top of page
Search

Is Signal worth it?

  • Writer: Matthew Parish
    Matthew Parish
  • Sep 30
  • 7 min read
ree

Signal’s reputation as the gold standard for private messaging rests on two pillars: first, a cryptographic protocol of the highest calibre applied by default to every conversation; second, an institutional commitment to collect virtually no metadata. Those strengths are real. Yet an uncomfortable truth sits alongside them: if an adversary compromises the phone itself, end-to-end encryption becomes a lock on an already open door. Modern mercenary spyware—Pegasus and its competitors—deliberately targets the handset at or before the point of decryption. Judging Signal therefore requires two separate lenses: how well it defends messages in transit and at rest from network-level interception and legal compulsion, and how well the surrounding system of technology resists device-level exploitation that renders all messaging apps equally naked.


What Signal does better than most


At the protocol layer Signal remains exemplary. Its Double Ratchet, pre-keys and forward-secure design mean that each message gets fresh keys; a compromise of one session does not decrypt yesterday’s traffic. Perfect forward secrecy, deniability properties, and rapid key update on every message together minimise the blast radius of a leak. Signal also deploys features such as sealed-sender, which hides the sender’s identity from Signal’s own servers during delivery, and it has invested in private contact discovery so the service does not learn your address book in the clear. On iOS it refuses to use iCloud backups for messages and attachments; on Android backups are optional, local only, and encrypted with a long, user-held key. The organisation’s data-minimisation posture further reduces risk in the event of legal compulsion: if little or nothing is logged, there is little or nothing to hand over.


Two comparisons underline the point. Telegram’s default chats are not end-to-end encrypted at all; only “secret chats” use a separate E2EE (end-to-end encryption) mode, and group conversations cannot be made end-to-end encrypted in the ordinary client. Whatever Telegram’s attractions, it is not a like-for-like substitute if private content by default is your requirement. WhatsApp, by contrast, uses the Signal Protocol end-to-end for personal and group chats, which is to its credit, but it operates within Meta’s broader telemetry and account-linkage system. Even where message contents remain encrypted, WhatsApp has historically gathered more metadata and offers a richer surface for behavioural analysis across accounts and devices. Signal’s deliberate sparsity—no business messaging graph, no cloud chat backups, no ads infrastructure—denies adversaries those secondary inroads.


In short, judged purely as a transport-and-storage system against network interception or server compromise, Signal is unusually strong: messages are encrypted by default, the protocol is peer-reviewed and open source, updates are fast, and the server design aims to learn as little as possible about who is talking to whom and when.


Where all messengers meet their match


Spyware like Pegasus, Predator and their imitators pursue a different strategy. Rather than cracking the cryptography, they exploit vulnerabilities in the operating system, baseband, or high-risk parsers inside apps such as image, font, and media libraries. Recent years have seen “zero-click” chains that require no user interaction: a crafted push notification, image or call request arrives, a parsing bug yields code execution, and the agent installs quietly in memory or with persistence. Once resident, the implant can read plain text before encryption or after decryption, capture keystrokes, exfiltrate databases, or even take screenshots. From that vantage point, Signal, WhatsApp, iMessage or any other E2EE app are equally visible. The message is secure on the wire but not on a compromised endpoint.


Three corollaries follow


First, if your principal adversary is a capable state actor—or a commercial firm operating with state tolerance—no messenger can promise immunity. The decisive battlefield is the handset, not the wire. Any comparison that ignores this will flatter to deceive.


Second, platform risk matters as much as protocol design. Attackers go where the parsers are. Historically, complex subsystems with many media features and integrations have presented a larger attack surface. Message preview engines, auto-downloaded attachments, or deeply integrated link unfurling, add convenience and risk simultaneously. The fewer ways untrusted content is automatically processed, the fewer places exploits can land.


Third, speed of patching and architectural hardening matter. Kernel mitigations, pointer authentication, sandboxing, hardware-backed code signing, secure boot, rapid OS updates and lockdown modes can raise the price of exploitation. A messenger cannot single-handedly fix those, but it can make choices—minimal features, conservative defaults, prompt app updates, reproducible builds—that reduce its own contribution to the attack surface and improve supply-chain verifiability.


Is Signal “better” against Pegasus-class threats?


Within that framing, Signal’s advantages are real but conditional.


• Smaller attack surface inside the app. Signal’s feature set is intentionally narrower than many competitors. It has been conservative about auto-parsing content and has added risky conveniences—like link previews—behind privacy-preserving mechanisms or with opt-outs. Fewer integrations mean fewer entry points directly through the messenger.


• Minimal server knowledge. While this does not defeat an on-device implant, it blunts broader surveillance. If an adversary cannot compromise your device but can serve legal orders or infiltrate servers, Signal’s lack of metadata and sealed-sender design provide tangible protection. This is stronger than Telegram’s default posture and usually stronger than WhatsApp’s broader account analytics context.


• Transparency and scrutiny. Signal’s protocol and clients are open source and subject to wide academic and community review. Android builds are reproducible, which allows third parties to verify that the published binaries correspond to the public code. Openness does not guarantee perfection, but it increases the chance that defects are found and fixed quickly.


• Conservative backup posture. By not placing ciphertext blobs and keys into general cloud backup systems by default, Signal avoids a common failure mode in which a secure chat becomes recoverable through weak backup practices. Again, this does not help once a device is compromised, but it reduces other real-world risks.


Against these strengths we should set limits.


• Endpoint parity. If the phone is compromised through a zero-click chain at the OS or baseband level, Signal cannot shield message content. In that scenario, Signal, WhatsApp and any other E2EE app are functionally equivalent from the attacker’s perspective. The choice of messenger does not change the risk materially.


• Identity and phone numbers. Signal still hinges identity on telephone numbers. That is convenient but creates attack surface in the form of SIM-swap exposure and contact graph inference. The service has introduced additional account PINs and registration-lock features, yet number-based identity remains a structural weakness.


• Usability-security trade-offs. Some of Signal’s safest defaults (no cloud backups, strict verification) can collide with users’ desire for convenience, multi-device access and recoverability. When users switch those off or circumvent them with screenshots and secondary storage, the real-world security delta narrows.


• Platform dependence. Signal inherits much of its security from the underlying iOS or Android hardening and their patch cadences. Where those are weak—out-of-support Android devices, sideloaded firmware, delayed security updates—Signal cannot compensate.


Comparative notes on major alternatives


WhatsApp is the closest comparator because it uses the same core cryptography for message content. For ordinary criminals or bulk network surveillance, the confidentiality of WhatsApp and Signal messages in transit is similar. The practical differences are in metadata practices, data safety upon back-up and surrounding product integrations. WhatsApp’s optional end-to-end encrypted backups have improved matters, but they still rely on user choices and exist within a wider account ecosystem that yields richer behavioural data. For targeted device exploitation, both stand or fall with the handset.


Apple’s iMessage ecosystem benefits from deep platform integration and strong device-level hardening, particularly on recent hardware, However the very richness of its media and parsing pipeline has historically made it a high-value, high-complexity target for zero-click chains, which commercial spyware vendors have repeatedly pursued. E2EE is the default, and Apple’s Lockdown Mode materially reduces attack surface for high-risk users by disabling many of the vulnerable pathways, but the lesson is the same: the endpoint is decisive.


Telegram’s split model—cloud chats by default, E2EE only in secret one-to-one chats—makes it easier to use across devices but sacrifices default end-to-end protection and stores more server-side data. For most threat models concerned about state interception or legal compulsion, this is a meaningful weakness vis-à-vis Signal.


Practical guidance for high-risk users


If your adversary is capable of Pegasus-class targeting, your primary defence is not a different chat app but a different operational posture. The following measures do more to preserve Signal’s advantages than switching messenger ever could.


  1. Treat the handset as the crown jewels. Keep it updated to the latest OS version. Use only mainstream, supported devices with prompt security patches. Avoid sideloading apps and unofficial stores. Disable developer options. Do not jailbreak or root.


  2. Reduce attack surface. On iOS, enable Lockdown Mode if you are a realistic target. On both platforms, disable automatic media downloads and limit link previews. In Signal, prefer disappearing messages and disable keyboard learning for sensitive chats. Keep the number of installed messengers to the minimum you truly need.


  3. Split risk across devices. Consider a dedicated, clean handset for Signal with no other messengers, social media or email configured. Use it only for sensitive communications. Keep a separate “daily driver” for everything else. Physically power-cycle high-risk devices daily to evict some classes of in-memory implants.


  4. Harden identity. Enable Signal’s registration lock. Protect the phone number with strict carrier security, PINs and number-port freeze where available. Consider non-public numbers for high-risk accounts. Verify safety numbers with critical contacts in person or over an independent channel.


  5. Monitor and respond. Pay attention to unusual device behaviour, unexpected certificate prompts, crashes in messaging apps, or sudden battery and data usage spikes. None of these is conclusive, but clusters can be suggestive. If compromise is suspected, stop using the device for sensitive matters and seek professional forensics rather than attempting ad-hoc cleaning.


  6. Consider the whole workflow. Sensitive content often escapes the E2EE envelope via screenshots, cloud photo backups, notification previews, or desktop session mirroring. Audit these paths. On desktops linked to Signal, ensure full-disk encryption, timely patches and strong local access controls.


A fair conclusion


So is Signal “really any better” at protecting users from cyber attacks and interception than other messaging apps in a world where Pegasus-style tools exist? Against bulk interception, server compromise and many legal demands, yes: Signal’s default-on E2EE, careful protocol design and extreme metadata minimisation yield concrete, defensible advantages over most alternatives, and especially over services that are not end-to-end encrypted by default. Against a fully compromised handset, no: the decisive variable is the device, not the messenger. In that upper tier of threats, Signal’s cryptography still matters to preserve the confidentiality of historic traffic that the implant did not witness, but day-to-day privacy hinges on platform hardening, user discipline and operational separation.


The right way to think about Signal is as a strong lock on the door between your phone and the network, operated by a landlord who deliberately refuses to keep spare keys or a visitor log. If a burglar can force a window in your sitting room, the excellence of that front-door lock will not save you. Choose Signal for the strength of the lock and the landlord’s restraint; then spend most of your effort strengthening the house.

 
 

Note from Matthew Parish, Editor-in-Chief. The Lviv Herald is a unique and independent source of analytical journalism about the war in Ukraine and its aftermath, and all the geopolitical and diplomatic consequences of the war as well as the tremendous advances in military technology the war has yielded. To achieve this independence, we rely exclusively on donations. Please donate if you can, either with the buttons at the top of this page or become a subscriber via www.patreon.com/lvivherald.

Copyright (c) Lviv Herald 2024-25. All rights reserved.  Accredited by the Armed Forces of Ukraine after approval by the State Security Service of Ukraine. To view our policy on the anonymity of authors, please click the "About" page.

bottom of page