Designing The World’s Most Secure Chat App

The most surprising experience about using Signal is how perfectly normal it feels–and that’s very much by design.

A friend had been bugging me for weeks. Give up Gchat and iMessages. Install Signal on my phone and desktop instead. And why shouldn’t I? Signal is the world’s most secure messaging platform, championed by privacy advocates like Edward Snowden, with its core technologies adopted by companies including Facebook and Google.


And yet. Signal is open-source software, developed by a skeleton crew. It would be a total usability nightmare, I was sure. Then–beside hundreds of thousands of U.S. citizens who’ve done the same thing in the last few months–I installed Signal. It took about two minutes to get on my phone and desktop. The two synced in seconds with a QR code. And frankly? Signal may lack features like video chatting, but for simple text messaging, it’s barely distinguishable from the Gchat window that consumes so much of my day.

“The Signal project starts with a fundamental assertion that the most [important] aspect of security is usability,” says Tyler Reinhard, the lead designer on Signal (who works a day job as senior designer at Condé Nast). “It doesn’t matter how secure something is if it’s not usable.”

It shouldn’t be a radical assertion–usability is privacy–yet the way Signal is designed really is different from most other apps, Reinhard explained. At most companies, designers work separately from the privacy team. Technically, both might have a user’s interests at heart. But if they don’t work hand-in-hand–like by introducing only new features and experiences that are inherently private–the intent doesn’t really matter. Because a product will ultimately ship with vulnerabilities.

“If the designer’s role is delighting the user . . . [and] exceeding the user expectations, I can’t think of a more deserving area than that user’s privacy,” says Reinhard. “That’s the mentality we approach it with.”

Signal apps have been around since 2015. And technically, the company’s core technology has been knocking around Silicon Valley since 2010 when founder Moxie Marlinspike released the Android apps Redphone and TextSecure, before selling his business and becoming head of security at Twitter, only to leave the company before his stock options vested. But Signal has only recently started to reach critical mass. On November 9, two days after Donald Trump won the presidential election, a third-party app analyst reported Signal on iOS had grown 70% in a single quarter, as it broke the top 50 most downloaded apps. (It’s since dropped lower again.)

One potential explanation? People signed up because they were more worried about the consequences of things they said after the election of a president who has questioned the protection of the First Amendment. “I signed up for Signal because it’s the most secure of the chat apps,” says Carlyn Siegler, a user in Oakland, California. “With the upcoming administration and the recent track record of the NSA, I’d rather chat purely off-the-record. I’m also wary of hackers.”


Yet Signal is competing in a remarkably crowded messaging market, filled with rich multimedia capabilities including face-to-face video chats and AR lenses. Companies like Facebook have unlimited resources to invest into their products and create new features (even if Facebook has the opposite goals and relies upon your personal data as part of its business plan).

It’s not a point that the Signal team is ignoring. Their Android app has been upgraded with stickers and a Snapchat-like sketching feature, and while Reinhard prefers not to share Signal’s product road map, it’s easy to assume there’s more where that came from. But every new feature isn’t just a UI challenge. It’s a technological challenge that needs to work at the deepest levels of encryption, without your data stored on servers–because with one misstep, Signal becomes vulnerable to the same fate as WhatsApp, which was recently reported to have a loophole to its encryption accessible by Facebook, the government, and other entities.

“We have to think about [privacy] first, which means we can’t grab things other people have done and stick them into our pocket–which is the model other big companies use. They acquire a technology from some startup, drop it into their platform, and expand horizontally,” says Reinhard. He’s right. Take a look at Facebook Messenger and Instagram, each of which has borrowed features heavily from rival Snapchat. Even the little UI touches that we take for granted can invade upon our privacy. That doesn’t just apply to marquee features like Google’s AI assistant listening in on a chat. Consider something as commonplace as infinite scroll, Reinhard calls out as an example. That convenient, endless stream of old messages is possible because your entire message history with someone else is stored on a server, somewhere.

“Our project is more about putting our heads together to think about how we can bring those features to users, starting over,” says Reinhard. “We absolutely want to make Signal something more exciting to use, that has more diverse interaction modalities between people, but obviously, our biggest priority is doing what people are coming to us for.”

To keep its new foothold on the market, Signal could use two resources to help with the development of its platform. First, anyone can donate to Open Whisper Systems, the nonprofit development studio that develops Signal. But equally, if not more helpfully, Reinhard is hoping to recruit both employees and volunteers. The same sorts of designers building the rich multimedia experiences of iMessage and Messenger are just the people he’s looking for to help Signal compete in the pixelated creature comforts we’ve all come to expect in the messaging market. And if you’re interested in lending your talents to the cause, you can find more information here.

As for my own experience with Signal, after several days of perfect performance, for whatever reason, its desktop Chrome plug-in suddenly stopped working. While I await some sort of fix, I’ve hopped back over to Gchat for most of my messaging. But in temporarily ditching Signal, I’ve also proven its thesis: Security really is all about usability.


[Photos: via Open Whisper Systems]


About the author

Mark Wilson is a senior writer at Fast Company who has written about design, technology, and culture for almost 15 years. His work has appeared at Gizmodo, Kotaku, PopMech, PopSci, Esquire, American Photo and Lucky Peach