Problem with private messenger apps on phones. Why you should NOT use " Signal " app

signal
signalapp
privacy
wickr
security

#1

I’ve had a few people message me recently and asking about private messenger applications for smart phones. As I have always stated before the most trusted app is Wickr. Now a new one has come on the field called Signal and its cause for some concern.

Signal Private Messenger is from Open Whisper Systems. The background behind the company was the developer had multiple smart phones taken at the airport so he decided to create a fully encrypted phone. He wrote the program for the Nexus One (at the time guessing its what he was using) and developed 2 apps called Silent Text and Redphone. Both were extremely good apps and were praised in the community (which was alot smaller years ago) until… he got bought out. No one really knew who bought out the company but support for both apps stopped.

My personal belief is a secure messenger app should have as little information about you (the user) as possible. It does need access to your location, to change things, etc. SO a quick download of the apps and lets look at both apps. What do using the apps give them access to?

Wickr.
Permissions for Wickr are as follows:

  • Read phone status and identity
  • take pictures and videos
    
  • record audio
    
  • read your contacts
    
  • modify or delete contents of USB storage
    
  • find accounts on the device
    
  • full network access- receive data from internet and view network connections
    
  • run at startup
    
  • control vibration- prevent phone from sleeping
    

Ok, so not too bad. It doesnt want your location at all. Because why would it need it??

Now lets look at Signal Private Messenger
Permissions for Signal are as follows:

  • Directly call phone numbers
  • read phone status and identity
    
  • reroute outgoing calls
    
  • edit your text messages
    
  • read your text messages
    
  • receive text messages
    
  • send sms messages
    
  • take pictures and videos
    
  • record audio
    
  • approximate location (network-based)
    
  • precise location (GPS and Network based)
    
  • modify your contacts
    
  • read call log
    
  • read your contacts
    
  • write call log
    
  • add or modify calendar events and send email to guests without owners knowledge
    
  • modify your own contact card
    
  • read calendar events plus confidential information
    
  • read your own contact card
    
  • modify or delete the contents of your USB storage
    
  • read the contents of your USB storage
    
  • disable your screen lock
    
  • create accounts and set passwords
    
  • find accounts on this device
    
  • use accounts on this device
    
  • change network connectivity
    
  • connect and disconnect from wifi
    
  • full network access
    
  • receive data from internet
    
  • view network connections
    
  • view wifi connections
    
  • pair with bluetooth devices
    
  • run at startup
    
  • control vibration- prevent phone from sleeping
    
  • set wallpaper
    
  • change your audio settings
    
  • read sync settings
    
  • toggle sync on and off
    
  • send sticky broadcast
    

So signal requires access to a multitude of things it has no reason to access. How secure is it to entrust secure private messages and information on your phone to a company that is trying to market itself to people that want safer and more secure communication. Red flags should go off on why this app would need this info. To check any app go to your phone settings, go to application manager, and go the app you want, click on it and read the full list of permissions that app is using.