Hackers are using a fake Android app named ‘SafeChat’ to infect devices with spyware malware that steals call logs, texts, and GPS locations from phones.
The Android spyware is suspected to be a variant of “Coverlm,” which steals data from communication apps such as Telegram, Signal, WhatsApp, Viber, and Facebook Messenger.
The signal user data is only phone number and the date when the account was created iirc.
The malware is running on the user’s phone. There it has access to all of the data, including message contents. Doesn’t matter how secure the server and message encryption are.
Signal’s servers were not comprimised. And like you said that would only give them a minimal dataset.