The French government is working on a law (notably as part of the “narcotraffic” bill) that would force encrypted messaging apps like Signal to introduce backdoors, allowing authorities to access content. Meredith Whittaker, president of the Signal Foundation, has already stated publicly that if this law passes, Signal would leave France rather than compromise its security.
Concretely, “leaving France” likely means Signal would no longer be available officially on app stores, namely Apple’s App Store and Google’s Play Store, for users in France. On Android, it’s not a big deal: you can still download the APK file directly from Signal’s official website or other sources and install it manually. There are alternatives to bypass the Play Store.
But for iOS users, it’s a different story. The App Store is the only official way to install apps on an iPhone or iPad, and Apple locks down its system. If Signal disappears from the French App Store, how will iOS users manage to keep using or updating the app? What do you think?
Or is there another solution, like Matrix perhaps?
I am trying to find the original law proposal in text format, but in the meantime I did not find anything from Signal or Ms. Whittaker about this law (found things related to Sweden but not France).
Would you have a link I can look up?
Edit: found the bill for anyone interested (in French, sorry)
Unlike Apple, Signal would actually leave a country if they are threatened with forced decryption like this.
It would unfortunately reduce the likelihood of people using Signal if only Android users could use Signal with each other.
I’d be surprised if it was forced through. In several countries, Signal is used by various military and police units, and sometimes government departments, so I would guess it’s like that in France too. At one time I worked for a European institution (which included France as a member), and it was official policy to use Signal for work-related messaging.
They would be shooting themselves in the foot if they forced Signal to leave the country. But politicians do stupid things all the time, so maybe they will be that stupid.
After reading the bill and the requested amendments, the issue lies with Article 8ter, which from my understanding makes it so that technical or contractual constraints (such as encryption) cannot be used as defence to refuse to provide intel to the French law enforcement once a dedicated judge approves of the use of “special investigation techniques”.
There already are 9 requests to delete said article, and one request to change the language used in said amendment to allow technical contraints as defense to refuse providing encrypted data (the reasoning being that encryption is done on-device so it is not relevant to the entity (Signal, Telegram, etc…).
Funnily enough basically all political parties from the left-wing LFI to strong-right-wing RN have requested the deletion of this article!
To answer the original question, aren’t you able to sideload to iOS in the EU?
Signal could make a tutorial to install the app, or even join the Epic Game Store (that would be quite funny).
It wouldn’t be easy to setup for many people, but I guess if you really want to install Signal you may be motivated enough to ask a friend/family member or follow some kind of official guide.
Edit: (sorry forgot to quote the original message)
Comparison to Apple is not really fair. Signals only product is E2EE messaging. Apple offers a massive array of products, many unaffected by such a law.
Most likely Apple reaction to this law will be similar to how they treat China and the UK. They will pull E2EE services entirely from the French market. So good luck FaceTiming or sending an iMessage to a French person.
Also WTF is going on where UK, France, and China are all on the same horrific page from a privacy perspective.
What’s got into these countries? Why do they keep ignoring the security experts that say “There can’t be a backdoor only for the good guys”?
It feels both dystopian and incredibly counterintuitive.
Privacy lately feels like one step forward and two steps back…
My speculation is two fold. The first is the political systems being different, European Parliamentary systems work a lot faster/easier at changing laws than the U.S. two-party system.
The second seems to be partly cultural. In Europe if they have a problem their first reaction is always to make a rule/regulation/law about it.
In the U.S. the natural reaction to every problem is to assume there is some magical technological solution that just takes a big enough check to unlock.
Well, it’s easy to write laws about back doors, it’s technically impossible to actually make one no matter how big the check is. So here we are.
Also the U.S. seems to have a bigger inherent suspicion of government power that makes this kind of thing politically toxic if it gets enough attention.
2025 is on track to becoming the worst year for privacy.
For some reason, most people here forget that Apple is a hardware company, not a software company. Apple is more like Tesla than Google and Microsoft. I live in a third-world country where iPhones are pretty popular but nobody uses iMessage and FaceTime. No one here will bat an eye if Apple pulls these services.
US already has worse laws like Patriot Act, FISA surveillance, etc. Let us not forget “small government” is a fairy-tale American libertarians play as they fall to sleep, not a reality. Europe also seems to be following the old playbook they always did. It is good to remember that “liberal” world order is a fairly new invention, and surveillance and espionage is the default everywhere.
European countries have all the same surveillance powers the U.S. has for non-E2EE data. They are now also directly attacking the right to encryption for their citizens.
I don’t have any concern in the U.S. of Signal or TOR or ADP or Proton mail being outlawed. People in the U.K., Sweden, France, and the entire EU cannot say the same.
This is not an attack on Europe, this is just pointing out the facts and playing “everyone sucks” cards is counter productive.
Shaming European politicians by pointing out they are hurting privacy far more than the U.S. can be an effective political tool for change. Don’t take that tool out of the tool box because it’s fun to complain about America.
Stating opinion as fact does not make it a fact. UK’s snoopers bill is objectively better compared to US NSL, FISA, and Patriot Act (ignoring UK is not EU anyway). Even the current discussion is about a “potential” bill, compared to enacted law by the US. PRISM was an American issue, US initiated and leads 5 eyes+. Europe is going down a dark road, but similar bills are brought up and not passed every year in US senate and congress. The reason Signal and others are making these warnings is because this is atypical of Europe, and typical in the US. I would rather you look at the actual laws rather than third hand opinions passed off as facts.
Shaming europols should be done, but US high horse makes no sense and just shows ignorance of past and present. “Everyone sucks” is not the defeatist attitude you seem to think it is, it is an effort to make sure solutions proposed are not tied to assumptions about innocence of any national government, including US, Switzerland, or any EU country.
In response to the last query, for Sweden, the CEO retweeted something along those lines IIRC.
For France, I did not find anything from any official Signal account last time I checked and asked for a link (I don’t use social medias so I have no easy way go ceck right now).
That article is from five years ago, that law didn’t pass. Even if it did it would be struck down in the courts just like every other LE attempt to get backdoors. The 4th amendment is quite clear on this.
The lawful access requests from NSLs are no different than what European countries do today.
The issue is who I had active bans on E2EE today.
It ain’t the US and the U.S. government has condemned the UKs move on this.
