Signal is the world’s most widely used truly private messaging app, and our cryptographic technologies provide extra layers of privacy beyond the Signal app itself. Since launching in 2013, the Signal Protocol—our end-to-end encryption technology—has become the de facto standard for private commu...
Use Session instead. Open source, E2E encrypted, onion routed, no phone numbers. https://getsession.org/
Audited too. https://blog.quarkslab.com/resources/2021-05-04_audit-of-session-secure-messaging-application/20-08-Oxen-REP-v1.4.pdf
So, what would be the appeal compared to XMPP?
I will preface this with, I may be wrong, but as I understand it xmpp is just a protocol. One that, unless it’s been revised, imparts no encryption at all. Signal, and Session, are full architectures that enable all of the afrementioned features from my initial post including server and client.
Everything you might use relies on a protocol down the stack. XMPP happens to be the only one to date that is an internet standard (IETF), is extensible by design (past/present and future use-cases can be build into it, what makes it still relevant 25 years later), is federated (but not P2P, a good trade-off for mobile usage), has a diverse/multi-partite ecosystem of client and server implementers (sustainable and resilient), and is deployed successfully at scale (on billion of devices).
Today’s XMPP uses the same E2EE as Signal/WhatsApp/Matrix/… XMPP had end-to-end encryption 10 years before Signal was invented