WikiLeaks: Signal communications vulnerable on unlocked devices?

[tomblenz]

If this is the wrong place for this, sorry, please close.

I was reading more about the recent WikiLeaks dump and noticed this from a Q&A section in an article.

Q: The documents suggest that the CIA can access information in encrypted messaging apps like WhatsApp and Signal. I thought they were safe from even government spying?

A: No system is perfect. The documents describe ways to get information in those apps on Android devices, but only after gaining full control of those phones.

Even if the method is not yet available/disclosed, I thought it may be prudent to have a discussion (or at least an open issue) on the matter. If there's any way these leaks can highlight shortfalls in Signal and thus help to improve its information security, there may be some good from it.

[nrizzio]

The community forum is the place for this kind of general discussion, and you're in luck because there's already a thread about this topic there: https://whispersystems.discoursehosting.net/t/cia-ios-and-android-backdoor-revealed-does-it-affect-signal-protocol-apps/844/

In short:

Signal and the Signal Protocol are not compromised. These leaks are confirmation that ubiquitous encryption provided by WhatsApp and Signal are forcing intelligence agencies to use malware, pushing them from undetectable mass surveillance to high risk targeted attacks.