An encrypted messaging application named Signal is gaining attention and scrutiny after senior Trump officials—including Defense Secretary Pete Hegseth and Vice President JD Vance—reportedly utilized the platform to discuss a sensitive military operation, unintentionally involving The Atlantic’s editor-in-chief, Jeffrey Goldberg, in the conversation.
On Monday, Goldberg published an article in The Atlantic detailing his addition to an 18-person Signal chat earlier this month regarding military strikes in Yemen, noting that initially he “couldn’t believe it was real.”
The National Security Council stated the messages appear to be “authentic,” in a response to CBS News following the article’s release.
The utilization of Signal for discussing sensitive military matters has raised concerns regarding the app’s security against hackers and other malicious entities. Signal reportedly had about 70 million users in 2024, a small fraction compared to the 1 billion monthly active users on Apple’s iMessage, as pointed out by national security publication Lawfare.
On Tuesday, President Trump informed reporters that he had instructed national security adviser Mike Waltz, who Goldberg mentioned added him to the group chat, to “immediately investigate” the use of Signal by government personnel.
Here’s what you need to know about the app.
What is Signal?
Signal is an encrypted messaging application that also supports voice and video calls, providing a secure communication platform. Group chats can include up to 1,000 participants, and users can set messages to disappear after a specified duration.
Signal’s user base has been expanding due to its end-to-end encryption, which increases its “appeal during uncertain periods or particular events that reinforce its status as the preferred communication service,” as noted by PP Foresight analyst Paolo Pescatore in an interview with CBS MoneyWatch.
The app’s encryption ensures that no third party can access the content of conversations or eavesdrop on calls. Essentially, messages and calls sent via Signal are encrypted, with only the sender and recipient holding the key to decode them.
In contrast to another popular messaging service, Telegram, Signal’s encryption is activated by default. The service also asserts that it does not collect or retain any sensitive information.
“Signal messages and calls cannot be accessed by us or other third parties because they are always end-to-end encrypted, private, and secure,” reads the service’s information.
Signal has yet to respond to a request for comment regarding its use by the Trump administration.
Who owns Signal?
Signal is owned by the nonprofit Signal Foundation, co-founded by Moxie Marlinspike and Brian Acton to support the app’s operations and to “investigate the future of private communication,” according to the foundation’s official website. The foundation claims to be a nonprofit “with no advertisers or investors, sustained solely by users who appreciate it.”
The foundation’s board comprises five individuals, including Marlinspike and Acton, who co-founded WhatsApp and contributed $50 million to establish the foundation.
The Signal app was developed over a decade ago by Marlinspike, an entrepreneur who briefly led product security at Twitter after selling his mobile security startup, Whisper Systems, to the company in 2011. He integrated two existing open-source applications—one for messaging and the other for voice communication—to develop Signal.
Can Signal be hacked?
Although Signal promotes the privacy of its service, experts confirm it is more secure than traditional texting.
However, experts also warn that it is not invulnerable to hacking. In February 2025, the National Security Agency issued an operational security special bulletin to its staff warning them of vulnerabilities in the Signal application, as per internal NSA documents acquired by CBS News.
“A vulnerability has been identified in the Signal Messenger Application. Given that Signal is frequently used by common targets of surveillance and espionage, the application has become a high-value target for intercepting sensitive information,” states the internal bulletin.
In response to the bulletin, Signal released a statement on social media, clarifying that the NSA’s memo mentioned a “vulnerability” in relation to Signal—but not pertaining to its core technology. The memo was a caution against phishing scams aimed at Signal users.
“Phishing is not a new phenomenon, and it isn’t a flaw in our encryption or any of Signal’s foundational technology,” the company asserted. “Phishing attacks are an ongoing threat for widely-used apps and websites.”
Government officials have used Signal for organizational purposes, such as coordinating sensitive meetings. However, in the Biden administration, those authorized to download it on their White House-issued devices were advised to utilize the app sparingly, according to a former national security official from that administration.
“Unlike other end-to-end encrypted messaging services, Signal offers a diverse range of features,” Pescatore added. “Nevertheless, hackers are continually looking for vulnerabilities to exploit and misuse applications.”
What is Signal typically used for?
Due to its end-to-end encryption, Signal is frequently employed by national security and intelligence professionals, as well as activists and others, according to Lawfare.
A recent review by the Associated Press revealed that encrypted messaging applications are becoming increasingly popular among government officials, with some utilizing government mobile numbers while others registered their accounts using personal numbers.
Are there legal issues for government officials using Signal?
Possibly, yes. Exchanging sensitive national security information over Signal could be in violation of the Espionage Act, commented CBS News national security analyst Sam Vinograd, who served in former President Barack Obama’s Homeland Security Department, on Tuesday.
“By sharing classified data on a nonsecure platform like Signal, senior U.S. government officials … heighten the risk that foreign nations could gain access to sensitive operational security plans—which could endanger our troops,” Vinograd stated.
While Mr. Trump claimed during a press briefing on Tuesday that “I don’t know anything about Signal, I wasn’t involved in this,” he noted that other government branches utilize the app.
“I hear it’s widely used among various groups, including the media,” he remarked. “Many members of the military use it successfully. There are always risks with these things; that’s the trade-off when you’re not in the Situation Room without any phones— which, frankly, is always best. The optimal situation is to be physically present.”
Mr. Trump stated that Signal is the “No. 1 device or app that is used,” and he has requested Waltz to examine its application by government officials.
Meanwhile, Democratic legislators are calling for an investigation into the rationale behind discussing highly sensitive information on a commercially available messaging app rather than secure governmental channels.
Goldberg from The Atlantic also claimed that some messages in the group chat were programmed to disappear after one week, while others were set to disappear after four weeks, potentially violating federal law that mandates the preservation of official records.
