Signal President defends app security after Trump officials’ chat leak: ‘Signal is the gold standard’

The president of Signal defended the messaging app’s security on Tuesday (March 25) following a report that top Trump administration officials had mistakenly added a journalist to an encrypted group chat discussing a planned US attack on Yemen’s Houthis.

Meredith Whittaker, president of Signal, took to X (formerly Twitter) to reinforce the app’s privacy standards and distinguish it from other messaging platforms.

Signal vs. WhatsApp: Key differences

“I wouldn’t say that Will and I are battling, but I do disagree,” Whittaker wrote, addressing comparisons between Signal and WhatsApp. “Because there are big differences between Signal and WhatsApp.”

She highlighted that Signal is open-source, nonprofit, and applies end-to-end encryption (E2EE) alongside other privacy-preserving technologies to protect user metadata and message content.

“Signal is the gold standard in private comms. We’re open source, nonprofit, and we develop and apply E2EE and privacy-preserving tech across our system to protect metadata and message contents,” Whittaker said.

She also pointed users to Signal’s transparency reports, emphasising how little data the platform can provide in response to subpoenas.

WhatsApp’s privacy limitations

Comparing Signal to WhatsApp, Whittaker noted that while WhatsApp licenses Signal’s encryption technology to secure message contents for consumer users, it does not offer the same level of protection for WhatsApp Business users.

“WhatsApp licenses Signal’s cryptography to protect message contents for consumer WhatsApp. Not on WhatsApp for business,” she explained. “Neither consumer nor business WhatsApp protects intimate metadata—like contact list, who’s messaging whom, when, profile photo, etc. And, when compelled, like all companies that collect the data to begin with, they turn this important, revealing data over.”

Raising the privacy bar

Despite her criticism of WhatsApp’s metadata handling, Whittaker acknowledged the company’s use of Signal’s encryption as a positive step.

“Don’t misunderstand—we love that WhatsApp uses our tech to raise the privacy bar of their app. Part of Signal’s mission is to set, and encourage the tech ecosystem to meet, this high privacy bar,” she said.

However, she stressed that the differences between the two platforms are significant and that the public deserves full transparency about privacy protections.

“But these are key differences when it comes to meaningful privacy, and the public deserves to understand them, given the stakes. Not have them clouded in marketing,” Whittaker concluded.

Security and Government surveillance concerns

Signal has long been regarded as a leading platform for secure communication, particularly among activists, journalists, and officials wary of surveillance. The Trump administration’s security mishap has reignited discussions about the importance of secure digital communication and the potential risks of human error in handling sensitive information.

Trump officials face backlash over Signal Chat security breach

The Trump administration scrambled to contain fallout after The Atlantic's editor-in-chief, Jeffrey Goldberg, revealed he was mistakenly added to a Signal chat discussing a planned US attack on Yemen’s Houthis. The chat included top officials such as Vice President JD Vance, Defense Secretary Pete Hegseth, and National Security Adviser Michael Waltz.

Security concerns and expert warnings

Experts warned that using commercial apps like Signal for sensitive discussions exposes messages to potential cyber threats. Cybersecurity analyst Rocky Cole stated, “If the phone itself isn’t secure, all Signal messages can be read.”

While many Republicans downplayed the breach, Representative Don Bacon, a retired Air Force general, said Hegseth should take responsibility, warning that the leak “put lives at risk.”

The Senate Armed Services Committee is expected to review the administration’s use of Signal, with lawmakers from both parties demanding answers on how the breach occurred.