Inadvertently sent insecure messages via SMS without clear notification

[Viperized]

I've sent several messages to a recipient before I realized they were being sent as unsecure SMS, even though I had disabled the app to send via SMS. The recipient had not advised me the app was uninstalled from the other end.

I remember previously, maybe when the app did still encrypt over SMS, that whenever the message was downgrading from Push messages to SMS, it did pop up an alert.

I suggest an option in settings to disable any way to sending over SMS. Now my sensitive data has been sent out in clear plaintext overseas between carriers.

The only UI portion that could warn me was the grey text "Send unsecure SMS" inside the textbox that is immediately replaced if you quickly start typing, and the Send button was with a very small unlocked lock icon.

Before even the bubble texts were in a different color.

I just want some way to prevent inadvertent sending of unencrypted messages. Maybe a way to make it a default option to only send securely and always warn you the first time it has downgraded to unsecure SMS.

I do not use Signal as the default SMS app, and since the contact had uninstalled the app, I had no way of knowing it, since the conversation still appeared on the conversation list.

Thank you!

[BP602]

#838

[2-4601]

There is a pop-up warning the first time you send a message to a contact that has unregistered from Signal.
"This message will not be encrypted because the recipient is no longer a Signal user.
Send unsecured message?"

But despite that I've been bitten by this more than once because I have a lousy memory. 😵

Edit: Well, I'm not sure about the above any more. I just unregistered my test device today and now I was able to send an SMS to that number without the warning popping up. There is a big invitation banner at the top though. And there's always the "Send unsecured SMS" string in the compose box.

[agrajaghh]

How about a warning looking like the missing call message, that says something like the pop-up warning?

[Viperized]

Well I didn't see the invitation banner. Maybe because my Signal users directory wasn't refreshed?

Just happened again, this time with the recipient. Since in my country phone numbers had a number change, I re-registered it with Signal.

But the recipient still had my old number that was just deregistered. The recipient sent messages too that were unsecure SMS before I could warn it.

[2-4601]

The current behaviour (3.9.0) seems to be:

• If the recipient has unregistered and your push directory is not up to date and you try to send a message the message will not be sent and you will receive a pop-up warning after you tap the failed message.
• If the recipient has unregistered and your push directory is up to date you will see the "Send unsecured SMS" in the compose box.

In conclusion there is always a warning or information of the transportation method.

[JacobHenner]

I still experience the same (or similar issue). Every once in a while, Signal will "forget" a contact has registered with the directory, and without notice, my phone will fallback to insecure SMS. This happens seemingly at random, and I have experienced it with two contacts, neither of whom have unregistered from the directory. The messages they send to me are still encrypted, however.

[zoff99]

i would like an option to set that i never ever want to send (unencrypted) sms with this app, no matter what.
this option could be an expert option, and set to "NO" as default.

[FeuRenard]

Why an extra option? Signal shouldn't send SMS when SMS and MMS are turned off (with the setting that currently exists).
I just discovered that I can send SMS to Signal users by long-tapping the send button and choosing "Insecure SMS" although SMS/MMS are turned off in settings.
I suggest changing the issue's title to: "Never send SMS/MMS when they are turned off"

[automated-signal]

GitHub Issue Cleanup:
See #7598 for more information.