According to a late-September bug report from Google’s Project Zero team, an issue with the popular covert messaging app Signal, on Android, allowed any attacker to essentially eavesdrop on a person’s device (via audio, not video).
from Lifehacker https://ift.tt/31PV4CB
https://ift.tt/2IuZjMe