This week, encrypted messaging app Signal launched a new update that introduced video calling for the first time. The beta update also promised better call quality, tackling an issue that has plagued the app for some time.
However, the update also introduced support for Callkit, a move which may undermine the app’s much-touted security.
Callkit is an iOS 10 feature that allows Signal calls to be answered from the lock screen. Very convenient, you might think.
But if Signal users opt into Callkit, their call data, including who they called and how long the call lasted, may be synced to iCloud—and this is unlikely to be welcomed by Signal’s security-conscious users.
The makers of Signal told Wired that they’re unsure as to how Signal will integrate with Callkit in the subsequent widespread update. One possibility is that the iPhone call log could only be allowed to display “Signal Users” rather than any identifying information, in order to protect users.
These updates are the latest in a series of moves to make Signal more user-friendly, and dedicated users will no doubt welcome them. However, allowing for integration that undermines the security of the app seems to go against what Signal is all about.
If you use Signal and have updated to the latest beta version, you can turn off the Callkit integration. Click Settings -> Advanced -> Use CallKit. You should also turn off any iCloud backups from your iPhone, for the greatest possible security.