In early 2025, U.S. officials appointed under the Trump administration have flocked to Signal for its strong end‑to‑end encryption and minimal data retention policies. App‑analytics data show Signal downloads in the U.S. jumped 16 percent in Q1 2025 versus Q4 2024, and Associated Press analysis finds over 1,100 government accounts active on Signal across federal, state, and local levels.
What many want to know, after all the leaks and a recent “15 minute breach” is: how safe is signal? Should I use it? What caused the breach and how can I remain safe?
Privacy Concerns and Encryption
As digital communication became subject to increased subpoenas and Freedom of Information Act requests, many officials sought an app that:
- Implements audited, open‑source encryption protocols with no server‑side message storage .
- Retains minimal metadata, reducing risk of retrospective data collection .
Increased Adoption
- Sensor Tower metrics show U.S. Signal downloads rose by 16 percent in Q1 2025 compared to Q4 2024 and by 25 percent year‑over‑year .
- Associated Press review: Over 1,100 Signal accounts tied to government domains in all 50 american states, spanning executive branch appointees, congressional staff, and state‑level officials .
15 minutes breach
In early May, a significant security breach occurred involving TeleMessage, a third-party application designed to archive encrypted messages from platforms like Signal, used by the american president Trump and his officials, such as Waltz. A security researcher exploited vulnerabilities in TeleMessage’s backend infrastructure, gaining unauthorized access within approximately 15 to 20 minutes. This breach did not compromise the core Signal app or its end-to-end encryption but exposed the risks associated with using unofficial tools for message archiving.
The data at risk included archived chat logs stored on TeleMessage’s servers, which were transmitted and stored in plaintext, bypassing Signal’s encryption safeguards. The hacker accessed sensitive information such as usernames, passwords, and backend credentials, highlighting the potential dangers of integrating archiving functionalities into secure messaging platforms.
Is it safe for me?
Signal is widely regarded as one of the most secure messaging apps available to the public, offering robust end-to-end encryption and minimal data retention. However, when compared to official government communication tools, Signal has certain limitations that make it less suitable for handling classified or sensitive government information.
Government communication systems are specifically designed to meet stringent security standards, including compliance with the Federal Risk and Authorization Management Program (FedRAMP) and adherence to federal records retention laws. These systems often operate within controlled environments, such as Sensitive Compartmented Information Facilities (SCIFs), to prevent unauthorized access and ensure the confidentiality of sensitive information.
In contrast, while Signal provides strong encryption, it lacks the comprehensive oversight, auditing capabilities, and integration with government record-keeping requirements that official tools offer. The use of Signal for official communications has led to incidents where sensitive information was mishandled, such as the “Signalgate” scandal involving Defense Secretary Pete Hegseth and National Security Adviser Mike Waltz, who used Signal to discuss military operations outside of approved channels
Recommendations for Users
- Always update to the latest official Signal release.
- Avoid third‑party clones or unofficial clients that lack Signal’s rigorous security review.
- Enable disappearing messages and Registration Lock PIN for extra protection.
- Turn on the “Screen Security” feature to prevent Signal previews from appearing in your app switcher or screenshots.
- Don’t back up Signal messages to cloud services, as these backups may not be encrypted and could expose your messages.
