Full Report
Signal has introduced a new opt-in feature that helps users create end-to-end encrypted backups of their chats, allowing them to restore messages even if their phones are damaged or lost. [...]
Analysis Summary
# Main Topic
Introduction of an opt-in, end-to-end encrypted backup feature by Signal, allowing users to restore chat messages on new or replacement devices. This feature introduces new storage tiers and critical user responsibility regarding recovery keys.
## Key Points
- The feature creates end-to-end encrypted backups of text messages and media, secured by a 64-character recovery key generated on the user's device.
- The recovery key is essential for decryption during restoration and is *never* shared with Signal; loss of this key results in permanent loss of access to the backup.
- Two primary tiers are offered:
- **Free Tier:** Up to 100 MiB storage, covering messages and the last 45 days of media.
- **Paid Subscription ($1.99/month):** Up to 100 GB storage for extensive media history.
- Backups occur daily, replacing the previous day's archive, but exclude messages scheduled to disappear or view-once messages within the next 24 hours.
- This marks the introduction of the platform's first paid feature, justified by the high cost of media storage and transfer.
- The feature is currently rolling out on Android betas and is slated for iOS and desktop expansion later.
## Threat Actors
- No specific threat actors or adversarial groups are mentioned in relation to the development or implementation of this feature.
- The summary focuses on the *security mechanism* itself, not an ongoing threat campaign.
## TTPs
- **Security Implementation:** Use of End-to-End Encryption (E2EE) for the backup data itself.
- **Key Management:** Implementation of a client-side generated, user-held 64-character recovery key, shifting decryption responsibility entirely to the user.
- **Data Retention Policy:** Automatic exclusion of ephemeral content (disappearing messages, view-once media) from backups.
## Affected Systems
- Primary focus is on Signal application users on mobile devices (Android initially, followed by iOS).
- The system involves existing Signal chat data, including text messages and media attachments.
## Mitigations
- **User Action Required:** Users must securely store the 64-character recovery key, as Signal cannot recover it if lost.
- **Opt-in Decision:** The feature is opt-in, allowing users to choose whether the benefits of backup outweigh the risks associated with holding the recovery key.
- **Data Limitation:** Users who opt not to use the feature or the paid tier retain the default behavior where chat history restoration relies on device-to-device transfer or local storage.
## Conclusion
Signal has significantly enhanced data availability by introducing E2EE cloud backups, a move that delegates complete custodianship of backup decryption keys to the end-user. While this improves data resilience against device loss, it creates a critical failure point: the user's responsibility to safeguard the recovery key. Threat actors targeting user secrets should note that traditional device compromise may not be necessary to gain access to backups if the user loses control of the recovery key.