Signal received a big injection of capital recently and in the last few months we are seeing more movements with new updates. One of the novelties has not been very well received and there are a general piss for that PIN security protocol.
Signal's new PIN system forces users to create one and enter it multiple times for the purpose of storing your encrypted profile, contacts and settings in the cloud. In fact, they have already made a manifesto presenting their complaint for Signal to attend to.
The concern comes because Signal does not explain well the use and purpose of that PIN which has the goal of keeping that data encrypted in the cloud. That is, the app does not attend to any explanation related to the use of this new PIN to carry that data.
For us to understand, this PIN is not used to access the app. It has been created with two uses in mind. One of them is optional and it is used so that if someone acquires your phone number and try to register it through Signal, it will be blocked for 7 days without the PIN.
The second use is like a second layer of security for stored data on the Signal servers. We already know that they take the privacy and security of user data very seriously. To give an example of this second use. Currently if you use the desktop app and you go a few days without checking new messages, it may take a few minutes for it to sync to show the new ones. Thanks to this PIN, it can be displayed immediately without that delay of minutes.
As one Signal user comments, the problem lies more in naming this code as the PIN and that confuses users. We will see if Signal launches a statement or looks for a way to improve this new experience to add more security to this messaging app.