Ok, so cops have this tool called Cellbrite they use to automate collecting data off of cell phones that they physically posses and are unlocked.
Turns out, Cellbrite has shite security, which means that you can drop an otherwise-inert file somewhere in your phone's system that, if scanned, will inject itself and allow arbitrary code execution on their Cellbrite device. I.E, you can make their hardware do literally anything you want, including compromising any data the device collects.
And in what they describe as unrelated news, Signal will start occasionally and randomly stashing some inert files in installations on established accounts.
https://signal.org/blog/cellebrite-vulnerabilities/