[square_usual]

Unless I'm reading this wrong, it seems like they have access to your data if they have access to your device. That doesn't seem like a "breach" to me - if someone has an "end" in the end-to-end encryption scheme, they almost certainly can access the data. (I don't use Signal, so I may be missing something specific here that makes a difference.)

[foolmeonce]

I would think all these infectionware companies bundle a lot of different attack strategies most or all of which are silly. Their goal as a business is bait and switch: they need to create enough PR of security experts saying they could have something, knowing any PR of good enough quality to raise eyebrows will get what is probably their only good attack fixed. By then the Orwellian Schools of America are buying and still get the cheesey leftovers in the bundle, so no refunds.