In the early days of the iPhone, there was a vulnerability that allowed you to jailbreak your phone by visiting a specific web site. IIRC it was some vulnerability in the TIFF handling code. The same vulnerability could have been used to silently install spyware with root level access. No need to break signal's crypto if you can just silently capture screenshots.

It's not hard to imagine some foreign intelligence agency is sitting on some severe zero-day vulnerability, waiting to use it on very high value targets, such as senior administration staff.

You don’t have to imagine. This is a billion dollar intel industry that pays out millions of dollars for vulns, and charges corrupt governments more for access to hack their citizens most private data.

Those unscrupulous enough to sell the vulnerability to the exploiters, there is gold. Of course we would rather they did the right thing and got the bugs fixed.

> No need to break signal's crypto if you can just silently capture screenshots.

This is also something that comes up with esoteric cryptography schemes. There are systems designed so that you could theoretically deny whatever property, but in reality, the bad guy looks at your phone and believes whatever is on the screen anyway.

One could, in theory, run Signal on a dedicated device without any other app. Not that it's likely in this case! The lack of access controls is a limitation of the Signal app, since it's not part of the intended purpose to use it for classified data there's no support for the functionality classified-data communications programs need. The insecurity of the device it runs on could be solved without the Signal Foundation releasing a new version, the lack of centralized access control can't be.