[Zak]

> Does Pegasus help governments read messages from Telegram? Signal?

Yes. It attempts privilege escalation and exfiltrates whatever message contents it can from multiple apps. Signal has some potential resistance to that since messages are encrypted in transit and at rest. The easiest weak link would be displaying message content in notifications, which is optional in Signal.

https://en.wikipedia.org/wiki/Pegasus_(spyware)

[arduanika]

Interesting, thanks. I guess I'll carry on feeling marginally superior for choosing Signal over the others as my default, while remaining bleak about the overall landscape.

[Zak]

Pegasus tries to get root on your phone. If it succeeds, it could theoretically read message content or decryption keys right out of RAM and Signal doesn't have many options to defend itself.

If it doesn't, it tries to get additional permissions by other means, including asking the user for them. If it gets permission to read notifications and Signal is set to show message content in notifications, then it can exfiltrate your Signal messages. Your messages might be safe otherwise.