Putting Signal on Your Computer Makes It Less Secure
In my NBTV members’ chat, someone asked me why I don’t have Signal installed on my computer.
The answer is because computers are often easier to compromise than phones, and I would be downgrading the awesome privacy and security that Signal gives me by extending my attack surface to my computer. Let me explain.
Phones Are Locked Down by Design
Modern smartphones are some of the most locked down consumer devices that have ever existed.
They do a great job at sandboxing apps.
Some phone operating systems do a much better job than others (eg GrapheneOS does a great job at this), but in general, phones enforce app sandboxing much more strictly by default than most desktops.
What this essentially means is that on your phone, every app lives in its own isolated box. It has its own storage, its own permissions, and its own processes. The intention is that one app can’t just reach over and read another app’s data, or spy on its memory. If an app wants to access your microphone, your camera, your files, or your contacts, the operating system generally has to explicitly allow it. And you usually see that happen.
Even if a malicious app gets installed on your phone, the damage it can do to other apps and the OS is usually limited, unless you’ve granted the app powerful permissions, or unless the attacker breaks out of that sandbox. And that usually requires additional exploits.
How Desktops Are Different
Now compare that to a desktop computer.
They don’t have the same default, enforced sandboxing model as phones.
On a desktop, most apps run under the same user account. They share access to large parts of the file system. They can often observe or interfere with each other in ways that mobile operating systems simply don’t allow.
If malware runs as you on your computer, it often has access to a huge amount of what you do: Your files, clipboard, keyboard input, screen, your apps running.
Mobile operating systems are built around the assumption that every app is hostile, and try hard to silo them. Desktops are, by default, designed to be cooperative environments for apps.
This Isn’t a Signal Issue
This brings us back to Signal. This isn’t a Signal issue.
Signal is an extremely well designed, end-to-end encrypted messaging app. On your phone, it benefits from all of the security properties I just described: Strong sandboxing. Hardware-backed key storage. Restricted access to other apps. Limited background surveillance capabilities.
When you install Signal on your computer, you widen your attack surface from one hardened device to two completely different environments.
Your computer becomes another place where keys and message data can be targeted. And computers are much easier to target.
Why Computers Are Easier to Attack
There’s a reason why zero days on phones are much more valuable. On desktops, attackers often don’t even need advanced exploits to attack your system. They can use phishing attacks, malicious browser extensions, compromised software updates, and they can install malware disguised as legitimate apps. Once that malware runs, it can often do things like capture your screen, log your keystrokes, or read data from other applications.
Phishing still exists on phones, but a phishing message does not automatically lead to arbitrary code execution. A malicious app installed from an app store is still trapped inside its sandbox. A fake update prompt cannot actually replace system software. A malicious app pretending to be legitimate does not suddenly gain visibility into your other apps.
On desktops, however, these same attack paths often are sufficient to compromise the system meaningfully. On phones, they’re usually not, unless the attacker also has a separate sandbox escape or OS-level exploit.
So if I’m using a powerful private communication tool like Signal, I want it to be as private and secure as possible.
I don’t need to weaken my protections by installing it on a less trusted system.
Signal itself is a strong app on either system, but it’s the computer itself that isn’t as strong.
Hardware-Backed Security Matters
Phones also have another major advantage: Phones often make hardware-backed key storage the default assumption, while desktops vary more.
Most modern phones have secure enclaves, or trusted execution environments. These isolate cryptographic keys from the rest of the operating system, so that even if parts of the OS are compromised, those keys are much harder to extract.
On desktops, once you’re logged in, malware running as your user can often access more secrets and more app data, because more of it is accessible under that same user account.
Modern computers do have hardware security modules, like TPMs or the Secure Enclave on newer Macs. On desktops, these are heavily used for boot integrity and disk encryption, and some platforms also use them for credentials and key operations during runtime, but it’s less uniform.
On phones, secure enclaves are deeply integrated and continue protecting cryptographic keys against extraction even while the device is in active use.
In essence: Desktops often lean on hardware security heavily for boot and disk encryption, and phones tend to lean on it continuously for app key operations.
Security Always Collapses to the Weakest Link
So, to circle back, when you link Signal to your computer, you are effectively taking a very well protected environment, your phone, and extending trust to a much weaker one.
Security always collapses to the weakest link.
That does not mean that Signal Desktop is bad. It means desktops are inherently riskier environments.
For many people, that tradeoff is totally reasonable. Convenience matters. Typing on a keyboard is easier. Multitasking is easier.
But if your threat model includes targeted surveillance, and you rely on sensitive communications, then keeping Signal confined to your phone meaningfully reduces risk.
BIG Caveat
That being said, I don’t want people to assume they should do everything on their phone either, or that phones are ALWAYS more secure.
First, phones are intensely personal devices, and most of us do far too much on them. We carry social media apps and countless third-party apps everywhere we go, and we routinely grant them access to our location, contacts, microphones, and cameras. These devices follow us through our day and capture huge amounts of context about our lives.
Every app we install also broadens our attack surface. We are trusting countless third parties to write secure code, ship updates, and respond quickly when vulnerabilities are discovered.
And the phone itself matters too: If your device isn’t getting regular security patches, all of these protections degrade over time.
Keep your phone lean, only install what you absolutely need, and absolutely keep it updated.
One tip that can help you meaningfully reduce risk on your phone is by using a privacy-focused browser instead of downloading a native app for everything. If something works just as well in the browser, do it there, because app permissions tend to be invasive.
These are some of the ways to keep your phone locked down and as private and secure as possible.
TLDR
This isn’t about Signal being unsafe, or about desktops being off limits. It’s about understanding where different tools are strongest and weakest. Phones are designed to aggressively isolate apps and protect secrets, while desktops are built for flexibility and convenience. When you’re using a high-stakes private communication tool, it makes sense to keep it inside the most hardened environment you have, while also being disciplined about what you install on that device. If your threat model is lower, I think you can comfortable use these tools in ways that make them easier and sustainable for you. The more we understand how different devices are designed to protect us, the easier it is to place sensitive tools where they’re actually safest.
If you have any short questions that you’d like answered, feel free to add them to the comments section! Maybe we’ll be able to answer your question in a future article.
Yours In Privacy,
Naomi
Consider supporting our nonprofit so that we can fund more research into the surveillance baked into our everyday tech. We want to educate as many people as possible about what’s going on, and help write a better future. Visit LudlowInstitute.org/donate to set up a monthly, tax-deductible donation.
NBTV. Because Privacy Matters.