On the contrary, the open source Signal Messenger A cryptographic assurance provides that only one current group member nominated as an admin can include new members. In an email, Kings College researcher Benjamin Dolling also explained:
The signal enforces “Cryptographic Group Management”. Almost this means that a group administrator, the user, signs a message on the posts of “Alice, Bob and Charlie in this group”. Then, everyone in the group decides who has to encrypt and who to accept messages based on these secrets signed messages, [meaning] Who accept as a group member. The system used by the signal is something different [than WhatsApp]Since, since [Signal] The server makes extra efforts to prevent group membership, but the basic principles remain the same.
At a high level, in the signal, groups are associated with group membership lists that are stored on the signal server. An administrator of this group developed a group master used to change the group’s membership list. In particular, the group is sent to other members of the group through a master’s signal, and so the server is not known. Thus, whenever an administrator wants to change the group (for example, invite another user), they need to make a latest membership list (certified with the group master), telling other users of the group who to include. Current users are informed about the change and their group list is updated, and perform proper cryptographic operations with the new member to start sending messages to new members as part of the current member group.
Most messaging apps, including signals, do not confirm the identity of their users. This means that there is no way that the signal can confirm that the person using an account called Alice is, in fact, Alice. It is fully possible that Melori can create an account and name it Alice. (On the one hand, and the strict contrast to the signal, the members of the account that belong to the WhatsApp group are visible to the internal, hackers, and for anyone.)