Red bearded Hacker - he/hisSo a 15 year old discovered a vuln that seems technically to be with how Content Delivery Networks cache content for apps like Signal and Discord.
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117
It creates a significant risk of De-anonymization.
There's no surefire mitigation available, apps are playing the "not my problem not my feature" game.
There are some settings - at least in Signal - that might be able to help mitigate some of the risk of exposure. Again, no silver bullet here, but given the technical details and how the attack is delivered, I think these settings might help.
Summary of Signal Messenger settings recommendations:
-Notifications should be turned off, or set to not display name or message content.
-Phone number should be set to nobody, and who can find you by the phone number should be set to nobody.
-This one doesn't really relate to the vuln but is good added security - requiring you use your full android device unlock to access Signal after switching apps, in case of theft of the device etc.
-Unchecked boxes for images, audio, video, and documents to be automatically downloaded over mobile data on Signal messenger.
-Unchecked boxes for content downloads when using Wi-Fi
All GNU social JP content and data are available under the