prominent Android handset manufacturers, we would love to work with them to get whitelisted."

What happens if my friend uninstalls Signal without unregistering first?

Unfortunately, the Signal service has no way of detecting if a user has uninstalled the app. If your messages are not being delivered because the recipient uninstalled Signal, you can ask them to unregister their number or remind them to install Signal again.

If you're in a conversation with another Signal user, the app will never fall back to insecure SMS by itself. If you're on Android and want to send an SMS message to one of your Signal contacts, you can do so by long-pressing the blue send icon and selecting the grey send icon that has an unlocked icon on it.

Do Signal group chats have a size limit?

No, there is no explicit limit to the number of people that can be added to a Signal group chat. However, if the group becomes very large, it can become difficult to manage and you may notice that messages take a bit longer to send. In November 2017, Signal's developers said:

Signal’s group messaging features have been designed in order to protect group metadata. This includes the group’s name, image, and the list of people who are members. None of this information is ever sent to the remote service or shared outside of the group under any circumstances. Group info and message exchanges are all end-to-end encrypted–just like everything else in Signal.

This approach requires more client-side processing, may extend the amount of time that it takes to send messages in very large groups, and might cause occasional issues when a group member reinstalls Signal or gets a new device (though we have already made some significant updates to help address this).

It can be easy to forget about the metadata protection and group privacy benefits because they happen behind the scenes, but those benefits are real. We will never cut corners and sacrifice user privacy for the sake of expediency.

Improvements to group messaging are on our roadmap.

Is it possible to remove other users from Signal group chats?

Removing other people from Signal group chats is currently not supported. This is a tradeoff that Signal made so that the servers wouldn’t have to keep track of user roles (creator/admin/etc.) and group membership lists. All of a group chat’s data is stored on the devices of the current group members and updated through end-to-end encrypted messages that are sent between the devices. There's some more information about this here: https://signal.org/blog/private-groups/

There’s a discussion about improving Signal group chats here:

• https://community.signalusers.org/t/improving-signal-group-chats/979

What are the attachment size limits?

• Image attachments: 6 MB
  
• GIF attachments: 25 MB
  
• Video, audio and document attachments: 100 MB
  

Source

Can I send uncompressed photos?

Yes, but depending on the platform, you will need to send them as document/file attachments or ZIP files. Here is how you can send uncompressed photos through Signal:

iOS: Attachment icon > Document > Photo Library

Android: Attachment icon > File

Desktop: The recommended workaround is to use a ZIP or other archive format.

If someone else uses my number to register on Signal, will they have access to my data?

No. All of your Signal data is stored locally on your own device(s). If someone were to use your number to register with Signal on a new device, they would not gain access to e.g. your contact list or past messaging history. Your Signal contacts would also see a Safety Number change alert. These in-thread notifications are generated by the client and cannot be suppressed under any circumstances. If you have verified Safety Numbers with each other in the past, your contacts will be forced to manually approve the change before they can send new messages to your number.

For increased security, you can enable a Registration Lock PIN in Signal. Anyone who tries to register your phone number with Signal will be asked to enter this PIN.

What should I do if I get a new phone or phone number?

It is recommended that you inform your contacts of the switch and follow these instructions:

• https://support.signal.org/hc/en-us/articles/360007062012-New-Number-or-New-Phone

You may also want to verify Safety Numbers with your contacts after you've made the switch:

• https://support.signal.org/hc/en-us/articles/360007060632-What-is-a-safety-number-and-why-do-I-see-that-it-changed-

Is Signal supposed to hide my identity?

The short answer is no. Even though Signal is designed to provide a high level of privacy, it is not designed to provide anonymity. It uses phone numbers as identifiers in order to make it as easy as possible for people to communicate privately with contacts who they would otherwise communicate with unencrypted via regular SMS/MMS messages or phone calls. It is possible to use Signal anonymously, but you would first need to obtain an anonymous phone number for registration. No matter what number you choose to sign up with, Signal does not share that number with anyone unless you send them a message. Signal's developers have said that the ability to register with different kinds of identifiers is on their roadmap.

How can I get a plaintext copy of my messaging history?

Your Signal messaging history is stored locally on your phone and any devices that you may have linked to your account. As long as you don't delete the app, you can always access this data, even if your number is no longer registered with the Signal service. Here are some tips if you need to export a plaintext copy of your messaging history:

Android:

To get a plaintext copy of your messaging history:

1. Create an encrypted backup of your Signal database and write down the 30-digit passphrase
2. Move the backup file from your phone to a computer
3. Use one of several open source utilities like Signal-Back to decrypt the file with your passphrase

iOS:

Unfortunately, backups are currently not supported. The implementation of this feature is being tracked here:

• https://community.signalusers.org/t/ios-backup-keeping-message-history-when-switching-phones/1736

In the meantime, you may need to take screenshots of your messages.

Desktop:

Signal Desktop stores all messages in an SQLite database. On Windows, the database is located at C:\Users\YourUserName\AppData\Roaming\Signal\sql\db.sqlite and the SQLCipher key to open it is stored in C:\Users\YourUserName\AppData\Signal\config.json. On macOS, the database is located at ~/Library/Application Support/Signal/sql/db.sqlite and the key is in ~/Library/Application Support/Signal/config.json. In addition to using Signal Desktop itself, it is possible to use a third-party tool like DB Browser for SQLite to open and browse the message database. You may need to choose "Raw Key" in the settings and enter the prefix "0x" before the whole key.

Features

see also Signal Messenger Features in the Support Center.

What features does Signal offer?

• Send text and voice messages
  
• Send multiple photos and videos at once
  
• Private group messaging
  
• Send files of any type
  
• Contact sharing
  
• Quoted replies
  
• Block numbers and groups
  
• Sealed Sender
  
• Encrypted profiles
• Disappearing messages
• Optional read receipts
  
• Optional typing indicators
  
• Optional link previews
  
• A dark theme / night mode
  
• Contact verification via Safety Numbers or QR codes
  
• Registration Lock
  
• Archive chats
  
• Send GIFs¹
  
• Voice and video calling¹
  
• Full-text search¹
  
• Screen locking with a pin, passphrase, or fingerprint¹
  
• Share your current location²
  
• Doodles and stickers²
  
• SMS/MMS messaging²
  
• Encrypted backups²
  
• Reproducible builds²
  
• Standalone desktop app³
  
• Private contact discovery⁴
  

¹ Currently only available on Android and iOS.
² Currently only available on Android.
³ Currently only available on 64-bit Windows, MacOS and Debian-based Linux systems.
⁴ Currently in beta.

What features can we expect in the future?

Signal's developers don't typically talk about timelines or features until they are ready. Nonetheless, below is a list of frequently requested features that they have said are on their roadmap. New feature requests are discussed and tracked on the community forum (community.signalusers.org).

General features:

• Option to register with identifiers other than phone numbers¹
  
• Use a smartphone/tablet as a secondary linked device²
  
• @mention tagging in groups
  
• React to specific messages with emojis
  

iOS specific:

• Create/restore backups
  
• Location sharing³
  
• Option to set individual contact colors
  

Desktop specific:

• Full-text search
  
• Voice and video calling¹
  
• Official support for more desktop platforms
  

¹ These features will require extensive changes to all three client applications and the server. They may also increase the load on the servers and/or the support team. It might take some time before they are implemented, so please be patient. The Signal team is still very small, but they are hiring.
² You will then be able to use a smartphone and an iPad simultaneously with the same identifier.
³ In the meantime, there is this workaround: open a map app -> select your current location -> tap on the share button -> select Signal to share your current location.

Will it be possible to send/receive SMS/MMS messages via...

...Signal iOS?

Not until Apple allows other apps to replace the default SMS/messaging app.

...Signal Desktop?

Unlikely. Signal's developers have said:

That isn't planned. In order to do that, messages would need to be relayed through the phone which isn't how Signal Desktop operates. The desktop app is an independent client. We also want to encourage users to move away from insecure legacy protocols.

Will Signal Android add support for RCS?

Not until Google provides documentation for how third-party apps can implement RCS. In January 2019, Signal's developers said:

Android has APIs for SMS and MMS support through the Telephony provider, but you won't find anything at all if you visit that page and search for "RCS" -- even on API level 28.

In the exclusive announcement coverage of Android Chat on The Verge, this sentence seemingly confirms that the complete absence of RCS APIs in Android is not an accident:

You will still be able to download Google’s app if you’d prefer to use it, though it seems unlikely that third-party developers will be able to create full RCS-enabled apps.

[...]

It does not appear to be possible for third-party apps to implement RCS at all right now, and it's unclear if it ever will be.

Will there be a Signal web app?

Signal's developers have said: "Nothing like this is on the roadmap for now." A server-based web app might introduce some security issues that Signal does not currently have, as explained by a community member in February 2017:

The fundamental problem with web interfaces is: there's no way to version, sign and securely distribute a web page. Instead, you're re-requesting the code you'll run every single time you visit the site (making audits practically impossible).

This effectively reduces the security of your end-to-end encrypted communication to that of your SSL connection to the server, i.e. you're only as secure as the CA system. Anyone able to intercept the client-server SSL connection (and the server itself) can silently change the code you receive and execute, with a very low risk of getting caught. This is why products which offer end-to-end encrypted communication through in-browser crypto are often considered snake oil, unless they use some form of a packaged & signed browser extension.

Where can I suggest new features and follow their implementation?

If you have ideas, suggestions or requests to change the intended behavior of the Signal apps or to implement new functionality, you can post them on the community forum. These discussions will often receive progress updates from other community members as the features get implemented. Signal's developers don't typically talk about new features until they are ready, but they do their development in the open. If you want, you can follow Signal's development by subscribing to the repositories on GitHub: https://github.com/signalapp

Signal Android

How can I migrate my messages from Signal to my device's original SMS app?

Follow the instructions above to get a plaintext copy of your messaging history. At the end of step 3, use Signal-Back to convert the file into XML. You can then copy the XML file to your phone and restore it using SMS Backup & Restore.

Why do I see a notification that says "Retrieving a message..."?

Signal Android will show a foreground notification if the network is restricted. When this was implemented in October 2018, the developers wrote:

Occasionally a job may be run when the app is in a network-restricted mode, like a form of doze. When this happens, jobs can timeout due to lack of network access, causing a cascade of job delays. This is particularly bad in the case of message retrieval. To prevent this, if a job that normally requires network detects that no network is available when running, then we start a foreground notification.

Using Signal with Google Play Services

Almost all Android devices include Google Play Services, which includes a push notification framework called Firebase Cloud Messaging (FCM). If your device includes support for using FCM, either through Google Play Services or something like OpenGApps or microG, Signal will normally register you as an FCM user and use it to wake up your device with an empty push notification whenever there are new messages queued on the Signal service and your device is not connected to it.

Request to grant Google Play Services some permissions

If your device includes Google Play Services and you have revoked some of its permissions before you install Signal, your device may display a pop-up which says: "This app won't work properly unless you allow Google Play services' request to access the following: [list of permissions] To continue, open Settings, then Permissions, and allow all listed items."

Signal will actually work properly even if you do not grant Google Play Services any of the requested permissions, but unfortunately, Google Play Services won't let you register with Signal as an FCM user if you tap Cancel on this permission request. There are two possible workarounds:

1. Grant the requested permissions to Google Play Services > register with Signal > go back to Android Settings and revoke the permissions that you granted to Google Play Services.
   
2. Completely disable or remove Google Play Services from the device before you install the Signal APK (see the section for advanced users below). This will cause the Signal app to fall back on a WebSocket connection and not attempt to use Google Play Services, even if you decide to re-enable or re-install Google Play Services and use them for something else later.

Signal's developers have said:

We don’t have any control over the phrasing in that permission pop-up. The pop-up is coming from Google Play Services. It isn’t generated by Signal at all. Any app that tries to use something that is provided by GPS (because it is installed) would trigger the same pop-up.

Request to update Google Play Services

If you see a pop-up asking you to update Google Play Services, your device most likely includes Google Play Services which have been disabled and thus haven't been able to update themselves. If you do not wish to update Google Play Services, there are two possible workarounds: 1) Re-register with Signal by going to Signal Settings > Advanced > toggle "Signal messages and calls" off then on. The app should fall back on a WebSocket connection and not attempt to use Google Play Services. 2) Completely remove Google Play Services from the device before you install the Signal APK (see the section for advanced users below).

Permanent Signal communication failure

If you have registered with Signal on a device that includes Google Play Services and it later stops working, you may see an error which says: "Permanent Signal communication failure! Signal was unable to register with Google Play Services. Signal messages and calls have been disabled, please try re-registering in Settings > Advanced." This error may also be displayed every one or two years if you are using something like microG and that project is behind schedule on updating their version of FCM. If you see this error, all you need to do is re-register with Signal to have it fall back on a WebSocket connection and not attempt to use Google Play Services. To re-register, go to Signal Settings > Advanced > toggle "Signal messages and calls" off then on.

Can Google silently update the app with a malicious version?

No. Signal's developers have said that the Play Store releases are signed by keys that Google doesn’t have, and that reproducible builds add another layer of security. Reproducible builds help to verify that the source code in Signal's GitHub repository is the exact source code used to build the compiled Signal APK being distributed through Google Play.

Using Signal without the Google Play Store or Google Play Services

This section is intended for advanced users and people running aftermarket Android ROMs.

If you do not have the Google Play Store on your phone and do not wish to build Signal directly from source, you can install an auto-updating APK directly from the official website: https://signal.org/android/apk/

If your device does not include Google Play Services, Signal can't use FCM to wake up your device when there are new messages queued on the service. In this case, Signal will automatically fall back on a WebSocket connection and will not attempt to use FCM. You can still use Signal, but this configuration may result in reduced reliability or performance.

Why does the website APK exist?

The website APK exists for people who (for whatever reason) can not install Signal through the Google Play Store and would otherwise install random APK's that are signed by random people on the internet. If you have the Google Play Store on your phone, then there is most likely no reason for you to install the APK from Signal's website.

Is there any difference between the Signal app on the Play Store and the website APK?

The only difference between the two is that the website APK includes some code that allows it to update itself if your device does not include the Google Play Store. Both the Play Store build and the website distribution build are signed by Signal's developers, both are open source and reproducible, both will use FCM for wakeup events if you have Google Play Services installed on your phone, and both will fall back on a WebSocket connection if your device does not include Google Play Services.

Why is it safer and easier to install Signal Android through the Google Play Store?

There is always a risk involved when you enable "unknown sources" and want to sideload an app. As explained by a StackExchange user:

Apps that you download from the official Play Store undergo some (undocumented) verification process which includes anti-virus scan, but most importantly are banned as soon as some malicious activity is detected by Google or other organizations that specialize in monitoring such threats. This does not mean that you can be sure that an app that you install from Play Store will do no harm, but the risk is significantly higher outside.

People can easily be tricked into installing fake malware-containing apps from fake app stores and websites:

• https://www.eff.org/deeplinks/2018/01/dark-caracal-good-news-and-bad-news

This also applies to the Signal Android APK, which is why the official download page includes a warning and a way for you to verify that the APK you have downloaded was actually created by Signal's developers.

I'm having trouble registering on a device with microG

To register with Signal on a device that includes microG, you need to either enable GCM in the microG settings or disable microG (Android Settings > Apps > microG settings > disable service) before you install the Signal APK. Once you've signed up you can re-enable microG if you need it for something else. If neither of these helped, check out the support page for troubleshooting registration.

Do I have to manually check for updates?

The Signal website distribution build is designed to automatically download the latest update and notify you when the update is ready to be installed. All you need to do is tap on the notification and then tap "install" to confirm that you want to install the update.

That's as far as the developers can make things go due to a security mechanism that's built into the Android operating system: Apps that are installed from "3rd party sources" can't install updates in the background without user confirmation.

Why is the website APK release sometimes one version behind the Play Store release?

Signal's developers want their software to be as stable as possible for the most number of users. They have said:

Even just within just the Play ecosystem, it is somewhat rare that everyone sees a consistent "release" at any given time. We have a weekly cadence that starts with a beta channel, goes through an incremental .1%, 1%, 5%, 10%, 20%, 50%, 100% rollout, getting to 100% right around the time that the next beta is going out. The non-play distribution channel is the one we have the least control over, so it is typically the last "slice" to see an update.

Where can I find the website APK's sha256sum?

People usually check the sha256sum of a file to make sure that the download was successful. This is useful when you want to download a large file, such as an entire operating system, and need to make sure that there weren't any errors during the download process:

• https://help.ubuntu.com/community/HowToSHA256SUM

It is much less likely that similar errors would happen while downloading a smaller file, such as a mobile app. This is probably the main reason for why the Signal devs haven't listed the Signal APK's sha256sum on the download page: It wouldn't provide any useful information. You can still check the Signal APK's sha256sum if you want. Every new update's sha256sum is published here:

• https://updates.signal.org/android/latest.json

The only sha256 fingerprint that is currently displayed on the Signal APK's download page is that of the signing certificate. This is useful for people who want to make sure that the app they've downloaded was actually created by the Signal devs and not someone else who has hacked the person's connection to the server or the server itself.

How can I verify the APK's signing certificate?

APK files are just ZIP files in reality, so open it up with whatever archive tool you want (for example 7zip) and extract META-INF\CERT.RSA from it. You can then verify that the certificate fingerprint matches what is written on the site. Note that this isn't the same as the hash of the whole certificate either! You'll need to use keytool (or some other tool such as apksigner or OpenSSL) to check it.

The keytool binary is included in the Java JDK (usually in the %ProgramFiles%\Java\jdk_<version>\bin\ directory), and can be used as follows:

keytool -printcert -file X:\Path\To\CERT.RSA

Output looks like this:

Owner: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Issuer: CN=Whisper Systems, OU=Research and Development, O=Whisper Systems, L=Pittsburgh, ST=PA, C=US
Serial number: 4bfbebba
Valid from: Tue May 25 16:24:42 BST 2010 until: Tue May 16 16:24:42 BST 2045
Certificate fingerprints:
         MD5:  D9:0D:B3:64:E3:2F:A3:A7:BD:A4:C2:90:FB:65:E3:10
         SHA1: 45:98:9D:C9:AD:87:28:C2:AA:9A:82:FA:55:50:3E:34:A8:87:93:74
         SHA256: 29:F3:4E:5F:27:F2:11:B4:24:BC:5B:F9:D6:71:62:C0:EA:FB:A2:DA:35:AF:35:C1:64:16:FC:44:62:76:BA:26
         Signature algorithm name: SHA1withRSA
         Version: 3

You can see that the SHA256 fingerprint matches what we saw on the site.

Once you've verified this you can go ahead and install the APK onto your Android device. Since you've verified that the signing certificate inside the APK matches the one that Signal's developers expect you to see, you can then rely upon the Android operating system to validate that future updates to the APK are properly signed - it won't allow you to load the update otherwise.

Source: https://security.stackexchange.com/a/178939

Why is Signal not available through F-Droid?

As explained above, people who are not able to install Signal through the Google Play Store can download an auto-updating APK directly from the official website. Historically, Signal’s developers have not wanted their app to be included in the main F-Droid repository for a few reasons:

1. Installing apps from F-Droid requires people to enable unknown sources:

First, I'm concerned primarily with the security of our users, and am interested in targeting a demographic that does not know what a checksum or signature is. You might call them "newbies," but personally I think we're doing a good job if these are the bulk of our users.

It may be an unpopular opinion, but I think the two worst security moves that an average user can make are rooting their device, or ticking the "allow 3rd party APKs" box in Android's settings. As bad as Google is, I believe that these actions make users susceptible to something that is much worse.

[...]

Again, I know that this is probably an unpopular opinion, but if you've set your "less technical" friends and family up with cyanogenmod and fdroid, I believe that you've very seriously compromised their security. Both cyanogen and fdroid seriously compromise the security gains that we've made in the mobile environment and are a reversion back to the desktop security model:

1. Cyanogen runs things as root, completely circumventing the development of a fine grained permissions system. They've also made a number of tradeoffs that further weaken its security.

2. In order for your friends to run fdroid, they've had to tick "allow 3rd party sources," which is probably the single most effective malware prevention mechanism for less savvy users.

It's exactly this (setting less technical users up with things like fdroid) that I am afraid of.

2. Normalizing the installation of apps from random websites and app stores would be a reversion back to the desktop security model:

The nice thing about [Play Store] is the server-side APK scanning and signature validation they do. If you start distributing APKs around the internet, it's a reversion back to the PC security model and all of the malware problems that came with it.

[…]

[T]he malware incidence inside of the Play Store is exceptionally low. Compare it to desktop malware, and it's nonexistent. The bulk of mobile malware (drudged up by AV companies to justify their existence) has been in 3rd party app stores and random drive-by downloads. And the problem with depending on mobile AV is that mobile AV is a complete joke, even more so than desktop AV. These apps have no system integration, so they literally can't do anything other than look at a 3rd party APK at install time. It's quite easy to evade any signature detection and then simply disable the AV app. This is already happening.

Again, I feel like we should be desperately trying to avoid what we inherited with the desktop paradigm, rather than reproducing it.

3. F-Droid lacks built-in crash reporting and statistics. In order to develop stable software that can be used by millions of people, Signal’s developers have said that they need:

• A built in crash reporting solution with a web interface that allows us to visualize crashes and sort by app version, device type, etc. This is essential for producing stable software.

• A built in statistics gathering solution with a web interface that allows us to visualize aggregate numbers on device type, android version, and carriers for our users. This has been crucial in shaping support and development direction.

4. Most of the apps on F-Droid are not signed by the apps' developers, which introduces a weak point in their distribution chain:

This is actually how the Play Store works right now. Google does not have complete control over all updates: I sign all APKs with my own code signing key that is kept offline. These signatures are enforced by the PackageManagerService on each user's device, not by the Play Store itself. The mechanics are very similar to TACK (http://tack.io), which is what we're currently advocating for the TLS world.

This is in huge contrast to how the bulk of apps on fdroid are distributed. Most are not signed by the developers, but by fdroid itself, with keys that they keep online. I believe this is a dangerous situation, and is one of the primary reasons (along with having to enable 3rd party sources) that I don't recommend using fdroid.

[...]

The bulk of applications distributed through fdroid are signed by keys that belong to the fdroid maintainers, and which are kept online. This means that the fdroid maintainers themselves, or any attackers who compromise fdroid, are capable of pushing malware to your device.

This is a huge contrast to Google Play, where every app is signed by keys that belong to the app's developers. Google, or attackers who compromise Google, are not capable of pushing rogue updates.

Singal's developers could get around the last issue by setting up their own F-Droid repository. However, when compared to the current website distribution method, people would still have to visit signal.org when they want to install the app for the first time, they would still need to verify the APK's signing certificate if they want to make sure that it was created by the right developers, and most users would still have to tick "allow 3rd party sources," which the developers have said is "probably the single most effective malware prevention mechanism for less savvy users."

For the time being, Signal’s developers have said that they do not have any plans to distribute Signal Android through F-Droid, and don't see what the advantage of doing so would be.

Why do I see a persistent "background connection enabled" notification?

Android forces apps to show a notification if they want to run a foreground service. In the case of using Signal without Google Play Services, the app needs to run a foreground service in order to keep a WebSocket connection alive in the most battery friendly way.

The notification can be hidden using a third-party tool such as NotifyClean Xposed module. Alternatively, you can install Google Play Services and re-register with Signal: Signal will then start using FCM to send you empty push notifications whenever there are new messages waiting to be fetched from the Signal service, and the app would no longer need to run a foreground service.

Signal iOS

see also "What features can we expect in the future?" above.

Is it possible to create/restore Signal backups on an iPhone?

Not at the moment. From the Support Center:

An iTunes or iCloud backup does not contain any of your message history. Messages are only stored on your devices. New messages, not conversation history, will be displayed after installing Signal on a new iPhone or reinstalling the app on your iPhone.

Signal Android already includes the ability to create/restore backups, and developers are working on backup-related features for Signal iOS as well:

• https://community.signalusers.org/t/ios-backup-keeping-message-history-when-switching-phones/1736

Can I use Signal on an iPad?

Signal’s developers have said:

You can install and use Signal on an iPad, but not as a secondary linked device (e.g. using Signal on both an iPhone and iPad simultaneously). It's on our todo list.

Signal Desktop

Is it possible to use Signal Desktop without a smartphone?

Not officially. The developers have said that this may be possible in the future. In the meantime, you can use Signal Desktop without a smartphone by enabling the desktop client's development mode and switching from staging to production. Alternatively, you can follow this guide to set up Signal Desktop with signal-cli instead of Signal Android or Signal iOS.

Note that the desktop client does not include all of the same features as the mobile apps (yet). If you don't have the mobile app, you won't be able to link new instances of Signal Desktop to your account, search conversation contents, make voice/video calls, or create new groups.

The ability to (officially) use Signal Desktop without a smartphone is being tracked here:

• https://community.signalusers.org/t/remove-the-need-for-a-mobile-phone/1543

Does the Signal Desktop client require my phone to be online while I use it?

No. Signal Desktop does not require your phone to be online while you use it. Your phone only needs to be online during the initial setup phase so that your private identity key and your Signal contact list can be securely synced from your phone to the new device. Once the setup phase is completed, your new device will function independently of your phone.

How is my private identity key and Signal contact list synced from my phone to a new instance of Signal Desktop?

When you add a new desktop client it 1) generates a keypair, 2) encodes the public key as a QR code, 3) you scan it with your phone, 4) the phone encrypts your private identity key and Signal contact list to the desktop client’s public key and uploads them to the Signal server, 5) the desktop client then downloads and decrypts your private identity key and Signal contact list. In other words, the Signal server never sees your private identity key or Signal contact list because they are end-to-end encrypted.

Why are some of my contacts and messages not synced to Signal Desktop?

If you use Signal Android as your default SMS/MMS app, you may expect Signal Desktop to also sync your non-Signal contacts and SMS/MMS messages. However, Signal Desktop is not designed to sync this information, because it does not support SMS/MMS messaging. It is designed to work independently of your phone and will only sync your Signal contacts and the Signal messages that you send/receive after you've linked the new device to your account.

How does Signal Desktop function independently of my phone?

Each device has its own queue on the Signal service. When someone sends a Signal message, copies of that message are encrypted with the keys of each of the devices that are involved in the conversation and sent separately to each device’s own queue. As soon as the messages in a particular queue have been downloaded by the receiving device, they are deleted from the service.

Why can I sometimes briefly see a message that has already been deleted from one of my other devices?

The Disappearing Messages feature functions locally on each device and does not affect encrypted messages that are queued on the Signal service. Even if a message has been deleted from one device, it must still be downloaded and decrypted by each of the other devices that are involved in the conversation before those devices can delete their copies of that message.

What does the number on Signal Desktop's loading screen represent?

When you open Signal Desktop, you may see a loading screen that says: "Loading messages. <number> so far..." This number will always include items that are not shown to you as messages. These can be delivery receipts, read receipts, profile updates (display name / avatar), group chat setting updates (membership list / avatar / title), disappearing message setting updates (enable / disable / timer length), contact/group blocking updates, etc. Each item is only downloaded once per device. Signal Desktop may try to re-process an item if it wasn't able to decrypt/process it successfully the last time that the app was opened.

Can I use Signal Desktop on a Chromebook?

Not officially. Signal's Chrome App was deprecated when the new standalone Signal Desktop client was launched on October 31, 2017, and expired on November 16, 2018. The developers have said that they have "certain standards for what an official, Signal-branded client is," and that "it is very unlikely that the Chrome App will ever catch up to the current state, let alone keep up with [...] ongoing changes." They've also said that they are looking for more developers and "hope to have the resources to officially support Chrome OS in the future.” In other words, it’s possible that they will bring back the Chrome App when they have enough staff to officially support it.

Google is currently testing the ability to run Linux apps on the Pixelbook, and they are planning to expand this feature to more devices in the future. Some Chromebook users have reportedly been able to install the standalone version of Signal Desktop after switching to the Chrome OS developer channel, enabling Linux (Beta), installing GnuPG, and then following the instructions to install Signal Desktop on Linux. To be clear, this method of using Signal Desktop is an unofficial workaround and may not be supported by the Signal developers (especially when the Linux support on Chrome OS is still in beta).

Why does Signal Desktop use Electron?

According to a comment made by one of the developers, they chose Electron because, at the time, they had minimal resources, a substantial codebase already in web technologies (i.e. the Signal Chrome App), and Google had announced that all Chrome Apps were being deprecated. Electron seemed like "a reasonable next step given the context." When the Signal Electron app was released, it was marketed as a "standalone" version of the old Signal Chrome app because that's essentially what it was: A Chrome App that didn't need to have Chrome/Chromium installed and open in order to be used.

Servers

see also Server Development in the Community Forum.

Can I host my own server?

Yes. All of the code is open source and available on GitHub:

• https://github.com/signalapp

If you need help setting up your own server, you can always ask at the community forum:

• https://community.signalusers.org/c/development/server-development

What about federation?

Moxie Marlinspike has said:

I've tried to write about why I don't feel like this is going to be a part of our future here: https://whispersystems.org/blog/the-ecosystem-is-moving/

However, I would love it if someone proved me wrong. The Signal clients and server already support federation, so there shouldn't be any technical hurdles stopping the people who are really into federation from using our software to start their own federated network that demonstrates the viability of their ideas.

If anyone needs help doing that, let me know. I'd be happy to help.

---

Back