I think jsiepkes addressed this quite well in a sibling comment:
>Shouldn't Signal then also warn or refuse to work on Android versions with known vulnerabilities? Or if there are apps installed on the device with the accessibility permission?
I don't see how this is related... In this case they are talking about known vulnerabilities on specific Android versions. Here we are not talking about a specific vulnerability but about the way Android works and how custom keyboards function.
Perhaps the accessibility permissions are relevant. If Signal could detect these settings and warn the customer if these settings are egregiously open, that would be a valuable feature in my opinion. To me, support for older versions of Android sound like an entirely different discussion.
Signal does include the "incognito" function[0]; Signal is already taking some steps to address the issue. However I'd argue that many people have likely forgotten that they ever installed a custom keyboard and if it was pre-installed on their phone they may not be aware of it.
>Shouldn't Signal then also warn or refuse to work on Android versions with known vulnerabilities? Or if there are apps installed on the device with the accessibility permission?
>Where would you say the line should be drawn?