The two have completely different goals, and SimpleX’s goal (anonymity) comes with difficulties such as not having typical “accounts”, which means no true simultaneous multi-device support.

GrapheneOS devs have a problem with this guy https://discuss.grapheneos.org/d/20165-response-to-dishonest-attacks-on-the-grapheneos-project-by-robert-braxman

So it looks like the protocol was audited, but I don’t know about the app or servers. https://www.pindrop.com/article/audit-signal-protocol-finds-secure-trustworthy/

Apparently this is a tough problem for mobile devices… GrapheneOS (security hardened OS based on Android) took months to fix a leak someone reported, and had to collaborate with the VPN app providers to do it https://github.com/GrapheneOS/os-issue-tracker/issues/3442