Even if you thought that SGX was bulletproof and pins were impossible to brute force, instead of just being 'better than what most other apps use' what possible justification is there for outright lying to users by claiming that their app doesn't collect any sensitive data when it does?

Signal is advertised and recommended to some extremely vulnerable people whose lives/freedom depend on their security. Signal owes users a clear explanation of the risks that come from the use of their software so that whistleblowers, journalists, and activists can make informed choices. Lying to those users is disgusting.

Seen most charitably, the fact that the very first line of their privacy policy page is an outright lie might be intended as a dead canary to warn users away as loudly as they can, but even in that case I'll be happy to say it plainly: Signal shouldn't be trusted.