Even before those crowdpleaser features, Signal was growing at a rate most startups would envy. When WIRED profiled Marlinspike in 2016 , he would confirm only that Signal had at least two million users. Today, he remains tightlipped about Signal's total user base, but it's had more than 10 million downloads on Android alone according to the Google Play Store's count. Acton adds that another 40 percent of the app's users are on iOS.Its adoption has spread from Black Lives Matters and pro-choice activists in Latin America to politicians and political aides—even noted technically incompetent ones like Rudy Giuliani —to NBA and NFL players. In 2017, it appeared in the hacker show Mr. Robot and political thriller House of Cards. Last year, in a sign of its changing audience, it showed up in the teen drama Euphoria.
Identifying the features mass audiences want isn't so hard. But building even simple-sounding enhancements within Signal's privacy constraints—including a lack of metadata that even WhatsApp doesn't promise–can require significant feats of security engineering, and in some cases actual new research in cryptography.
Take stickers, one of the simpler recent Signal upgrades. On a less secure platform, that sort of integration is fairly straightforward. For Signal, it required designing a system where every sticker "pack" is encrypted with a "pack key." That key is itself encrypted and shared from one user to another when someone wants to install new stickers on their phone, so that Signal's server can never see decrypted stickers or even identify the Signal user who created or sent them.
Signal's new group messaging, which will allow administrators to add and remove people from groups without a Signal server ever being aware of that group's members, required going further still. Signal partnered with Microsoft Research to invent a novel form of "anonymous credentials" that let a server gatekeep who belongs in a group, but without ever learning the members' identities. "It required coming up with some innovations in the world of cryptography," Marlinspike says. "And in the end, it’s just invisible. It’s just groups, and it works like we expect groups to work."
Signal is rethinking how it keeps track of its users' social graphs, too. Another new feature it's testing, called "secure value recovery," would let you create an address book of your Signal contacts and store them on a Signal server, rather than simply depend on the contact list from your phone. That server-stored contact list would be preserved even when you switch to a new phone. To prevent Signal's servers from seeing those contacts, it would encrypt them with a key stored in the SGX secure enclave that's meant to hide certain data even from the rest of the server's operating system.
Haupt, who works as an astronomy instrumentation engineer at Brookhaven National Laboratory in New York, detailed how she took the rotary mechanism from an old Trimline telephone, paired it with a microcontroller and an Adafruit Fona 3G cell transceiver, put it all into a 3D-printed casing, and built something that could replace her daily flip phone.
That feature might someday even allow Signal to ditch its current system of identifying users based on their phone numbers—a feature that many privacy advocates have criticized, since it forces anyone who wants to be contacted via Signal to hand out a cell phone number, often to strangers. Instead, it could store persistent identities for users securely on its servers. "I’ll just say, this is something we’re thinking about," says Marlinspike. Secure value recovery, he says, "would be the first step in resolving that."