Signal Adds New Security Features as Text Message Scams Rise

Signal, a nonprofit messaging app focused on privacy, has added new protections to keep conversations safer. The changes come as scammers increasingly use text messages to trick people into giving up account access or stealing money.

One of the main updates is a new encryption method called the Sparse Post Quantum Ratchet (SPQR). This protects Signal conversations from a theoretical future threat: quantum computers. Today's encryption relies on math problems that would take conventional computers thousands of years to crack. Quantum computers, if they become powerful enough, could solve those problems much faster. Signal's update prepares for that possibility by using a different kind of math that even quantum computers would struggle to break. It is a long-term insurance policy against a technology that does not yet exist but might arrive in 15 to 30 years.

Making Device Switching Easier

Signal has also made it simpler to move your account between devices. When you set up Signal on a new phone or tablet, you can now transfer your recent messages and files from your old device — up to 45 days of history. This solves a real frustration users have faced for years.

There is another practical security feature for Windows computers: a Screen Security setting. This prevents other programs on your PC from taking screenshots of Signal conversations. For office workers or people handling sensitive information, this blocks an easy way for data to leak by accident.

When you switch devices, Signal uses a personal PIN code to confirm your identity without the company ever seeing your actual account data. This "zero-knowledge" approach means Signal cannot access your messages even when helping you recover your account.

Protecting Against Text Message Scams

Scammers have gotten better at impersonating Signal and tricking people into giving up passwords, backup codes, or verification codes sent by text. Signal has started emphasizing that users should only contact support through official email and ignore messages that look like they come from the app.

This problem is real. Security experts estimate that phishing attacks — scams designed to steal login information — cost people and companies roughly $25 billion a year. Scammers often target the weakest point in a security chain: your phone's text message system. A tactic called SIM swapping lets someone trick your phone company into switching your number to their phone, giving them access to any codes sent by text.

The threat to text-based security is worth taking seriously. Scammers are getting more sophisticated, and tools like two-factor authentication — which sends codes to your phone — offer good protection but are not perfect.

Signal's Nonprofit Advantage

Signal operates as a nonprofit organization, not a company trying to make profit. This shapes how it makes decisions. Messaging apps owned by corporations like Meta or Apple must think about shareholder value and government relationships when building features. Signal can focus on one thing: keeping user data private.

This difference matters especially now. The UK recently proposed the Online Safety Bill, which would give the government more power to see inside encrypted messages. Signal has come out against it, saying the bill would "put the future of privacy and expression in grave jeopardy." A nonprofit can take that stand more easily than a company that sells ads or operates in multiple countries.

What This Means for Other Apps

The Signal Protocol — the underlying encryption technology — is used by other messaging apps beyond Signal itself. WhatsApp uses it. Other apps license it too. When Signal improves its security, the benefits spread across billions of conversations on other platforms. This multiplier effect means that money spent on privacy research at Signal reaches far beyond its own users.

The combination of stronger encryption against future quantum computers, better defenses against text message scams, and easier ways to move between devices all point in the same direction: messaging security is getting harder to break and easier to use at the same time.

This has happened before in tech history. In the early 2000s, websites switched from unencrypted to encrypted connections. At first, only banks and shopping sites did it. Over time, it became the standard everywhere. Something similar may happen with quantum-resistant encryption in messaging — what started as an extra precaution could become the baseline everyone expects.