Signal for Android

更新 10 August 2016

目录

...加载目录...

    Signal is free and open source software that protects your messages and voice calls using end-to-end encryption. It is developed by Open Whisper Systems and is available for Android smartphones and iPhones. A beta release of Signal Desktop is also available as an extension for Google's Chromium and Chrome web browsers, but it requires that you also install Signal on an Android smartphone.

    Required reading

    What you will get from this guide

    • The ability to exchange encrypted messages with other Signal users.
    • The ability to have encrypted voice calls with other Signal users.
    • The ability to encrypt the messages on your phone by setting a passphrase.

    1. Introduction to Signal

    We recommend Signal for mobile messaging and voice calls because:

    • It is free and open source software, so its code is open for independent review
    • It protects your messages and voice calls using strong, modern, well documented end-to-end encryption protocols
    • It allows you to verify the identity of your contacts.
    • It implements forward secrecy, so past conversations remain safe even if someone steals the encryption key used to protect a given message
    • It is asynchronous, so messages that were sent to you while you were offline will be waiting for you when you connect to the service
    • It encrypts your message history on the device if you set a passphrase

    However, it's important to bear the following in mind:

    • Signal only encrypts messages that you exchange, using your device's mobile data or wireless internet connection, with other Signal users. The Android version can also send and receive regular SMS text messages, but it does not encrypt them
    • While Signal prevents others from accessing the content of your messages and voice calls, it does not hide the fact that you are sending encrypted messages or making encrypted voice calls
    • In order to register Signal, you must be willing and able to receive an SMS text message or a phone call from a number in the United States
    • Signal can only be installed via Google's Play Store, which means that you need to have a Google account which will be linked to the installation of the app
    • Signal’s reliance on the Google Cloud Messaging platform means that Google can have access to some of the metadata produced by Signal (such as the IP address of any device that receives a Signal message)
    • In some countries, encryption tools like Signal might attract attention or violate legal constraints

    Note: If you are interested in using the Signal protocol for encrypted mobile communications independently from Google Play Services, you can install LibreSignal (a fork of Signal) instead via F-Droid, a free and open source Android app repository.

    1.0. Other tools like Signal

    2. Install and configure Signal

    2.1. Install Signal

    You can install Signal on your Android device by following the steps below:

    Step 1. Download and install Signal from the Google Play store by tapping .

    Figure 1: Signal on the Google Play Store

    Step 2. Before the installation process begins, you will be asked to review the access that the app will have on your phone. Review this carefully. Once your are happy with the permissions allowed, press and the installation will complete. If you do not agree with the permissions allowed, press the back button and the installation will be cancelled.

    Figure 2: Permissions required

    Step 3. Tap Open to run the app for the first time.

    Figure 3: Opening Signal

    2.2. Initial setup

    2.2.1. Register Signal

    To register Signal, you must be willing and able to receive an SMS text message or a phone call from a number in the United States.

    You can begin the registration process by following the steps below:

    Step 1. Begin the registration process by entering your phone number, including the country code, and pressing .

    Figure 1: Registration screen

    Step 2. Signal will send you an SMS message to confirm registration.

    Note: If for some reason you do not receive the SMS you will be given the option to receive an automated phone call, where you will hear a 6-digit code. This code, once entered, will complete the registration.

    Figure 2: Registration completing

    Disclaimer: Burner SIM cards have been used throughout this guide.

    2.2.2. Making Signal your default messaging app

    In addition to exchanging encrypted messages with other Signal users, the Android version of Signal can also replace your normal SMS text messaging application. Used in this way, it has the ability to send unencrypted text messages to — and display unencrypted text messages from — non-Signal users. These messages are relayed by your mobile service providers rather than being sent over the Internet.

    To use Signal as your default SMS text messaging app, look for the notification below:

    Figure 1: Signal offering to replace your default SMS app

    Step 1. Tap the message above when it appears.

    Figures 2: Confirming the use of Signal as your default SMS app

    Step 2. Tap YES to confirm.

    2.2.3. Importing messages

    If you configured Signal to be your default SMS app, we recommended that you import your existing messages. That way, all of your messages will be in one place. And, because Signal has the ability to encrypt the messages stored on your device, this will protect your SMS history in the event that someone gets access to your smartphone.

    You can do this by following the steps below:

    Step 1. After registration is complete, Signal will open and you will be asked if you want to import your messages from the default SMS app on your phone. Tap on the message to do this.

    Figure 1: Import messages into Signal

    Once the import is complete you will be able to access your old messages in Signal. You should then delete them from your other application.

    2.2.4. Using encrypted storage

    Signal also allows you to store all your messages in an encrypted container protected by a passphrase, so if someone gains access to your phone, they will not be able to access your messages when Signal is locked. After a set period of time, if you have not looked at any messages, Signal will automatically lock and you will have to enter your passphrase the next time you want to read your messages.

    You can store your messages in an encrypted container by following the steps below:

    Step 1. Tap on in the top right of your screen to bring up the menu and select Settings.

    Step 2. Scroll down to the Privacy section and swipe right next to 'Enable passphrase'.

    Figure 1: Passphrase options

    Step 3. When prompted enter a passphrase that will be used to protect the messages stored on your phone and tap OK.

    Figure 2: Setting a passphrase

    Step 4. Check the box next to Inactivity timeout passphrase to have Signal lock after a period of inactivity.

    Figure 3: Inactivity timeout passphrase option

    Step 5. Tap Inactivity timeout interval and in the following screen enter after what time you want Signal to lock if unused and tap OK.

    Figure 4: Signal timeout settings

    2.3. Inviting your contacts to Signal

    You can invite your contacts on Signal by following the steps below:

    Step 1. Open Signal.

    Step 2. From the main screen, tap on the pencil icon at the bottom right corner to open up your list of contacts.

    Figure 1: Main Signal screen

    Step 3. Select the contact you want to invite on Signal.

    Figure 2: Selecting a contact on Signal

    Step 4. Tap on the blue Invite to Signal message to invite your contact on Signal.

    Figure 3: Invite friends on Signal

    Step 5. Tap on the send icon at the bottom right corner of the screen to send the "Let's switch to Signal http://sgnl.link/1LoIMUI" message to your contact.

    Figure 4: Switching to Signal

    You will receive a notification once your contact has joined Signal:

    Figure 5: Contact joined Signal

    You can further confirm if your contacts are on Signal based on whether there is a padlock next to the telephone icon on the top right corner next to their name:

    Figure 6: Padlock verification of Signal usage

    3. Encrypting text messages with Signal

    Signal will only exchange encrypted messages with contacts who are also using Signal, and it will only do so over a mobile data or wireless Internet connection. The Android version of Signal allows you to send and receive regular SMS text messages as well, but it does not encrypt them. As a result, your mobile service provider has full access to the content of such messages.

    When you send an encrypted, Signal-to-Signal message, no one but the intended recipient can read what you have written. This includes your mobile service provider, Open Whisper Systems and Google, none of which have access to the content of these messages. It also includes images, videos and other attachments.

    However, It’s important to note that while the Signal protocol encrypts the content of our communications, it does not encrypt metadata – information about information - such as who we contact, when and from where. It’s also worth noting that Signal’s reliance on the Google Cloud Messaging platform means that Google can have access to some of the metadata produced by Signal, such as the IP address of any device that receives a Signal message.

    3.1. Messaging individuals

    You can send encrypted instant messages to your contacts using Signal by following the steps below:

    Step 1. Open Signal and tap on the pencil icon at the bottom right corner of your screen to bring up your contact list.

    Figure 1: Main Signal screen

    Step 2. Tap on the contact you wish to message.

    Figure 2: Selecting a contact on Signal

    Note: The contact list will display at the top all your contacts who also use Signal (under the Signal Users heading) and then your full contact list (including Signal users) in the All Contacts section.

    Step 3. Compose your message in the box and tap to send it.

    Figure 3: Sending a message over Signal

    The Android version of Signal allows you to choose whether you want to send your contact an encrypted Signal message or an unencrypted Insecure SMS text message. To set this preference for a given user, you can long press . Signal will remember your preference, so you will need to long press the send button again if you want to switch back.

    Figure 4: Sending options

    Important: A closed padlock beneath a message, as shown below, indicates that it was sent encrypted (if the padlock is open, then the message was sent unencrypted). Furthermore, if there is only one check mark next to the padlock, then the message was only sent to the server. If there are two check marks (as illustrated below) next to the padlock, then the message was delivered to the recipient (though there is no guarantee that it has been read).

    Figure 5: Exchange of encrypted messages

    3.2. Messaging groups

    Signal also allows you to send encrypted instant messages to multiple people at once. However, if at least one of the people you are messaging does not use Signal, the messages will be sent as an MMS and not encrypted.

    You can send messages at once to multiple people by following the steps below:

    Step 1. Tap on in the top right of your screen to bring up the menu and select .

    Figure 1: Selecting New Group on Signal

    Step 2. Enter a name for your chat group and tap to add your contacts.

    Figure 2: Creating a chat group on Signal

    Step 3. Tap the box to the right of each contact's name to add them to the group and press .

    Step 4. Tap on top-right to complete the creation of the group and be brought back to the Signal main screen.

    Step 5. Tap on the group you have created and begin messaging the group.

    Figure 3: Sending encrypted messages to multiple contacts at once over Signal

    Figure 4: Group messaging over Signal

    3.3. Sending files

    Signal allows you to send images, video and audio files to your contacts. You can do this by following the steps below:

    Step 1. Start a conversation with the person you want to send a file to.

    Step 2. Tap on in the top right of your screen to bring up the menu and select .

    Figure 1: Attaching a file on Signal

    Step 3. Select the type of file that you want to send.

    Figure 2: File selection through Signal

    Step 4. Verify that the file you want to send is in the compose window and press to send it.

    Figure 3: Image sent through Signal

    3.4. Identity Verification

    To confirm that you are exchanging encrypted messages with the right people, you and your contacts should verify your Signal identities. You can do this by reading or scanning one other's cryptographic fingerprints, as explained below.

    A cryptographic fingerprint is a long string of letters and numbers that uniquely identifies a given encryption key without revealing the key itself. This key (and thus its fingerprint) typically corresponds to a particular installation of the software that created it, so we often say that a fingerprint uniquely identifies a specific user. Of course, if an attacker gets a hold of your unlocked mobile phone, he or she can communicate using your key, which will have your fingerprint. So you should still protect your smartphone by, for example, enabling device encryption and setting a strong passphrase.

    Signal encrypts each message you send with a single-use key, none of which are directly associated with your Signal fingerprint. Instead, this fingerprint is used to verify your long-term identity key, which allows others to ensure that they are really communicating with you.

    If you skip the identity verification process described below, an attacker might impersonate both you and the person with whom you are communicating. Such an imposter could record your messages or statements, then re-encrypt them and relay them back and forth between you. This is called a man-in-the-middle attack.

    3.4.1. Reading Fingerprints

    To verify identities by comparing fingerprints, both you and your contact should follow the steps below:

    Step 1. Open an existing conversation with your contact, tap on the menu icon at the top right corner of the screen and select Conversation settings.

    Figure 1: Conversation settings on Signal

    Step 2. Tap from the options under "Conversation settings".

    Figure 2: Identity verification

    Step 3. You will be presented with a 66-character fingerprint of your Signal identity and that of your contact. These should be read to each other to verify that you both have the same fingerprints for each other, either in person or via a medium that allows you to confirm visually or audibly to whom you are talking to.

    Figure 3: Signal fingerprints

    3.4.2. Scanning Fingerprints

    Alternatively to reading fingerprints, Signal users can verify their contact's identity by scanning their fingerprint.

    Note: To verify fingerprints by scanning you need to have Barcode Scanner installed on your phone. If it is not available on your phone at the time of scanning, Signal will download and install the app for you.

    To verify identities by scanning fingerprints, the following steps will need to be performed by both parties:

    Step 1. Open an existing conversation with your contact, tap on the menu icon at the top right corner of the screen and select Conversation settings.

    Figure 1: Conversation settings on Signal

    Step 2. Tap from the options under "Conversation settings".

    Figure 2: Identity verification

    Step 3. You will be presented with a 66-character fingerprint of your Signal identity and that of your contact.

    Figure 3: Signal fingerprints

    Step 4. On both of your phones, tap on .

    Step 5. On your phone, tap and your contact should tap . Your contact's phone will display a QR code and your phone will open Barcode Scanner.

    Figure 4: Scanning options

    Step 6. Use Barcode Scanner on your phone to scan your contact's QR code.

    Figures 5 & 6: Your contact's QR code / Barcode scanner

    Step 7. Once the QR code has been successfully scanned Signal will check that the identity is valid.

    Figure 7: Signal identity verified

    Step 8. Once you have verified your contact's Signal identity, they should repeat the above steps to verify yours.

    3.5. Exporting your messages

    While Signal allows you to export your messages, the messages in the backup file will not be encrypted and you should take additional steps to protect its contents. You can do this by following the steps below:

    Step 1. Tap on in the top right of the main Signal screen to bring up the menu and select .

    Figure 1: Signal menu options

    Step 2. The next screen will open on the import options, tap .

    Figure 2: Import/Export options

    Step 3. On the export screen tap .

    Figure 3: Export plain text backup

    Step 4. Confirm that you want to export the unencrypted messages to the storage on your phone by tapping .

    Figure 4: Export plain text backup confirmation

    Step 5. Signal will confirm the export has completed by displaying . You will find a file on your phone's storage that contains your unencrypted messages.

    4. Encrypting voice calls with Signal

    4.1. Making encrypted voice calls

    Now that you have installed and configured Signal and have invited your friends, you can start making encrypted calls. You can easily do this by following the steps below:

    Step 1. Open the Signal app.

    Figure 1: Main Signal screen

    Step 2. Tap on the contact you wish to call.

    Figure 2: Selecting a contact on Signal

    If your contact has Signal, a padlock will show up by the phone symbol in the top right of the screen.

    Figure 3: Padlock indicating the use of Signal by your contact

    Step 3. Signal will start ringing the contact.

    Figure 4: Ringing your contact through Signal

    Step 4. Once the call is answered by your contact, Signal will show two words in the middle of your screen. By checking with your contact that you both have the same words on your screen, you can be sure that the call is not being tampered with. It is recommended that you say the first word and expect your contact to say the second, or vice versa.

    Figure 5: Verification of contact

    4.2. Receiving encrypted voice calls

    Receiving a call with Signal is similar to receiving a regular call on your phone. You can do this by following the steps below:

    Step 1. When a Signal call comes in it will display a screen with the message SIGNAL CALL in the middle of the screen.

    Figure 1: Incoming Signal call

    Step 2. Swipe right to answer or left to reject the call.

    Step 3. When you answer the call, Signal will display two words in the middle of your screen. By checking with your contact that you both have the same words on your screen, you can be sure that the call is not being tampered with. It is recommended that you say the first word and expect your contact to say the second, or vice versa.

    Figure 2: Receiving an encrypted call with Signal.

    Option 4. If you call a Signal user from your regular phone dialler, you will be asked if you would like to make a secure call. Tap Yes, Secure to make an encrypted call or tap No to make an unencrypted call.