I actually read into this recently. The app is open source and they hardcoded the token needed to decrypt archived messages into the app. So you could just look at the source code and take the key and decode anything anyone that used the app said. This is a purposeful backdoor installed into this version of signal that completely borks its cryptography lmao
Its also one of the only changes the app made to the source code so you can trivially look at the commit history for vulnerabilities and find it almost instantly.
I actually read into this recently. The app is open source and they hardcoded the token needed to decrypt archived messages into the app. So you could just look at the source code and take the key and decode anything anyone that used the app said. This is a purposeful backdoor installed into this version of signal that completely borks its cryptography lmao
Its also one of the only changes the app made to the source code so you can trivially look at the commit history for vulnerabilities and find it almost instantly.