Google Project Zero researcher Natalie Silvanovich discovered a logical vulnerability in the Signal messaging app for Android that could allow malicious caller to force a call to be answered at the receiver's end without requiring his/her interaction.
The problem with Signal and other Messengers like WhatsApp/Telegram is that they're not only NOT decentralized, but they are also asking for a soft KYC in form of your Mobile Number. And in ~150 countries you have to identify yourself in order to get a Sim Card. It's a mess in my opinion.
If you're looking for a working alternative, checkout Jami. Their approach is to decentralize as much as possible! Only thing it's missing at this point are group chats, but according to the devs this feature is being worked on, and they hope to deliver at Q1 2020.