[arduanika]

> The UAE government owns majority holdings in telecom companies Etisalat and Du. This gives security services the power to observe all communications on their networks.

> The Arab state has also used the Israeli-developed software Pegasus which allows agents to listen into private calls and read messages, even if they are shared on encrypted apps like WhatsApp,.

This seems to be the key part from a tech standpoint. Notice that it doesn't come out and say whether Pegasus played a part in this particular arrest, or the telecoms, or both, but it seems to be implied.

Also, I'm intrigued by the punctuation error at the end: "...like WhatsApp,." Did an earlier draft go on to list others? Does Pegasus help governments read messages from Telegram? Signal? It would be interesting to know more.

[Zak]

> Does Pegasus help governments read messages from Telegram? Signal?

Yes. It attempts privilege escalation and exfiltrates whatever message contents it can from multiple apps. Signal has some potential resistance to that since messages are encrypted in transit and at rest. The easiest weak link would be displaying message content in notifications, which is optional in Signal.

https://en.wikipedia.org/wiki/Pegasus_(spyware)

[arduanika]

Interesting, thanks. I guess I'll carry on feeling marginally superior for choosing Signal over the others as my default, while remaining bleak about the overall landscape.

[Zak]

Pegasus tries to get root on your phone. If it succeeds, it could theoretically read message content or decryption keys right out of RAM and Signal doesn't have many options to defend itself.

If it doesn't, it tries to get additional permissions by other means, including asking the user for them. If it gets permission to read notifications and Signal is set to show message content in notifications, then it can exfiltrate your Signal messages. Your messages might be safe otherwise.