When your threat model is "someone on the network intercepting messages", it doesn't matter if you control the hardware. When your threat model is "someone owns my device", it still doesn't matter if you control the hardware, because, in that scenario, Apple is the bad actor you're trying to protect against.

There's no scenario where a third party has compromised your phone without Apple's collaboration, which is the only scenario where the secure enclave would maybe protect you (and even then, the bad actor would just read your messages off the screen or memory directly).

In principle you can do the same thing of having keys in a secure enclave that can only be accessed if the bootloader and OS were signed with an appropriate key and not revoked. In practice there would certainly be a larger attack surface because you've now got n different hardware secure enclaves, n different bootloaders, and n different OS implementations, and a flaw in any one of them is potentially all that an attacker needs. Would you allow apple to apply a high standard and e.g. blacklist manufacturers who repeatedly had holes in their implementation? Would you trust Huawei's implementation to not have a hidden backdoor accessible only to the Chinese state and not discoverable otherwise? (Do you trust Apple's implementation to not have the same for the US/Israel?)

Safety wise, Signal (or PGP email) on GrapheneOS is probably as good as it gets since it's all audited free open source code.

AFAIK, Signal doesn’t provide any way to prove its application were built from non-modified audited free open source code. Indeed there are evidences it behaves “a bit” differently.

So unless you’ve built application by yourself, you have no guarantee of it’s sequrity.

Signal is centralised protocol, which is main weakness. Instead, use decentralised, federated solution like matrix.org.

PGP is impractical for regular email communication unfortunately and pointless on platform like gmail.

Signal is thin server ephemeral, matrix is thin client strongly persistent. They have securiry tradeoffs as different as they can be.

I didn't know Signal app had access to a secure enclave chip.

Apple's marketing buzzword silicon did nothing to shield Apple users against highly motivated and capable adversaries [1]. When the underlying OS is compromised (and with closed source OSes there is no way to ascertain) there is nothing that will save you.

[1] https://en.m.wikipedia.org/wiki/Pegasus_(spyware)

That is not the definition of secure.

It's not, but it's a feature that makes it incomparable to iMessage.

I don't see how.

I don't see how integration with a special separated chip designed specifically to increase cryptographic security can't make a difference.

That just means you lack imagination. "special chip specifically designed to increase cryptographic security" means nothing and says nothing. You may as well go ahead and toss in some "military grade" in there too since it's just free words, throw in as many as you want.

It doesn't show how it actually is the only or best way to attain the goal.

And since Apple's implimentation is a black box whos internal workings are not under the users control and not auditable by anyone outside of Apple, it's automatically less secure, in the sense that you should trust it less than some other equivalent that is under the users control and publicly auditable, or just some other mechanism entirely if no other such open platform enclave implimentation exists.

Signal or anything else that doesn't use the secure enclave may indeed be, or may not be less secure than something that does use the secure enclave. The simple existence and use of the enclave does not automatically define superior or inferior security. It also possible that anything else might be less secure, but only on iPhones because or limitations Apple imposes on everything on the platform except for themselves, which I don't think should count.

It's also possible to devise a mechnaism that benefits from the enclave without needing to use the enclave directly. All software on the device can rely on trusting the OS to keep one app from reading another app, because they can trust that the OS itsef can only come from Apple and the bootloader woukld refuse to boot anything else, etc.

There are infinite ways to attain any goal. The way Apple designed their secure enclave and os platform is just one way.

Yeah but android devices don't have it at all, so Signal on Android can't use it.

So what? Android also doesn't have a tyre inflator, so apps on Android can't use it.

Indeed, and that makes Android OS incomparable to tire inflator firmware. Just like Signal is incomparable to iMessage.

Incorrect.

Orthogonal facets are orthogonal.

If we are talking about the security of a messaging system, then the only thing that matters to compare, is the security of the messaging system, not any particular implimentation detail.

All messaging systems are "comparable". If one relies on a secure enclave and one does not, it's hardly any more different than if one is painted yellow and one is painted green.

Messaging apps on phones painted blue and with tyre inflators are exactly "comparable" to ones on phones painted yellow with secure enclaves.