Signal: The Snowden-Approved Crypto App Comes to Android

Uploaded on 2015-11-24 in NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Since it appeared in Apple’s App Store last year, the free encrypted calling and texting app Signal has become the darling of the privacy community, recommended, and apparently used daily, by no less than Edward Snowden himself. Now its creator is bringing that same form of ultra-simple smartphone encryption to Android. 

Recently the privacy-focused non-profit software group Open Whisper Systems announced the release of Signal for Android, the first version of its combined calling and texting encryption app to hit Google’s Play store. It’s not actually the first time Open Whisper Systems has enabled those features on Android phones; Open Whisper Systems launched an encrypted voice app called Redphone and an encrypted texting program called TextSecure for Android back in 2010. 

But now the two have been combined into a Signal’s single, simple app, just as they are on the iPhone. “Mostly this was just about complexity. It’s easier to get people to install one app than two,” says Moxie Marlinspike, Open Whisper Systems’ founder. “We’re taking some existing things and merging them together to make the experience a little nicer.”

That streamlining of Redphone and TextSecure into a single app, in other words, doesn’t actually make Open Whisper System’s encryption tools available to anyone who couldn’t already access them. But it does represent a milestone in those privacy programs’ idiot-proof interface, which in Signal is just as straightforward as normal calling and texting. As Marlinspike noted when he spoke to WIRED about Signal’s initial release last year, that usability is just as important to him as the strength of Signal’s privacy protections. “In many ways the crypto is the easy part,” Marlinspike said at the time. “The hard part is developing a product that people are actually going to use and want to use. That’s where most of our effort goes.”

Open Whisper Systems’ encryption tools already have a wide footprint: According to Google Play’s stats, TextSecure had been downloaded to at least a million Android phones, all of which will now receive the Signal app in a coming update. Since 2013, Textsecure has also been was also integrated by default in the popular CyanogenMod version of Android. And last year Whatsapp gave it an enormous boost by integrating it by default into its Android app for Android-to-Android communications—a move that put Open Whisper Systems’ code on at least a half-billion Android users’ devices.

The security of those apps has been widely applauded by cryptographers who have audited them: As Johns Hopkin professor Matthew Green wrote in a 2013 blog post, “After reading Moxie’s RedPhone code the first time, I literally discovered a line of drool running down my face. It’s really nice.”

Open Whisper Systems, which is funded by a combination of personal donations and grants from groups like the US government’s Open Technology Fund, likely doesn’t enjoy the same popularity among law enforcement agencies. FBI director James Comey has repeatedly warned Congress over the last year of the dangers of consumer encryption programs, and British Prime Minister David Cameron even threatened to ban Whatsapp this summer based on its use of TextSecure.

All of that enmity has only bolstered Signal’s reputation within the privacy community—an affection that’s now been extended to its new Android app, too. “Every time someone downloads Signal and makes their first encrypted call, FBI Director Jim Comey cries,” wrote ACLU lead technologist Chris Soghoian on Twitter. “True fact.”

Wired:

« ISIS' 'Cyber Caliphate' Hacks 50,000+ Twitter Accounts
Tackling Crime On The Dark Web »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Hillstone Networks

Hillstone Networks

Hillstone Networks offers a broad range of security solutions for enterprises and data center networks – whether physical, virtual, or in the cloud.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

V-Key

V-Key

V-Key is a global leader in software based digital security, providing solutions for mobile identity, authentication, authorization, and mobile payments for major banks.

e-Crime Bureau

e-Crime Bureau

e-Crime Bureau is a specialized company offering cyber/computer forensics, cyber security consulting services, forensic audit and investigations services and training to clients across Africa.

Cansure

Cansure

Cansure is a leading insurance provider in Canada offering a broad range of property & casualty insurance solutions including Cyber & Data Breach insurance.

CSIRT-NQN

CSIRT-NQN

CSIRT-NQN is the Computer Incident Response Team for the Argentine province of Neuquen.

Approach

Approach

Approach is a leading provider of cyber security consulting and secure application development services in Belgium.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

DataDog

DataDog

DataDog provides Cloud-native Security Monitoring. Real-time threat detection across your applications, network, and infrastructure.

Forum Systems

Forum Systems

Forum Systems is a global leader in API Security Management with industry-certified, patented, and proven products deployed in the most rigorous and demanding customer environments.

Arkphire

Arkphire

Arkphire provide solutions across every aspect of IT to help your business perform better.

ADVA Optical Networking

ADVA Optical Networking

ADVA is a company founded on innovation and focused on helping our customers succeed. Our technology forms the building blocks of a shared digital future and empowers networks across the globe.

Moss Adams

Moss Adams

Moss Adams is a fully integrated professional services firm dedicated to assisting clients with growing, managing, and protecting prosperity.

HackEDU

HackEDU

HackEDU provides secure coding training to companies ranging from startups to the Fortune 500.

risk3sixty

risk3sixty

Risk3sixty are information and cyber risk management craftsmen helping build business-first security and compliance programs.

IDVerse

IDVerse

IDVerse is focused on making user verification effortless through technology. We build intelligent tools that protect users from identity fraud while enabling a seamless user experience.