Open Whisper Systems announced that end-to-end encrypted video calls are now available for its Signal communications app on Android and iOS.
The organization started to beta test encrypted video calls in February. Now, less than a month later, the feature appears to be ready for prime time. Open Whisper Systems also said the update will improve Signal call quality, offer the option of using peer-to-peer connections to reduce call latency, and make it so iOS users can answer Signal calls right from their lock screens without having their contacts' identities synced to Apple's iCloud service.
By addressing two concerns, Open Whisper Systems was careful to note that these features shouldn't undermine the privacy of Signal users. One is that P2P connections might reveal IP addresses and therefore general locations, and the other is that letting Signal calls be answered from the iOS lock screen will be problematic. In both cases, Signal opted to balance privacy and convenience, while also giving users the option to customize the app's behavior.
Here's what the nonprofit said about P2P connections in its announcement:
By default, Signal will only attempt to establish a P2P connection if you are initiating the call or if you are receiving a call from someone in your contacts. If you are receiving a call from someone not in your address book, Signal will relay that call through the Signal service.
Additionally, there is a setting which will relay all calls through the Signal service if enabled.
And what it said about supporting CallKit, the developer tool that allows communications apps to take advantage of the iPhone's lock screen:
To balance these concerns, CallKit is enabled by default, but Signal calls are displayed as being to/from "Signal user." This means that, by default, it's possible to answer Signal calls with one touch directly from the lock screen, but only "Signal user" will appear in the "recent calls" list (which is what could be synced to iCloud).
It is easy to opt in to displaying the name/number of an incoming Signal call if having that information in the "recent calls" list is not an issue, or it is also possible to disable CallKit entirely if even having "Signal user" in the call log is not desirable.
These options are important, because Signal has a diverse audience. Some people use the service because they don't like the idea of anyone snooping on their conversations. Others use it because they need to protect anonymous sources, activists, and others who could face severe repercussions if their communications were spied upon. Sharing an IP address or sending limited information to iCloud could be fine for the former and disastrous for the latter.
It's similar to the addition of ephemeral messages to apps like Signal and Wire. The feature doesn't actually make the services much more secure--you could just screenshot messages before they disappear, for example--but it can help you feel more comfortable. (Disappearing messages also prevent someone with physical access to a device, like an overbearing parent or abusive partner, from scrolling through someone's history whenever they like.)