What Signal tells Google

I don't use Signal, but it is now the most popular messaging app in my circle. I'm not going to repeat the GitHub issues, or link to them but they are the reason I don't Signal.

Instead I'm just documenting the data that Signal gives to Google. Signal is a quite simple service, it's not federated, it's not peer to peer, just clients and a centralised server. The clients need a way to know when a message has been sent to them, instead of constantly polling the Signal server saying "Got any messages for me?" "Got any messages for me?" they use push notifications. Your phone has a single kind of open, kind of closed connection to GCM and all apps on your phone go through this instead of having a connection per app. Unfortunately this centralises the end point, so to get a message to your phone the Signal server has to go through Google.

So what should happen when a Signal message is sent it leaves the senders phone, and goes to the Signal server. The Signal server connects to a Google server saying the recipient has a new message and to notify their Signal app. The only (meta)data Google would get is who received a message and when, not who sent it, not the message, not even how big the message is. Then recipient's phone then gets an alert through GCM saying their is a message on the Signal server. So the Signal app would launch a new direct connection to the server, leaving google out.

However it dosen't, the Signal server sends GCM the encrypted message, so Google gets the recipient, the time and the aproximate length. This saves a connection to the Signal server, but gives Google more data and control.

The more important thing to note is that because Signal requires GCM it has a indirect dependency on SafetyNet, which literally is a remote code execution for Google, designed to check if your devices is rooted but can be used for anything and even targeted to avoid detection by researches. And I think for Signal or any other privacy focused app to put the user in this situation and cause friction when somebody want's to move away from that, is irresponsible.

Cj Malone on