Signal rejects "dangerously misleading" security flaw allegations

Signal logo on the AppStore displayed on a phone screen and Signal logo in the background are seen in this illustration photo taken in Poland on January 14, 2021.
(Image credit: Photo illustration by Jakub Porzycki/NurPhoto via Getty Images)

France has recently banned its ministers and their teams from using popular communication software WhatsApp, Telegram and even what's perhaps known as the most private encrypted messaging app out there, Signal, due to claimed security vulnerabilities.

This is something that has rather angered the outspoken president of Signal, Meredith Whittaker, who dismissed the allegations as "dangerously misleading."

As Politico reported, a memo dated November 22 described these digital tools "not devoid of security flaws." Hence, the Prime Minister Élisabeth Borne ordered ministers to switch to alternative French apps which are thought to be more secure.

No evidence of security flaws

"The French PM is mandating ministers use a small French messaging app. OK. But, I'm alarmed that she's claiming 'security flaws' in Signal (et al) to justify the move," Whittaker tweeted on November 30. 

"This claim is not backed by any evidence, and is dangerously misleading, especially coming from governments."

Signal indeed prides itself for taking great care of its users privacy. Independently audited and open-source, the company was the first app of its kind to add quantum-level encryption protection into its code. The service is also a step closer to ditching phone numbers in the name of privacy.

Whittaker herself is also known for taking strong stances against Big Tech's surveillance model, while speaking out on governments' attempts to clamp down on encryption to better control citizens. The company has repeatedly claimed to be ready to quit the UK rather than undermine or weaken its privacy policies under the Online Safety Bill (now law).

"We are serious about responsible disclosure and we prioritize all reports to security@signal.org," she added.

See more

French ministers and other governmental employees have until December 8, 2023, to delete these popular apps from their work devices and start using the authorized French applications instead.

Olvid is an encrypted instant messaging app which encrypts both messages and metadata, certified by France's cybersecurity agency ANSSI. French digital minister Jean-Noël Barrot confirmed that he and his team have been using it since July 2022, and deemed the application as "the world's most secure instant messaging system."

The other alternative is Tchap, another French-made secure messaging and collaboration app that the government developed and launched in 2019.

Whether or not security has been used as a scapegoat to increase the adoption of made in France applications is something that will never be able to confirm. However, according to Whittaker, that's not the problem here.

"If you want to use a French product go for it! But don’t spread misinformation in the process."

Chiara Castro
Senior Staff Writer

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com