Signal has started public testing of a new security feature called “automatic key verification,” designed to simplify confirming end-to-end encrypted conversations without requiring users to manually compare safety numbers.
The feature was announced by Signal staff member “jimio” on the company’s public testing forums, inviting beta testers to evaluate the new system before a broader rollout.
According to the announcement, automatic key verification aims to provide the same cryptographic assurances as Signal’s traditional safety number verification process while significantly reducing the friction involved for users.
Signal’s existing safety number system allows users to confirm that messages are protected against man-in-the-middle attacks by manually comparing a unique code with their contact, typically through an in-person meeting or another trusted communication channel. While highly secure, the process is often overlooked by mainstream users due to its complexity and inconvenience.
The new automatic verification system aims to address that usability problem by distributing trust across multiple independent checks rather than relying solely on direct user confirmation. Signal says the process combines verification performed by the user’s device, the recipient’s device, and independent third-party auditors to continuously validate the integrity of encryption in the background.
To use the feature, beta testers can open a contact’s profile in Signal, select “View Safety Number,” and then tap a new “Verify automatically” option. If verification succeeds, the interface displays a green checkmark alongside the message “Encryption verified.”
Automatic key verification currently works only when Signal can reliably associate the other party with a phone number. This includes scenarios where users initiate chats using the “Find by phone number” feature, when contacts are stored in the device’s address book and are discoverable by phone number, or when users choose to make their phone number visible to everyone on the platform.
By default, Signal does not publicly expose users’ phone numbers, which may limit the feature’s availability in some conversations.
Signal also warned testers that automatic verification may occasionally become unavailable for legitimate reasons, such as when a contact changes their phone number. In those cases, users are advised to fall back to traditional safety number verification methods through another trusted channel.
Although Signal did not provide detailed technical documentation about the underlying architecture, the mention of “independent third-party auditors” suggests the company may be implementing a transparency or auditing system similar to certificate transparency models used in web security.
Signal is currently gathering bug reports and diagnostic logs from public beta testers to identify issues before the feature becomes generally available. Users participating in the beta are encouraged to report cases where automatic verification should work but does not, along with relevant debug logs and contextual information.
Leave a Reply