Deep Dive: Debunking the myths about Signal

We debunk the most common myths claiming that Signal isn't secure or shouldn't be trusted.
DigiSafe
6 min read
App store listing of Signal Private Messenger
📆
This post was last updated in June 2025

Signal has become the go-to app for people who want to keep their conversations private or who are interested in becoming less dependent on big tech corporations. But as the app has increased in popularity—over 50 million users as of June 2025—some claims have spread suggesting that Signal cannot be trusted or that it is actually insecure.

In this post, we'll address the most common myths around Signal. We will keep this post updated when new myths come up or when we learn of new information relevant to this discussion.

All in all, Signal is a secure and trustworthy app for private communication. While it still carries potential risks—such as groups being infiltrated by unwanted individuals or messages being viewed by someone who gains access to your phone—these concerns do not reflect vulnerabilities inherent to Signal. Because of a clear commitment to user privacy, evident through its open-source nature, robust encryption, and proactive measures to protect user data, Signal remains our top recommendation for secure communications.

Myth #1: Signal cannot be trusted because it was paid by Meta

Some people say that Signal is compromised because it received payments from Meta (the parent company that owns Facebook, Instagram, and Whatsapp).

It's unclear where this claim comes from, but one potential source is the fact that Signal worked with Meta in the past. Because Signal has built robust and reputable technology for secure communications, many companies have decided to reuse that technology rather than build their own from scratch. This is because in the security world, it is considered very risky to develop brand new encryption technology rather than rely on existing and proven technology.

Because Signal's mission is to make privacy accessible to the masses (not just to Signal users), it worked with Meta to integrate the Signal protocol—the technology that powers and protects communications in Signal—into Messenger and WhatsApp. It also worked with Microsoft (which owned Skype) to integrate the Signal protocol into Skype (before it was discontinued in May 2025) and with Google to integrate the Signal protocol into Google apps like Allo.

But these companies and apps using the Signal protocol in no way means that Big Tech companies have a say in the management or governance of Signal. The Signal Foundation has remained a non-profit and, as far as we can tell, fully independent. The adoption of the Signal protocol only shows that it is well-respected in the tech community.

Myth #2: Signal is owned, or may one day be bought, by Big Tech

Some people claim that Signal is owned by tech billionaires (from Elon Musk to Jeff Bezos or Mark Zuckerberg). And as such, Signal cannot be trusted.

This is categorically false. The Signal app is developed by a software company called Signal Messenger LLC. This company is itself owned by the Signal Foundation, a non-profit with the mission to "protect free expression and enable secure global communication through open source privacy technology."

It would be lying to say that Signal could never be acquired by a big tech company or a tech billionaire. After all, non-profits are organizations like any other and their ownership and governance can change. The Signal Foundation could one day sell Signal Messenger LLC. But all of our communications up to that point would remain safe: the new owners wouldn't be able to access past messages because Signal uses something called 'forward secrecy'.

It's unclear where the myth that Signal is owned by Big Tech comes from, but it may be from the fact that a billionaire did give a substantial amount of money to Signal. In 2009, Brian Acton co-created WhatsApp, the widely popular messaging app. In 2014, Acton sold WhatsApp to Facebook (becoming a billionaire in the process) and joined the company. In 2017, Acton left Facebook over a disagreement on the future of WhatsApp: Facebook wanted to show ads inside WhatsApp, and Acton wanted the app to remain privacy-friendly. After leaving Facebook and WhatsApp, Acton supported the #DeleteFacebook movement and gave 50 million dollars to Signal. He also became a member of the Signal Foundation's board and has been on the board since.

Regardless of the origin of the myth, as of June 2025, everything about the governance, statements, and actions of Signal Messenger LLC and the Signal Foundation demonstrate a commitment to user privacy and security. Signal was always driven by the objective to make privacy accessible to the masses. All of Signal's code is open-source, meaning anyone can review it or even reuse it in other apps. They continue to improve privacy by adding features like disappearing messages, and letting users hide their phone numbers and use usernames instead. They also publish subpoenas so people can see when law enforcement request user data and what data Signal gives up (date and time a user signed up and date and time a user was last connected).

Nothing indicates that Signal cannot be trusted.

Myth #3: Signal's encryption is actually insecure

Some people have claimed that Signal's encryption, the method used to ensure that communications on Signal remain accessible only to the intended recipients, can actually be broken. As a result, they argue that our conversations on Signal may not be as private as we believe.

We don't know where this idea comes from but we can reasonably assume that it stems from a general mistrust of technology—which is certainly understandable given how much of our lives are tracked and monitored through the apps, devices, and online services we use every day. Still, it is not because surveillance is the norm on today's internet that nothing is secure and no one can be trusted.

Because Signal is open-source (anyone can review and audit its code), we don't have to take the company's words at face value. Rather, we can lean on people who have expertise to analyze Signal and assess how secure it is. And security researchers, cybersecurity experts, and cryptographers have repeatedly re-affirmed that Signal's security is robust and trustworthy.

The Signal protocol—the technology that powers and protects communications in Signal—is considered the gold standard in secure communications.

Myth #4: The Trump's administration 'SignalGate' shows that Signal is insecure

In March 2025, the Trump administration made the news for unwillingly revealing war plans that were being coordinated on Signal. Some have claimed that this event was evidence that Signal isn't secure: if the Trump administration relied on Signal to have private conversations, and these conversations leaked to the public, then Signal must not really protect our conversations.

The reality is much simpler than that: the Trump administration officials misused Signal. They mistakenly added a journalist to a Signal group. This mistake is like sending an email meant for alice222@gmail.com to bob@dod.gov — it's a massive human error that has nothing to do with the technology being used.

Signal worked as intended: it kept communications accessible only to the people invited to the Signal group chat. But while Signal privacy and security remain a gold standard, it doesn't mean that it is suitable for all use cases: government communications is usually restricted to specific apps to prevent mishaps like this one (for example, those apps prevent people without the required security clearances from being sent communications meant for others).

Myth #5: Signal requiring phone numbers shows that it is insecure

When you install Signal, you must register your phone number. It is not possible to use Signal without a phone number. Some have claimed that having to disclose our phone number when registering means that it is unsafe to use Signal.

Signal requires phone numbers because that is one of the only effective ways to prevent spam. Using a phone number may seem like it would make it easier for Signal to identify who we are and expose our communications; but in practice, Signal isn't able to do any of that because of the technology it uses: the Signal company itself simply does not have access to any of our messages and does not know what group chats we are in.

Signal regularly publishes data requests it receives from law enforcement about Signal users. While Signal must comply with those data requests, as they come from US courts, it can only disclose the information it has access to. Each time, the only information that Signal discloses is: - when a user first registered on Signal - when the user last connected to Signal

As far as we are aware, Signal has never revealed any additional information—for the simple reason that it doesn't have any additional information about users.

Users can choose to communicate with others without revealing their phone numbers by using Signal's usernames.

Deep Dive Secure communications iOS Android
About the author

DigiSafe

Read next

How-to: Hide apps on your phone

Guide: Border Crossing 101--Protecting Your Data and Privacy

DigiSafe

Subscribe to our newsletter for straightforward, actionable tips to strengthen your digital privacy and security. Twice a month. No spam. No technical jargon.

DigiSafe

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to DigiSafe.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.