The Signal messaging app is getting a new security feature
called Signal PINs, allowing users to secure their cloud-stored information in
a way not available to anyone else, and that includes the company making the
app.
More and more messaging apps are using true encrypted
communications, so it’s no longer an exotic feature. But what happens with that
data when a user changes the phone or reinstalls the operating system? It
relies on the company building the app to store profile information, and that
means that private data could be available to other parties as well.
The new Signal PIN comes with a couple important features.
First, the new PIN lets users take ownership of their profile data, which means
that if they lose that PIN, they won’t be able to recover their profile from
the server.
The PIN can either be a four-digit number or an alphanumeric
sequence, whichever the user prefers. More importantly, the developers and the
company making the app don’t know the PIN. If the user forgets it, it’s lost
forever.
The second feature is just as important, as Signal moves
away from addressing based on phone numbers. More precisely, users won’t need a
phone number to install Signal. On top of that, it’s a security measure as
well.
“PINs will also help facilitate new features like addressing
that isn’t based exclusively on phone numbers since the system address book
will no longer be a viable way to maintain your network of contacts,” reads the
announcement
from Signal. The rollout for this feature is gradual, along
with the requirement for the phone number, but it shows that, when it comes to
privacy and security, messaging apps still have work to do.