Signal has seen an increase in uptake since the start of 2021 with people looking to protect their privacy in the face of uncertainty, with market intelligence firm Sensor Tower estimating that Signal downloads in the US jumped by 20% on Android and 50% on iOS in January and February of this year, compared to the first two months of 2024.
Signal offers end-to-end encryption meaning that no one — not the government, their phone company, or Signal itself—can read the contents of messages as they pass between devices, but it is not a completely secure platform.
Since Signal uses a communications firm Twilio to verify users’ phone numbers, attackers were able to access those SMS codes for some 1,900 Signal accounts and potentially register a victim’s phone number with their own device, which is a vulnerability in the system.
In mid-February 2025, it was revealed that Russian state-backed hackers had weaponized Signal’s QR code feature, which lets you follow an account by scanning a contact’s unique Signal QR code, rather than embedding javascript commands that allowed them to link their targets’ Signal accounts to devices the attackers controlled, as was the case previously.
