For a security app, it's pretty rational to need to be updated. One of the most common patterns in basically every technological attack is to take a freshly discovered vulnerability and target devices that haven't been updated yet.

  > they want an app that never NEEDS to be updated

That requires the programmer to be omniscient and clairvoyant.

You can get pretty close if you're in a static environment like a machine that never connects to the internet and the hardware never changes and no other software on the machine changes, but neither a phone nor a communication platform allow for that.

They use the phone to do their person vetting. It helps reduce bots because you have to have phone numbers[0]. It's not perfect but it does create a barrier to entry. That's unfortunately how security works, there's nothing impenetrable, there are only things that make certain things harder. The best security is where something is impracticable, not impossible (e.g. brute forcing a large password is not impossible, but it is impracticable). But at the same time you run into problems like that.

[0] They also use it as a means to help with the social graph. Building a social graph is pretty difficult and you don't want to do it completely from scratch. This is the same reason social media wants you to import your phone contacts and email contacts. The difference is that the "side benefit" to that is that they get data harvesting rather than security.

  | > We're unable to provide a specific timeline. 
  > I'm not sure if it's true, but it feels a bit suspect.

It's because Signal doesn't track metadata. The reason they can't tell you a specific date is that they don't know how to associate your physical name with your Signal account. The information is unavailable to them! Which is the whole point of Signal.

Honestly, the best solution to this would have been to buy a cheap phone or something like a VOIP number. I don't know your situation but it seems like it is not that easy to go a year without a phone number. I definitely think Signal should do better in this but I don't think the result is unreasonable. It brings up an edge case they probably didn't consider but having a phone number "abandoned" for a year sounds like it is a very low probability situation. Being reliant on phone numbers they also have to garbage collect, right? Because a phone number is not a unique identification to a person for their life. So while I do agree your situation sucks and is very frustrating I hope you can recognize that it is (from my best guess) a very unlikely situation. That the phone number is being sat on but unused and that the squatting is happening by a legitimate person rather than a scammer.

They can do better, for sure, but I don't think I'd judge a platform harshly by the results of an extremely odd outlier situation.

The problem is that you're not only putting yourself at risk when you don't update.

You're putting everyone who you've talked to at risk. I don't know about you, but I prefer not having to worry about whether I'm communicating with someone whose installation can easily be pwned by any halfway incompetent attacker.

  > update or not shouldn't be taken away from users.

So turn off auto-update? You can do this everywhere except iOS.

  > Let users make the trade off between those downsides and the risk of zero days.

Those trade-offs are that if your version is too old (protocol has been updated several times and you are out of the lifetime) then you can no longer communicate with those who have updated as you will make their communications insecure.

If you don't want to update, that's fine. But your preference for not updating doesn't get to override my preference for secure communication. It is literally the whole point of Signal... if you don't want security and privacy then don't use Signal, that's your choice and no one is forcing you to use the app.

Then signal must be very insecure, poorly coded app in first place, that needs to updated every or every other day. They also don't give any explanation of what that updates are.

  > update thats infected by some government trojan?

Or even just a hacker!

Unfortunately you don't. But this is true for ANY app.

Fortunately, Signal is open source. So you can go read the lines of code. Unfortunately this is a lot of work. But fortunately if you believe a certain checkpoint is secure (your current install) you only need to read the new things. You can also build from source if you don't trust the app store.

Fortunately with open source you also get the benefit of others. Maybe you don't look through everything, but there's definitely other people looking through some things. And with something like Signal, you can be pretty certain that there will be a big uproar if something devious is pushed.

You always need trust, unfortunately. But with closed source you have to trust one entity and get no way to verify. With open source you have to trust very few and can even verify yourself.

Email has been updated many times in the last 20 years. All of the major sender authentication protocols (SPF, DKIM, DMARC) were created and deployed over the last 20 years. Email is also famously insecure and lacking a standard way of managing encryption - so the reason you never see updates is because the features signal is changing do not exist in email at all.

You're running 2005 versions of your mail-daemon in prod?