Signal App

End-to-end encrypted messaging service Signal is dropping SMS support, the company announced in an October 12th blog post.

The company says it has reached a point where SMS support no longer makes sense for it, while Signal app-to-app messaging will continue to thrive.

Signal says the most critical reason for dropping SMS support is that “SMS messages are inherently insecure,” and that there’s no way for the company to make SMS as secure as its in-app messaging. “They [SMS] leak sensitive metadata and place your data in the hands of telecommunications companies. With privacy and security at the heart of what we do, letting a deeply insecure messaging protocol have a place in the Signal interface is inconsistent with our values and with what people expect when they open Signal,” says the company.

In the interest of privacy, security, and clarity we’re beginning to phase out SMS support from the Android app. You’ll have several months to export your messages and either find a new app for SMS or tell your friends to download Signal. https://t.co/u9XZ7XM7rT

— Signal (@signalapp) October 12, 2022

Additionally, the California-based company says that it has had instances where Signal users had assumed they were sending Signal messages, only to find out that they were using SMS, and racked up massive SMS bills. The company says ending support for SMS on its platform will prevent this from happening in the future.

Lastly, dropping support for SMS will allow the Signal team to focus on building other new features for in-app messaging, like the addition of usernames in the future.

Signal users would soon start seeing in-app notifications that guide them through the process of exporting their SMS messages to a different app, alongside recommendations to invite their friends and family over to Signal to take advantage of its app-to-app end-to-end encrypted messaging.

The company did not mention when support for SMS will end, though it did say that users will have “several months” to transition.

Image credit: Shutterstock

Source: Signal

Cross-platform encrypted instant messaging service Signal announced earlier today, August 15th, that a third-party data breach resulted in about 1,900 of its users’ phone numbers being exposed.

The application, which is touted as a secure, private and encrypted messaging service confirmed that a data breach at its verification partner Twillio caused phone numbers and SMS codes of about 1,900 users to be exposed.

Recently @twilio, which provides SMS verification services for Signal, suffered a phishing attack. Via Twilio, attackers may have accessed phone numbers & SMS registration codes for 1,900 Signal users. 1/

— Signal (@signalapp) August 15, 2022

According to the Mountain View, California-based company, “Message history, profile info, contact lists, & other data were NOT & could not be accessed.” However, the information the attackers got away with could theoretically allow them to register a Signal user’s phone number on a different device.

It is unlikely that a regular Signal user’s number would have been re-registered. According to the company, the attacker “explicitly searched for three numbers, and we’ve received a report from one of those three users that their account was re-registered,” said the company.

Signal is currently in the midst of contacting affected customers and asking them re-register their Signal number and enable registration lock. If you are a Signal user, you should do so preemptively.

The lock can be accessed by going to Signal Settings > Account > Registration Lock.

Source: Signal