Aral BalkanRE: https://infosec.exchange/@molytov/116376968214888959
Gee, maybe Signal shouldn’t keep harassing people to turn on notifications and take no for an answer?
Thoughts, @Mer__edith?
David Chisnall (*Now with 50% more sarcasm!*)Note that simply turning on notifications is not sufficient for this exploit route to work, you must also allow notifications to be shown on the home screen.
If you do this, then anyone with physical access to your device will see messages as they arrive, so your threat model must exclude people who can see your screen. If your threat model excludes people who can see your screen, it should probably also exclude people who can connect to the OS and extract system state from the device.
EDIT: This in no way invalidates your points about consent. Signal should really do better.