… or why it’s useless to have the most secure crypto system in the world, when using non-free and untrustworthy tools and libraries to implement it.
Assuming you found a security issue in OpenWhisperSystems you consider worth to report privately, how do you do so? Check the whispersystems.org website, you won’t find an e-mail address other than one to apply for a job.
To use all the neat features from the microG project, which allows you to use all features of your Android smartphone without those shitty, proprietary battery-consuming Google blobs, your system is required to support signature spoofing. Currently only very few custom ROMs have built-in support for this feature, luckily you can use Xposed or a patching tool to add the feature to the systems that don’t have it.
But: What is all this about? Is signature spoofing a problem when not using microG? Will it influence my security?