Signal is a data-first app that lets people send encrypted messages and make calls over Wi‑Fi or other internet links when cellular bars are missing.
The app supports secure messaging, voice, and group video, but both parties need internet access. It does not send SMS or MMS through a phone service.
Open source code and nonprofit stewardship give users stronger trust and verifiability. The service keeps minimal metadata, such as account creation and last connection dates.
There are limits. If your device or desktop is compromised, or if iCloud shows call recents, privacy can break. Manage notification previews and disable iOS Recents to reduce exposure.
Use a username or a secondary phone number to connect without exposing your main phone number. Learn to enable Registration Lock and keep the app updated after past incidents like the Twilio verification issue and a patched QR vulnerability.
This guide will show setup, settings for disappearing messages, group controls, safety number checks, and desktop caveats for travelers and people in spotty coverage.
Understand “signal-free” communication in 2025
In 2025, missing cell bars no longer mean you are cut off—many modern apps use nearby data networks to keep messages and calls moving.
Cell signal vs. data/Wi‑Fi: what “offline” really means for apps
Cellular service and internet access are separate. You can lack a carrier signal yet still reach Wi‑Fi or another data path. When you have data access, an app can place encrypted calls and send messages without SMS or MMS.
When encryption helps—and when device risk defeats it
End‑to‑end encryption protects content in transit and at rest on the provider. Carriers and services cannot read message content. But compromised devices or desktops—malware, keyloggers, or screenshots—can expose information despite encryption.
Past incidents (Twilio SMS code theft in 2022 and a patched QR linking exploit in 2025) show supply‑chain and linking risks. Mitigate by updating the app, using strong passcodes, enabling Registration Lock, and tuning discovery settings and phone number visibility.
Takeaway: combine encryption with device hardening and cautious desktop linking to keep privacy intact when you rely on Wi‑Fi for access.
Quick-start: Use apps that work without cellular service
Get online with apps that let you text, call, and video over Wi‑Fi when cellular service is down. Start by downloading the app from Google Play or the Apple App Store and register with a working phone or a secondary number.
Messaging, voice, and video over Wi‑Fi or desktop
A data connection enables encrypted texts, pictures, audio, video, and calls. Both people need internet access on their devices for messaging and calls to work.
Use the desktop app only on a trusted, updated computer. Avoid linking to any desktop you suspect is compromised.
How to find and invite contacts who already use secure apps
To find contacts, allow contact discovery or add numbers manually. The service uses truncated, hashed lookups and deletes them immediately to preserve privacy.
Invite users by sharing your username link or QR code so others can connect without seeing your phone number. You can also send invites from inside the app.
Start a chat by tapping the pencil icon, selecting a contact, or entering a number. Create a group from New Group to share media and later host group video calls when everyone is online.
Adjust settings like notifications, call relaying, and discovery to match your threat model. Keep the app updated (examples: Android 7.38.6, iPhone 7.5.1) and encourage contacts to update so messaging and calls remain interoperable.
Set up Signal for private, data-only chats
Set up Signal to use data-only messaging by choosing a secondary phone number or a username at registration. This protects your main phone and lets you rely on Wi‑Fi or other data paths without sharing your primary digits.
Create your account with a secondary number or username
Register with a working number and verify it using the 6‑digit SMS code. Many users pick a Google Voice or secondary phone to avoid exposing their main number; keep that number active to prevent reclaim by the provider.
Since February 2024, you can create a unique username under Profile. A username must end with two or more digits and lets people find you without your number.
Enable a strong PIN and Registration Lock for account security
Set a Signal PIN under Privacy to protect your profile and settings. Then enable Registration Lock in Account so moving the account requires that PIN.
Disabling the PIN reduces portability and some protections. Enabling it counters attacks that target verification codes and account transfers.
Tune phone number visibility and discovery options
Adjust Who Can See My Number and Who Can Find Me By Number to Nobody for username-only discovery. Contact discovery runs locally: truncated, hashed numbers are sent then discarded.
Allow contacts access for convenience or deny and add numbers manually. Finally, use a strong device passcode and consider disabling biometrics in higher-risk situations before starting chats by tapping the pencil icon.
Protect your screen, notifications, and local device access
Protecting what appears on your lock screen is one of the easiest ways to keep private texts and names from falling into the wrong hands. Change a few core settings so previews and caller info stay hidden when your phone is unattended.
On iOS, go to Settings > Notifications > Signal > Show Previews and set it to Never. Also disable Show Calls in Recents inside the app to avoid iCloud syncing of call logs.
On Android, use system notification controls and the app’s Notifications > Show option to limit content. Turn off smart replies to reduce OS-level processing of message context.
Enable Screen Lock so a passcode, Face ID, or Touch ID is required to open the app. Use Screen Security or Hide Screen in App Switcher to stop recent content from appearing in the app carousel.
Use a strong device passcode rather than short PINs or patterns and change it occasionally. In high-risk situations—protests, borders, or forced checks—temporarily disable biometrics and rely on your passcode for access.
Periodically review these privacy options after OS updates to make sure controls still work. Small steps here protect names, numbers, and message content from easy exposure.
Make end-to-end encrypted calls and group video over Wi‑Fi
Use end-to-end encrypted calls on data networks to stay reachable without a phone signal. Start a voice or video call from inside any chat by tapping the phone or video icon. Both devices must be online over Wi‑Fi or another data link for the call to connect.
Voice, video, and group calls—plus Always Relay Calls
Launch group video calls from an existing group so everyone joins in the same thread. Share a call link when you need multiple people to join quickly; the link opens the encrypted session inside the app.
Enable Always Relay Calls in Privacy settings to route calls through the service and help hide your IP address from peers. On iOS, disable Show Calls in Recents to avoid iCloud logging of call metadata.
Expect the same encryption guarantees for voice and video as for text: only devices in the conversation can decrypt content. Use a strong Wi‑Fi connection for better audio and video quality, switch networks if quality drops, and keep your app and OS updated. Remind participants that encryption cannot stop eavesdropping if a device is compromised.
Master disappearing messages and view-once media
Disappearing content gives you control over how long a message remains visible to others. Use the app’s timers to limit exposure and match retention to risk levels.
Default timers and per-thread control. Set a default disappearing timer under Settings > Privacy > Default Timer for New Chats. Options range from 30 seconds to four weeks or a custom span. You can still change the timer inside any thread to fit that chat’s needs.
How timers behave. Timers start when the recipient opens the message, not when you send it. That affects the amount time content will actually stay visible on the other device.
View-once media and visible traces
Use view-once photos and video when you don’t want media stored in the thread. The image or video is removed after one view, but a note remains saying media was shared.
Practical limits and device risks
Recipients can still take screenshots or photograph their screen, so trust matters. Deleting a message on your phone does not delete it on the other person’s device unless disappearing timers were in effect.
Group chats and backups. For groups, set disappearing defaults at creation so everyone follows the same retention rules. Avoid exporting or backing up sensitive content to cloud services that might capture previews or attachments.
Periodically review these settings and shorten timers during higher-risk periods to keep messages and privacy aligned with changing needs.
Build secure group messaging with permissions that work
Good group hygiene starts with clear names, tight controls, and regular member reviews. Create a new group from the Chats tab via New Group and add only contacts who already use the app to keep coordination private and organized.
Create groups and approve new members: Enable Approve New Members so admins must accept anyone who requests to join. This prevents drive-by joins and reduces spam.
Manage Group Links and permissions: Generate a Group Link to invite many users quickly, then reset or disable the link if it leaks. Use Permissions to restrict who can rename the group or add members so only admins make structural changes.
Set disappearing defaults: Apply a group-wide disappearing timer when creating the chat to align expectations for messages and retention across users. That makes message lifecycle consistent for everyone.
Review and enforce rules: Periodically audit the member list, remove unknown numbers, and add group rules to the description — include screenshot etiquette, retention expectations, and whether sharing phone numbers is allowed. Encourage users to keep settings updated and prefer usernames to expose fewer phone digits.
Verify safety numbers to prevent interception
Confirming a contact’s safety code is a small step that defends against man‑in‑the‑middle attacks. Verification proves the app’s encryption keys match between devices and helps you trust a conversation before sharing sensitive data.
Open the chat, tap the contact’s name, and choose View/Verify safety number to display the 60‑digit code and QR.
QR scan in person or verify over a separate channel
In person, scan each other’s QR to confirm you share the same safety numbers, then mark the session as verified on both devices.
If remote, read and compare parts of the 60‑digit code over a trusted channel — a phone call or another secure app — to reduce spoofing risk.
Re‑verify after a device change or when the app reports a session reset. If codes don’t match, stop sensitive messaging until identities are confirmed.
Why this matters: verification detects interception attempts even when encryption is strong. Make verification part of onboarding for sensitive groups and combine it with Registration Lock and strong device passcodes for layered protection.
Desktop usage, metadata, and real-world limits
Pairing your phone with a desktop session multiplies the places your chats and media can live. Desktop clients add convenience for long messages, file transfer, and multitasking. They also increase the risk if the computer is compromised.
When not to link a compromised computer
Link the desktop app only to a trusted, updated computer. If you suspect malware, keyloggers, or screenshot tools, avoid linking entirely. Desktop threats can capture keystrokes and clipboard contents that the phone never exposes.
Call logs, iCloud recents, and limiting metadata
Disable Show Calls in Recents on iOS to stop call recents syncing to iCloud. Expect the service to retain minimal account information such as account creation and last connection timestamps, but live observers can infer patterns from metadata.
Unlink desktop sessions you no longer use. Restrict desktop notifications and previews in app settings. Use strong local passwords, full‑disk encryption, and keep OS and security tools current so devices store less sensitive information at rest.
Putting signal-free communication tips into practice
Make a short checklist so your team can use the app reliably when cellular service drops. Download from official stores, register with a secondary phone number or username, then set a strong PIN and enable Registration Lock for the account.
Share your username or QR instead of a phone number to protect personal identifiers. Tune privacy settings, minimize notification previews, and set a default disappearing timer for new chats to limit how long messages persist.
Use voice and video over Wi‑Fi for calls, enable Always Relay Calls to mask IP, and disable iOS Show Calls in Recents. Verify safety numbers with key contacts and avoid linking a compromised desktop; keep devices updated and rehearse these workflows so people act fast under pressure.
