These days, WhatsApp is no longer the only show in town. You have a number of high-quality instant messaging apps to choose from. And while I’m a massive fan of Telegram if you’re looking for a WhatsApp replacement, Signal continues to grow on me with every passing day.
It’s one of most secure messaging apps around. End-to-end encryption is standard, the app offers tools to verify the identity of people in chat groups and the integrity of the data channel, and it doubles as an SMS client.
Except, there’s a security problem. Or at least, there’s a security problem for Mac users.
What’s the Issue With Signal Messages?
Quite simply, messages which are supposed to disappear and leave no trace are leaving a very noticeable trace. Two traces, in fact.
One of the traces is caused by the Notification Center. By default, the Notification Center will show the content of a message along with the sender’s name. This information will persist long after Signal’s copy of the message has self-destructed.
In a worst-case scenario, a hacker could gain control of your machine and see what’s being said. It’s a nightmare if you use Signal to send sensitive data.
The second trace is a database-level copy of every self-destruction message that someone with sufficient computing knowledge could easily access. As we said, not very secure.
How to Ensure Signal Messages Really Disappear
To remedy the notification center issue, you need to tweak some settings in the Signal app.
Go to Preferences > Notifications and select Neither name nor message. Hit Save when you’ve made the changes.
The database issue is more problematic. If you’re feeling adventurous and fancy a project, you can follow Patrick Wardle’s somewhat complicated walkthrough. If that’s all a bit beyond you, you could run his script to see what data has been secretly stored.
And remember, if these revelations have soured Signal in your mind, there are plenty of other secure messaging apps out there.