The main development of Signal recently went on record to state that Signal app doesn’t have its own encryption at rest, which is a departure from its predessor TextSecure which did claim to have encryption at rest natively.
Furthermore, the decision was made at the highest level by none other than the main dev Moxie himself to force all users to update to the new version of Signal that has passcode lock entirely removed in favor of less secure fingerprint unlocking which also loses certain legal protections afforded by the use of passcodes in some jurisdictions.
All this comes on the heels of Signal accepting 20 million dollars from Facebook subsidiary in recent months and apparently the developer Moxie is immediately closing and then locking any and all github posts related to or making any mention of the recent unusual changes and removal of passcode functionality. Instead he merely states that it’s a topic and conversation to be had on the official Signal forums, yet anyone who tries to bring it up there also immediately gets shut down, locked and altogether disappeared.
Of notable is that fact that this major change and removal of passcode functionality in favor of coerced fingerprint locking was neglected to be mentioned in the published changelogs, yet another departure from common sense for a supposedly privacy app that puts security first.