Apple iOS users upgrading to the latest beta of the famous Signal secure messaging app should consider disabling CallKit integration if they want to preserve maximum privacy, its developers have warned.
Ostensibly, the big feature in this week’s Signal release for Android and iOS is encrypted video calling, something mass-market app WhatsApp (which uses Signal’s technology) announced in November.
The feature is enabled via Settings menu > Advanced and, of course, users at both ends must have configured it for video to work.
Video is one part of a larger overhaul that sees Edward Snowden’s favourite communication app integrate open source Web Real-Time Communications (WebRTC) while phasing out the old Phil Zimmermann ZRTP protocol previously used for authenticated key exchange.
The Speex VoIP audio codec has also been replaced with Opus, considered more resilient for smartphones. In short, Signal is evolving from its origins as an app built from bolted-together parts into something altogether more sleek.
Nevertheless, Apple iOS users should pay careful attention to the settings around the app’s new integration with iOS 10’s native CallKit framework.
The purpose of CallKit is that VoIP apps work in a more “native” way, offering behaviours such as the ability to answer calls from the lock screen and storing conversations in the “recent calls” list.
The downside is that some of this metadata will be synchronised to Apple’s iCloud, including who was in the conversation and how long it lasted. For anyone bothered by this, Signal’s developer Open Whisper Systems advises:
If you decide that’s not for you, you can opt-out of the CallKit features at any time in Settings > Advanced > Use CallKit, while continuing to use the rest of the new calling system.
Open Whisper Systems’ grand wizard Moxie Marlinspike told Wired that the company has yet to decide what do in the next version: “There are a bunch of things we can do other than just having it on by default.”
After pioneering encrypted messaging, Signal has become the yardstick by which the whole sector is judged. But which features matter most when choosing a secure app?
The market divides into mass apps (WhatsApp, Facebook Messenger) which have lots of users but have been accused of taking privacy shortcuts, and challengers with stronger privacy but few users. Numbers matter because it increases the chances of finding contacts.
Beyond that, it depends how far the user is prepared to go to get more privacy:
- Good privacy means end-to-end encryption with forward secrecy at all times (so no confusing mixed mode such as Google Allo’s incognito mode)
- Software should be peer or independently reviewed for security flaws
- Defending against man-in-the-middle attacks requires user/session verification. Signal has this feature but many don’t
- Apps that erase messages after they are read, such as Confide, offer an alternative model with some caveats
Notice that no single app solves every problem, which suggests that the smartest approach might be to use several. But, finally, never forget that the best app encryption in the world will fail if the device running it isn’t well secured too.