TL;DR
Both Whatsapp and Signal offer end-to-end encryption, but Signal is generally considered more privacy-focused due to its minimal data collection, open-source nature, and independent funding. Whatsapp, owned by Meta (Facebook), collects significantly more user data which raises potential privacy concerns despite the encryption.
1. Understanding End-to-End Encryption
Both apps use Signal Protocol for end-to-end encryption. This means your messages are scrambled on your device and can only be read by you and the recipient. Neither Whatsapp nor Signal can access the content of your conversations.
- How it works: Encryption uses keys – a public key to encrypt, and a private key to decrypt. These keys are generated on each user’s device.
2. Data Collection – Where They Differ
This is the biggest difference. Here’s a breakdown:
- Whatsapp: Collects a lot of data, including your phone number, contacts, location information (if you allow it), usage patterns, and device information. This data is linked to your Facebook account if you have one.
- Signal: Collects only your phone number – this is used for registration and verification. They don’t store who you message or when.
3. Open Source vs Closed Source
- Signal: Is completely open-source. This means anyone can inspect the code to verify its security and privacy claims. Independent audits are regularly performed. You can find their code on GitHub.
- Whatsapp: Is closed-source. While they publish some information about their encryption, you have to trust that the code does what they say it does.
4. Metadata – The Hidden Risk
Even with end-to-end encryption, metadata can reveal a lot. Metadata includes:
- Who you’re messaging
- When you’re messaging them
- How often you message them
Whatsapp: Stores metadata on their servers.
Signal: Minimises metadata storage. They use Sealed Sender to further protect this information, but some metadata is still unavoidable (e.g., when a user last connected).
5. Server Infrastructure & Funding
- Whatsapp: Relies on Meta’s servers and infrastructure. This means it’s subject to Meta’s policies and potential data requests from governments.
- Signal: Is an independent non-profit organisation funded by donations. They control their own servers, reducing the risk of external influence.
6. Disappearing Messages
- Both apps: Offer disappearing messages features. You can set a timer for messages to automatically delete after a certain period.
- Important Note: Screenshots are still possible, so don’t share sensitive information you wouldn’t want someone saving.
7. Security Features – A Comparison
| Feature | Signal | |
|---|---|---|
| End-to-end Encryption | Yes (default) | Yes (default) |
| Disappearing Messages | Yes | Yes |
| Screen Security (screenshot detection) | No | Yes |
| Registration Lock | No | Yes (PIN protection) |
| Open Source | No | Yes |
8. Practical Steps to Improve Your cyber security
- Enable Disappearing Messages: On both apps, use this feature for sensitive conversations.
- Turn off Location Sharing: Unless absolutely necessary, disable location sharing in app settings.
- Review Privacy Settings: Regularly check the privacy settings of both apps and adjust them to your preferences.
- Use a Strong PIN/Password: Protect your phone with a strong passcode or biometric authentication.
9. Command Line Verification (Advanced – Signal)
You can verify Signal’s encryption keys manually using the command line, although this is for advanced users.
signal-cli --config /path/to/your/config verify (Requires installing signal-cli and configuring it with your account. See Signal’s documentation for details.)