So this is where we find out the one end of e2e is the phone and not the app.

Semi-related, in whatsapp reading the text in the notification doesn't mark the message as read, so the OS is kinda mitm here.

Signal creates the notification, does it not? That's like claiming `echo "my_private_data" | notify-send` is insecure.

If piping encrypted content resulted in a plaintext notification then you'd have a right to be concerned.

	▲	coldtea 5 hours ago \| parent \| next [-]
		What prevents the phone from taking screenshots of you reading the messages in the app? The actual one end is the phone, not the app, period.
	▲	6thbit 3 hours ago \| parent \| prev [-]
		Exactly yes, and that is insecure here because the app relayed the message beyond its layer and ownership. Thus not making the app the end of the communication.