The Signal app has issued a statement saying that rumours that the secure messaging service was hacked and compromised are false. It also said that the app has seen an uptick in usage in Eastern Europe in the backdrop of the ongoing Russian invasion of Ukraine. The company posted the announcement from its official Twitter handle, adding that they believed that the rumours were “part of a coordinated misinformation campaign meant to encourage people to use less secure alternatives.”
“We’re seeing these rumors appear in messages forwarded on several different apps. These rumors are often attributed to official government sources and read ‘attacks on Signal platform.’ This is false and Signal is not under attack,” Signal wrote in its official statement.
The reports also come after Signal founder and cryptographer Moxie Marlinspike had posted against rival app Telegram on his Twitter account. He had written that Telegram was the most popular messenger in urban Ukraine, and that people believed it was an ‘encrypted app’, which he said was the result of misleading marketing and press.
We’ve had an uptick in usage in Eastern Europe & rumors are circulating that Signal is hacked & compromised. This is false. Signal is not hacked. We believe these rumors are part of a coordinated misinformation campaign meant to encourage people to use less secure alternatives.
— Signal (@signalapp) February 28, 2022
We’re seeing these rumors appear in messages forwarded on several different apps. These rumors are often attributed to official government sources and read “attacks on Signal platform.” This is false and Signal is not under attack.
— Signal (@signalapp) February 28, 2022
The Signal founder had written on his Twitter account, “Telegram is the most popular messenger in urban Ukraine. After a decade of misleading marketing and press, most ppl there believe it’s an “encrypted app”. The reality is the opposite-TG is by default a cloud database w/ a plaintext copy of every msg everyone has ever sent/recvd.”
He added that there was no worse choice in terms of “privacy and data collection,” even though Telegram has a lot of compelling features. He pointed out that “Every msg, photo, video, doc sent/received for the past 10 yrs; all contacts, group memberships, etc are all available to anyone w/ access to that DB” (DB meaning database).
According to him, another issue of concern was that many Telegram employees have family in Russia and that even if Russia does not hack the app, they can “leverage family safety for access.”
While Signal is end-to-end encrypted by default, and its security protocol is known. In fact, the same protocol is used by WhatsApp. However, Telegram is not entirely encrypted. Only ‘secret chats’ on Telegram are end-to-end encrypted and the messaging app deploys its own encryption protocols, for which it has faced criticism.
This is not the first time that questions have been raised around Telegram and its security protocol. Its founder Pavel Durov, who is of Russian origin, has defended the app in the past. In a message posted on December 29, 2021, on his Telegram channel, he had also referred to an FBI leaked document that claimed that the agency could access message contents from WhatsApp while it could not do the same from Telegram.
Durov had written that “apps like WhatsApp give real-time user data to third parties, and despite their numerous claims about ‘E2E encryption’, can also disclose message contents,” adding that “the report has confirmed that Telegram is one of the few messaging apps that doesn’t breach their users’ trust.”
He also claimed that engineers in the US have to “secretly implement backdoors in their apps when the US government orders them…” which is not a claim backed by any proof. He also claimed that secure apps such as Signal have been funded by government agencies, again for which there is no proof. Keep in mind that the same report that Durov referred to also notes that no message content can be collected by the FBI from the Signal app.