It's also ironic that the community fixing something for a security issue isn't going to help much since almost all the users rely on the app stores (Play Store in this case, since it seems like this is Android specific) for updates and wouldn't get any fixes unless they're tech savvy or until the developer (Signal) pushes the update to the Play Store and Google approves it.