Can You Trust Signal As A Secure Messaging App?

Absolutely. While Signal is extremely reliable and secure, it was not built to share classified or government information, albeit encrypted.

💬 Quick CONVERSATION STARTERS:

• What is Signal?

• The basics of Signal

• Can Signal be hacked?

• Warnings by the NSA and Google

• Do the US government and other countries use Signal?

---

What is Signal?

Signal is drawing attention and questions after top Trump administration and national security officials — including US Vice President JD Vance, Secretary of State Marco Rubio, Defense Secretary Pete Hegseth, Director of National Intelligence Tulsi Gabbard, National Security Advisor Mike Waltz, and Director of the Central Intelligence Agency John Ratcliffe — used the service to discuss a highly sensitive military operation against the Houthi’s in Yemen while inadvertently including a journalist, The Atlantic’s editor-in-chief Jeffrey Goldberg, in the chat thread.

The use of Signal to discuss sensitive military operations is raising questions about the app, including its level of security against hackers and other bad actors.

The basics of Signal

• Signal is an encrypted service for protected messaging It can also handle phone and video calls and conversations, making it a versatile app for talking on a secure channel with others.

• It is similar to Whastapp by Meta and Telegram.

• Signal’s end-to-end encryption methods — which prevent any third-party from viewing conversation content or listening in on calls — may be used for both one-on-one and group communications.

• Up to 1,000 people can join a group chat — similar to the chat screenshots shared by The Atlantic — and messages can be set to disappear after a period of time.

• Signal has been gaining users because of its end-to-end encryption, which is boosting its adoption during uncertain times or specific events which reinforce its position as the go-to communication service.

• Because Signal uses highly effective encryption, it has created concerns in countries with strict security on internet usage.

• Signal had about 70 million users worldwide as of 2024, according to the tracking site Business of Apps.

• As of 2025, usage of Signal is highly concentrated in only a few countries, according to the World Population Review:

  • 19.9% Germany

  • 17.35% United States

  • 5.63% Ukraine

  • 4.98% Canada

  • 3.94% France

• The app is run by the nonprofit Signal Foundation, which launched in 2018 with the help of WhatsApp Co-Founder Brian Acton, who left WhatsApp and Facebook the prior year. Moxie Marlinspike is also a co-founder.

---

Can Signal be hacked?

Experts agree Signal is more secure than conventional texting… And even Elon Musk, top advisor to US President Donal Trump, has vouched for the app since 2021.

“Right now there are a lot of new eyes on Signal, and not all of them are familiar with secure messaging and its nuances,” Signal said after the Trump administration group chat was published in The Atlantic. “Which means there’s misinfo flying around that might drive people away from Signal and private communications.”

Warnings by the NSA and Google

Some of Signal vulnerabilities have been identified by the US National Security Agency (NSA), an arm of the Defense Department, and listed in a recent document circulated in February 2025:

• The use of Signal by common targets of surveillance and espionage activity has made the application a high value target to intercept sensitive information.

• Russian professional hacking groups are employing the “linked devices” feature to spy on encrypted conversations. The feature allows the chat and voice messenger application to be utilized on multiple devices concurrently. The hacking groups embed malicious QR codes in phishing pages or conceal them in group invite links. After gaining access via the malicious code, the groups add their own devices as a linked device. This allows the group to view every message sent by the unwitting user in real time, bypassing the end-to-end encryption.

In the same document, the NSA also identified a few steps to safeguard any activity on Signal:

• Set up privacy and security settings and help your family do the same

• Be cautious when updating your ‘about me’ information, as everyone will be able to see it

• Change your pin periodically and ensure you remember it so you don’t get locked out

• Don’t send anything compromising over any social media or Internet-based tool/application

• Don’t establish connections with people you do not know — and understand that people are not always who they say they are

In responding to the NSA memo, Signal pointed out: “The memo used the term ‘vulnerability’ in relation to Signal—but it had nothing to do with Signal’s core tech. It was warning against phishing scams targeting Signal users.”

The company added: “Signal is open source, so our code is regularly scrutinized in addition to regular formal audits. We also constantly monitor security@signal.org for any new reports, and we act on them with quickness while also working to protect the people who rely on us from outside threats like phishing with warnings and safeguards. This is why Signal remains the gold standard for private, secure communications.”

In February 2025, Google Threat Intelligence Group warned that it “has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia's intelligence services.”

Google added: “While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia's re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war.”

Specifically, Google pointed out that “Signal’s popularity among common targets of surveillance and espionage activity — such as military personnel, politicians, journalists, activists, and other at-risk communities — has positioned the secure messaging application as a high-value target for adversaries seeking to intercept sensitive information that could fulfill a range of different intelligence requirements.”

Google also stated: “More broadly, this threat also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques. In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats.”

---

Do the US government and other countries use Signal?

Last week, White House Press Secretary Karoline Leavitt assured the American people from the podium of the White House briefing room that “this is an approved app, it’s an encrypted app, the Department of Defense, the Department of State, the CIA have it loaded onto government phones because it is the most secure and efficient way to communicate.”

Also last week, Director of National Intelligence Tulsi Gabbard testified to the House Intelligence Committee that Signal comes “pre-installed” on government devices.

Gabbard pointed to guidance issued by the Cybersecurity and Infrastructure Security Agency (CISA) in December last year that recommended “highly targeted individuals,” including government personnel, “use only end-to-end encrypted communications.”

“They named Signal as an app as an example of such an end-to-end encrypted messaging app,” Gabbard told the House Intelligence Committee. This came the day after CIA Director John Ratcliffe testified to the Senate Intelligence Committee that Signal was uploaded to his CIA devices within days of his confirmation.

The CISA guidance was issued following the major breach of US telecommunications providers by Chinese hacking group Salt Typhoon last year, which allowed hackers to tap into the phones of top US officials, including President Trump and Vice President JD Vance.

Speaking from Jamaica, Secretary of State Marco Rubio said the Signal chat “was set up for purposes of coordinating how everyone was going to call — when these things happen, I need to call foreign ministers, especially of our close allies. We need to notify members of Congress. Other members of the team have different people they need to notify as well, and that was the purpose of why it was set up.”

Rubio added: “Obviously, someone made a mistake. Someone made a big mistake and added a journalist.”

Rubio also explained: “I think the White House is looking at this entire thing. How did that journalist get on there? Was this the appropriate — and I think they’ll be reforms and changes made so this never — this, well, is not going to happen again. It can’t. But I want everybody to understand why this thing was even set up in the first place and also understand very clearly the mission was successful, and at no point was it in endangered. And that’s coming from the highest-ranking officials at the agency that was in charge of the actual operation, which is the Pentagon.”