Laypersons summary of the @signalapp situation:

Old folks in your town normally go into the bank to deposit their money. This is time-consuming, but relatively safe. The bank gets a new ATM- saves the bank time and money, the bank tells all the old folks the machine is secure.

Unfortunately, the machine does not require a card, the keypad is not recessed and is clearly visible from the street- old folks start losing their pension payments.

Bank says "not our problem- the machine itself is secure, there is no vulnerability, we can't stop all crime".

The community (and my) position is, even if the machine itself is secure, the system you are advertising as secure is not. Calling it secure is at best a lie by omission, at worst a dangerous deception. At a minimum, install a shield over the keypad and warn of the risk.

This app- @signalapp advertises itself as secure. Western journalists in China forgo safer legacy methods of contacting sources for the convenience of using it. Because of an undisclosed vulnerability, it is not secure for most Chinese sources- who have been detained as a result.

Western journalists are reluctant to inform Chinese sources or even discuss the issue because no source is going to use an obviously compromised messaging platform- and then journalists would have to go back to old fashioned legwork- or not get the story at all.

As a person who was repeatedly put at risk by Western media, I have a problem with this- although no one else seems to. The whole "we don't hate the Chinese people, just the government" line, is clearly a load of horse shit when they are routinely doing stuff like this to us.