Senior government officials mistakenly invited the editor in chief of the Atlantic to a group chat on the messaging app Signal, where the focus of conversation was U.S. airstrikes against rebel groups in Yemen. The app’s use by high-ranking national security officials has raised the question: Just how secure is Signal anyway?

On March 11, Jeffrey Goldberg of the Atlantic was accidentally invited by the Trump administration’s national security advisor to connect on Signal. In the following days, Goldberg was added to a group chat that spoke of “operational details of forthcoming strikes on Yemen, including information about targets, weapons the U.S. would be deploying and attack sequencing,” according to his reporting.

Signal is a free app that cybersecurity experts consider to be one of the most secure messaging services because of its end-to-end encryption.

Simply put, text messages or calls are seen only by you, the sender and whoever is in your Signal group chat.

“We can’t read your messages or listen to your calls, and no one else can either,” the Signal website states.

If you’re using only your smartphone’s default messaging app, such as Apple’s iMessage or Google Messages, there is a chance your messages won’t be secure. This happens when you’re an iPhone user who texts an Android user, because you’re messaging from different platforms. Messages are end-to-end encrypted only if both people are using the same app.

Signal also touts user protection because it doesn’t use ads and doesn’t track user data. It collects only minimal user data, such as your phone number, the date you joined Signal and the last date you logged on to the app.

Aside from top government officials, journalists and advocates use the app, but it’s not limited to these groups of people.

With Signal in the news, experts are weighing in on whether the average user should consider it as an option for your everyday communication.

Why should you care about encrypted messaging?

Encrypted messaging “protects more than national secrets; it protects everyday privacy,” said Vahid Behzadan, assistant professor of cybersecurity and networks, data and computer science at the University of New Haven.

Most people unknowingly share sensitive information via text, such as personal addresses, passwords for Netflix and other accounts, or photos, according to Iskander Sanchez-Rola, director of artificial intelligence and innovation for Norton.

Encrypted apps ensure your messages are seen only by the person you intended to reach — and not third parties. That also means your “internet service provider or any potential malicious actors on your network won’t be able to see them either,” Sanchez-Rola said.

Cybercriminals are paying attention to your messages.

In December the FBI and the Cybersecurity and Infrastructure Security Agency stated that hackers affiliated with China’s government, called Salt Typhoon, waged an attack on commercial telecommunications companies to steal users’ data and prompted federal authorities to recommend everyone use only end-to-end encrypted communications.

“Ninety percent of all cyberthreats now originate from scams and social engineering threats — a figure that has almost tripled since 2021,” Sanchez-Rola said. “Everyday activities like forwarding messages or even clicking links and attachments can open the door to risks if your information isn’t properly protected.”

By using a messaging app that ensures end-to-end encryption, Behzadan said, you’re protecting yourself from data breaches and identity theft, and corporate tracking and targeted advertising, and ensuring confidentiality in professional or legal communications, freedom from surveillance or unauthorized access, and insurance against potential policy or government changes that may erode privacy rights.

“In short, encryption helps preserve digital dignity and autonomy in an increasingly connected world,” he said.

How is Signal a standout from other messaging apps when it comes to privacy?

All communications (messages, calls and video chats) are end-to-end encrypted by default, so you don’t have to go out of your way to ensure it’s a feature,” Behzadan said.

Unlike many platforms, Signal does not store metadata about who users communicate with, when or where.

“Its encryption protocol, the open-source Signal Protocol, is widely regarded as the gold standard in secure messaging and is even used by WhatsApp and Facebook Messenger for certain chats,” he said.

Signal’s nonprofit structure also sets it apart: The organization doesn’t monetize user data, which reduces incentives for surveillance or advertising-driven features.

Sanchez-Rola added a few more features that amplify securing your privacy:

— Screenshot blocker. This prevents malicious apps on your phone from accessing screenshots, but doesn’t prevent other people from taking screenshots of your conversations.

— Disappearing messages. Messages automatically delete after a set time, configurable from five seconds to four weeks, after they’ve been read. So even if a malicious app gains access to your phone, it won’t be able to retrieve messages that have been deleted.

— Single-view media. This allows you to send photos, videos and voice messages that are automatically deleted from the recipient’s device after they’ve been opened once.

— Incognito keyboard. This prevents third-party keyboard apps from potentially collecting data about your typing, offering an extra layer of privacy, especially when sending sensitive information.

— Usernames versus phone numbers. You can talk to people on Signal without needing to know their phone number — just by using their Signal username. This provides an extra layer of privacy.

How effective is Signal in protecting your privacy?

Signal’s terms of service state you “are responsible for keeping your device and your Signal account safe and secure.”

“The effectiveness of encryption isn’t just about the technology; it also depends on how individuals use it. Encryption works best as part of a larger cybersecurity strategy,” Sanchez-Rola said.

Behzadan shared a few important best practices. They include:

— Enabling disappearing messages for sensitive chats.

— Verifying safety numbers with trusted contacts.

— Setting a strong PIN or enabling biometric lock.

— Keeping the app and device updated.

— Avoiding screenshots or storing sensitive info on unsecured devices.

“The recent incident involving U.S. officials underscores this: Even the most secure technology can’t prevent human error, like adding the wrong person to a group chat,” Behzadan said. “In cybersecurity, the weakest link is often the human element.”

What are other encrypted messaging apps?

While Signal is the top recommendation among security experts, other apps offer encrypted messaging with varying trade-offs:

— WhatsApp: Uses the Signal Protocol but is owned by Meta and collects more metadata.

— Threema: A Swiss-based app that doesn’t require a phone number and focuses on privacy, though it has a smaller user base.

— Element (Matrix protocol): A decentralized and open-source option, popular among tech-savvy communities.

— Wickr: Used in enterprise and government settings and now owned by Amazon.

The best choice depends on your specific needs, your threat model and what platforms your contacts use, because encryption works only if both parties use the same secure platform.

_____

©2025 Los Angeles Times. Visit at latimes.com. Distributed by Tribune Content Agency, LLC.