[Thorrez]

I agree. My point is that this isn't an "obvious hole in the whole E2E encryption setup", because no network actor (e.g. Google, Apple, Signal servers) can read the data.

This "hole" in E2E is the same as any malware on the device. If the device cannot be trusted, no form of E2E will work. The E2E encryption is functioning properly. The problem here is completely unrelated to E2E encryption. E.g. you could have a personal notes app that makes no network traffic, but generates notifications occasionally regarding your notes, and it could have this same problem, even though no messages are sent over the network, and in fact the phone could have all networking capabilities disabled and still have this problem.

>This makes sense and there's really no way around it without a change from Apple.

There is a bit of a workaround: Signal has a setting to not put message content in the notification. That fixes this AIUI.