I agree that this is a risk for basically any networked app, but can't we distinguish whether this is an active concern or a hypothetical one?
In order to actually provide your messages to Facebook, the app needs to either call home when you view the message or write the cleartext somewhere on-device to send home later. If you view the message and then the app calls out with data we can't inspect, or writes something locally that we can't inspect, it could potentially be exfiltrating the message you viewed. If not... am I missing an attack vector, or is that message safe?
(To be precise: this would only prove forward secrecy, meaning safety for that viewing of that message. If we can't see the app's code, it could have testbench cutouts like Volkswagen or WannaCry, or more likely could only trigger for certain users or in certain cases à la Greyball.)
In order to actually provide your messages to Facebook, the app needs to either call home when you view the message or write the cleartext somewhere on-device to send home later. If you view the message and then the app calls out with data we can't inspect, or writes something locally that we can't inspect, it could potentially be exfiltrating the message you viewed. If not... am I missing an attack vector, or is that message safe?
(To be precise: this would only prove forward secrecy, meaning safety for that viewing of that message. If we can't see the app's code, it could have testbench cutouts like Volkswagen or WannaCry, or more likely could only trigger for certain users or in certain cases à la Greyball.)