My understanding is this has less to do with Signal than phones themselves. Signal messages are decrypted and stored on the phone itself, so a successful attack on the phone would allow access to the messages.
This is completely fine for personal use since the average person isn’t going to be a target, but for classified information, that’s unacceptable. This isn’t unique to any messenger, any app that stores data on the phone is open to it.
Yeah I was wondering what it could be myself, the notification text access was a thought. I didnt realise they were unencrypted on the phone. If I go to save a picture from a chat I am prompted with the this is going outside the sandbox dialogue.
They do seem to have experimental support for local encryption, but I don’t think it’s quite the win people will assume it is, since an attacker could conceivably pull the key from memory when you access Signal. A regular user isn’t likely to be targeted by an attack that would retrieve the encrypted messages, and a state-level attacker can work around the encryption.
It’s a hard problem to solve, and the best answer is to make sure you use hardened devices and ideally not discuss sensitive information on a handheld device in the first place.
My understanding is this has less to do with Signal than phones themselves. Signal messages are decrypted and stored on the phone itself, so a successful attack on the phone would allow access to the messages.
This is completely fine for personal use since the average person isn’t going to be a target, but for classified information, that’s unacceptable. This isn’t unique to any messenger, any app that stores data on the phone is open to it.
Yeah I was wondering what it could be myself, the notification text access was a thought. I didnt realise they were unencrypted on the phone. If I go to save a picture from a chat I am prompted with the this is going outside the sandbox dialogue.
They do seem to have experimental support for local encryption, but I don’t think it’s quite the win people will assume it is, since an attacker could conceivably pull the key from memory when you access Signal. A regular user isn’t likely to be targeted by an attack that would retrieve the encrypted messages, and a state-level attacker can work around the encryption.
It’s a hard problem to solve, and the best answer is to make sure you use hardened devices and ideally not discuss sensitive information on a handheld device in the first place.