Signal-android: Easy mixup of personal and group conversations leaks sensitive information to wrong people

• [x] I have searched open and closed issues for duplicates
• [x] I am submitting a bug report for existing functionality that does not work as intended
• [x] I have read https://github.com/signalapp/Signal-Android/wiki/Submitting-useful-bug-reports
• [x] This isn't a feature request or a discussion topic

Bug description

There is a common _usability bug_ of Signal. Lets say you are getting a Signal message on your mobile. You select the notification message, switching to your Signal app, opening the conversation. You now see the last part of the conversation dialogue between you and this single person. You now answer the message of that person, writing things that are meant to be read only by that single person. Just after sending the message (or never?) you realize that you just sent this message to a group chat of many people whose conversation happens to be filled with messages of you and the other person as long as your screen view/history is showing.

Therefore, you accidentally sent a personal message to a group conversation which is a common bug I notice many times.

You assumed, that you wrote your message in a private conversation because you have seen only one person's answers. Other people did not write for a longer period of time to that group conversation. You could have read the header information where you could have seen that this is not a person-to-person conversation. However, you concentrate on the bottom of the screen, where the received message could be seen and answer right below it. Therefore, it is easy to overlook the group chat header when answering a message in Signal. There is no other distinction between group and personal conversations.

(This bug was issues before as https://github.com/signalapp/Signal-Android/issues/7158 and got closed due to spring cleaning and a changed template)

Steps to reproduce

The situation in a private chat:

• switch to a person-to-person conversation with person X
• you see the most recent chat messages of X and yourself
• you can answer right away and the message get sent to X

Now the situation in a group chat:

• now switch to a group conversation where X is part of as well
• the most recent messages are only from you and X
• it is easy to assume that this is a private chat between you and X: you only see messages from X and yourself, the lower part of the screen looks the same in group chats and in private chats:
  
  
  
  • input field
  
  
  • default text hint
  
  
  • send button
  
  
  • style
  
  
• As a result, private text messages get sent to a group chat

Actual result: Private message get sent to a group of people.
Expected result: User should have recognized that the message is about to be sent to a group of people and not to a private chat.

For a messaging app that emphasizes the importance of privacy, sending sensitive private information to a group of people by accident is considered an important issue IMO. Since there are easy to implement technical solutions to prevent this (see below), this is considered a bug and not a feature request.

Device info

Device: OnePlus 5
Android version: 8.0.0
Signal version: 4.17.5

Possible mitigations

There are multiple possible ways to fix this issue. A distinct background color is one which seemed to be a low-hanging fruit in terms of quick-fix because this features exists in the personal conversation settings and not in the group conversation settings for no obvious reason. However, there is still the issue that Signal might give away "red" for an arbitrary personal conversation but this only leads to you looking more closely to the header, realizing that it is save to write personal stuff in this conversation.

Changing the "Signal message" default text of the input line would be another possibility although in my opinion, this is too subtle. I don't think that users do read this default text any more. Things like that is likely to be ignored just like banner ads are being ignored easily despite their prominent use of color or animation.

I do think that changing the send-button to something like a send button that graphically includes multiple smaller send buttons or multiple of those paper-plane-symbols would be a very good distinction. IMHO this would be easy to notice and easy to explain: multiple paper-plane symbols reflect multiple messages that are sent out to multiple Signal clients.