[zenoprax]

Signal creates the notification, does it not? That's like claiming `echo "my_private_data" | notify-send` is insecure.

If piping encrypted content resulted in a plaintext notification then you'd have a right to be concerned.

[coldtea]

What prevents the phone from taking screenshots of you reading the messages in the app?

The actual one end is the phone, not the app, period.

[6thbit]

Exactly yes, and that is insecure here because the app relayed the message beyond its layer and ownership. Thus not making the app the end of the communication.