This story was originally published and last updated .
Signal is one of the best choices for a communication app that’s focused on privacy and isn’t owned by Facebook, which is why it has attracted a large and dedicated user base. Earlier this year, the app got a fresh spark to the tune of a $50 million dollar investment from a co-founder of WhatsApp. But lately there’s been a bit of negative chatter in response to the app introducing a system for backing up data based on PIN codes, and many users are filling online forums with complaints.
Up until now, Signal’s focus on privacy has meant the absence of features like online cloud backups and cross-device syncing. That meant if your phone was broken, lost, or stolen, all your contacts and conversations would be rendered irretrievable. While that lack of stored information on Signal’s servers is viewed by many as a benefit when it comes to security, the company recently rolled out a PIN-based method of making data such as profiles and settings securely recoverable should you lose or switch devices.
Signal PINs have to be a minimum of 4 digits, but they can be longer and even include letters if users wish. The company also promises that introducing these PINs will allow it to bring new features to the platform, like addressing that doesn’t solely use phone numbers. In many ways, this sounds like a good thing, since it enables new capabilities while promising to keep the security Signal users expect intact, since it’s based on the company’s Secure Value Recovery.
Not everyone is happy with the change, though. Understandably, many people voicing concerns are worried about any kind of cloud storage syncing options, since one of the things Signal is known for is respecting user privacy. There’s also the fact that PINs aren’t being billed as optional (though the app will continue working for now if the prompts are ignored), and have to be entered frequently (so that users don’t forget them, Signal says, since the PINs themselves aren’t recoverable). Finally, it doesn’t seem like information being presented in regards to PIN creation in the app is very clear, requesting users to create a PIN for “another layer of security” but not explicitly spelling out why this is necessary.
Is this an innocent change for the better, or a sign that Signal is losing touch with what made it special in the first place?
PIN reminders are optional
In the latest Signal v4.60.8 (APK Mirror), the app has added a new PIN reminder toggle, letting you turn off the frequent nudges. Unfortunately, this seems to be an all-or-nothing approach: you either get incessant reminders or you get none, there’s no frequency adjustment. In comparison, WhatsApp manages to hit a sweet spot of asking for the PIN every week, which is enough to keep it etched in your memory, but not disruptive to the experience.
But that’s the only annoyance that’s been lifted. If you’re signed in to Signal on your device, you can still ignore the PIN creation prompts and keep going for the time being, but there’s no telling when that won’t be possible anymore. Also, if you install the app on a new device, you can’t bypass the PIN requirement. I tried that on my phone and couldn’t get to the chat page before adding a PIN, reluctantly. Thanks, Caleb Martin, Ted, @najodleglejszy!
Left: PIN reminders can be turned off. Right: Creating a PIN is still required when signing up.