[spullara]

If the app and service were not involved the only reason to mention them is to create doubt they are secure.

[daenney]

Not necessarily. To a lot of people encryption is "using Signal" or "using WhatsApp". They don't necessarily understand that these are distinct things and that their communications could still be captured by virtue of simply using a phone.

[rising-sky]

"The strongest chain will break at it's weakest point".

If I as a user, believe that a sequence of actions, from my keystrokes to voice input, which I perceive to be a direct interaction with a secure app are in fact insecure, then is the app really secure?

I guess that's the question being posed here

[ballenf]

There is a balance -- one is reminded of the constant "data charged may apply" footnote to so many free services. The same goes here: you really shouldn't tout your impenetrable security without also informing users that things external to the service may undermine its utility.

[spullara]

Also make sure no one is looking over your shoulder or listening nearby. "Signal encryption bypasssed by new look over shoulder attack."

[accountface]

I think it's a little different when the person "looking over your shoulder" is omnipotent.

[accountface]

The OS these services run on isn't secure, so wouldn't these services by definition not be secure?