Signal updates its open-source server code after nearly a year
Unlike other apps like Telegram, WhatsApp, Facebook Messenger and others, Signal is one of the very few chat apps that also allows users to see how its server code functions and operates.
While experts will always recommend open-source software over proprietary solutions when it comes to security and privacy, that only makes sense if the source code for those applications or services is released and updated on a regular basis. This is illustrated by the fact that Signal, widely considered the gold standard in encrypted mobile messaging, has updated the source code for its server after almost a year.
On Tuesday, the team developing Signal finally pushed an update to its server code repository on GitHub, according to a report by Android Police. To put that into perspective, the last time the source code for the Signal server was updated was on April 20, 2020, according to the report and the company’s GitHub repository.
Unlike other apps like Telegram, WhatsApp, Facebook Messenger and others, Signal is one of the very few chat apps that also allows users to see how its server code functions and operates. It is important to note that while the lack of updates to the server code meant users could not verify if a ‘malicious’ change had been made, the Signal apps have been designed to minimise the data sent to the service as much as possible.
While Signal has not yet posted any clarification as to why the server code was not updated for such a long period, users on various forums like Reddit, Hacker News and other websites speculated that it was likely because the company was working on its recently announced secure payment feature that it has begun testing in the UK. According to the Android Police report, the project’s repository was full of complaints questioning the pause on pushing out updates to the server source code.
When open-source software projects update their code regularly, it allows other developers and teams to “fork” the code and start their own parallel development, which could help improve the original project through collaboration.
Another side effect of not updating the source code was that users who tried to fork the Signal server code or simply host their own servers did not have access to more recent features like message reactions that were introduced last year. We will update this article if and when Signal releases a statement about the issue.