Have you audited the code for Signal's app? Have you built and installed the app from that audited source?

Asking "have you audited the source" is such a meaningless question when you're not building from source (and auditing the compiler...), which practically nobody, not even HN users, are doing.

Please read Reflections on trusting trust and rethink what your threat model is, and what you consider "secure". https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p7...