Signal app's on-device encryption can be decrypted, claims hacking firm Cellebrite
A company claims it can decrypt messages sent using the Signal messenger app on Android phones, despite it being considered to be one of the most secure apps around that offers end-to-end encryption.
Cellebrite, an Israel-based but Japanese-owned security company, has previously been reported to have helped the FBI access the iPhone of one of the San Bernadino shooters.
In a new blog post, the company claims it is able to decrypt Signal messages as they are stored on Android devices by retrieving the key used to encrypt them while they're at rest, although it is importantly not claiming to be able to decrypt intercepted messages between two Signal users. The impact of Cellebrite's ability to decrypt messages at rest is unclear at the moment. The company acknowledges that it sells its devices to both law enforcement and private sector organisations.