Signal for Android

In recent years, privacy and security have become topics of focus within the software engineering community as well as in the global discourse on technology. The interest in those topics is not limited to the technological communities, as more and more legislators are introducing laws and regulations to protect the privacy and security of their citizens, such as the European General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

With regulators doing their best to protect general privacy in terms of the information that organizations store about their clients, we should not forget the means through which we express our deepest desires and greatest wishes: interpersonal communication. We now live in an era where more and more of this communication takes place over the internet through messaging apps. However, most of the popular messaging apps are closed source, meaning that an outside observer can not easily see what the application is doing on the background.

Signal is a secure privacy-central alternative to existing messaging apps. In contrast to its competitors, Signal has its source code available to the public, making it easier to verify what it is doing. Striving to be a secure privacy-central alternative to existing messaging apps, Signal encrypts all messages that its users send and receive through the app. This goes a step beyond the end-to-end encryption used by many other popular messaging apps. Most of these apps encrypt the message content, but Signal additionally encrypts the metadata: Who sent the message at what time. This ensures a higher degree of privacy for the end user. Signal can be used on three different platforms: Android, iPhone, and Desktop. This blog will focus exclusively on Signal’s Android implementation.

This blog will take you on a journey under the hood of Signal, through the eyes of a software architect. The four essays that compose this blog will highlight different aspects of Signal’s architecture. The first essay details the vision underlying Signal, placing it into the context of its users and analyzing its stakeholders. The second essay describes how this vision resonates with the architecture of the app. The third essay takes a deeper dive into the code that composes Signal. The fourth essay is a deeper analysis of the protocols that enable Signal’s unique features and of how they are reflected in the architecture. The goal of this journey is to uncover the objectives for the Signal application. It will furthermore be investigated how these objectives are realized through both the software architecture and development process.

Who we are

We are a team of four students of the Delft University of Technology in the Netherlands. We have made this blog as part of the CS4315 Software Architecture course, which we have followed as part of our master of Computer Science program.

In the following paragraphs, the members of the team will give a short introduction of themselves.

Martijn van den Hoek After finishing my Bachelor of Computer Science in Delft, I continued with the master in the same discipline. I’m interested in the process of software engineering and the proper software engineering techniques. Besides courses that connect with those interests, my master also includes courses about algorithms.

Wouter Zonneveld Software Engineering is one of the sub-fields in Computer Science which I’ve always found to be both interesting and practical. This is because having a thorough understanding about how to go from the product requirements to the actual product is essential, no matter in which context you are programming.

Frank Vollebregt My interests lie within the fields of Web Information Systems and Software Engineering. Nowadays, there is an increasing focus on privacy for the end user: Designing and building systems with the additional objective of privacy in mind brings new challenges to the table, for us to solve.

Robin Oosterbaan As all the other group member I finished the bachelor and continued with the Computer Science Master. The Software Engineering group have always given solid courses and as such I wanted more knowledge on the topic of Software Architecture.

Contributions

A clear vision or mixed signals?

In this post, we try to discern what the goals of Signal are, how they intend to accomplish these goals and who benefits or suffers from them. We have a look at the unique features Signal offers to its users, and take a leap forward to see what the future may hold.

Rome wasn’t built in a Signal day

In this post we explore how the concepts discussed in our previous post are realized through Signal’s architectural elements, deployment, and other design principles. We will also see how key features, such as sending a message, work at run-time.

Reducing noise to improve Signal quality

In this post we will discuss how software quality is maintained and guaranteed in Signal. We’ll go over the use of Continuous Integration, analyse test coverage and explore changes that would improve Signal’s code quality. We conclude by estimating, based on the above, the technical debt in Signal Android.

Smoke Signals or secure crypto?

Since Signal’s unique characteristics revolve around security and privacy, we decided to explore these features more in depth for our fourth and final essay. More specifically, we will examine how these characteristics affect various layers of Signal’s architecture. We look into how Signal manages sessions between users and at how Signal encrypts and decrypts incoming messages from a component perspective.