Signal has become the privacy-focused consumer’s go-to messaging app . But a recent change to its back-end systems that was designed to make the app more accessible and competitive with other encrypted messaging services could be putting user data at risk.

At the core of Signal’s appeal is a level of digital protection and commercial disinterest in its users’ communications rarely seen by messaging service providers. Signal is now used broadly not just by hackers and professional paranoids, but activists, journalists, politicians, and any number of people who believe that their text messages and phone calls should be as private as an in-person conversation. Few other apps offer a similar level of security and privacy.

But while privacy is central to Signal, it is not immune from security challenges. In May, the company released a new PIN-based system that would have allowed users to back up their contact lists—and eventually their messages—to the cloud. The new feature was built on a system with known security flaws, as many ardent Signal users angrily pointed out on Twitter in the ensuing weeks.

Signal’s recent stumble stemmed from its attempts to be different from other messaging services, even those with relatively good privacy such as WhatsApp or iMessage. Most messaging services use encryption to protect messages from being spied on when the message is being sent. But even those services that do encrypt messages usually store them and the user’s address book in plaintext, unencrypted.

Yet building contact and message backups—something that all of Signal’s primary competitors offer—into a system whose primary feature is that all communications are encrypted end-to-end is a difficult task to accomplish in modern computing.

That’s why Signal’s address book has been tied to the address book on the user’s phone ever since it was first released. This flaw has long been criticized by privacy experts because it’s easy to track somebody from just their phone number.

For the same reason, Signal also hasn’t offered an easy, default system for backing up messages or contact lists because building those features so they protect user security and privacy has been nearly impossible. Essentially, there’s no good way for Signal to connect data like profile name, user contacts, and group membership, which it does not have access to, to a single user. In addition, its service does not include “trackers, ads, or analytics in our software at all,” as Signal founder Moxie Marlinspike wrote on June 5.