Not exactly a request for help at this point, more an observation and possible warning. I can’t replicate but will see what happens at the next update.
Using default FP3+ with A10 1032 update.
I had a notification, on the lock screen, there was an update for Signal
I tapped on the option to update and once it was done the phone was unlocked, clearly a security issue. Updated to 5.26.11
I’ve had a quick look on signal related sites but no reference to it yet.
So was this messege from the respective store used? else there should not be any messages popping up for updates of an app
Is there an internal updater in the signal apk app version?
Not completely related, but also not completely off-topic:
You could probably use Molly, a fork of Signal, which is available at F-Droid via their repo.
No. Which is why its recommended to use a software repository instead.
Seems like there is, contrary to JeroenH’s opinion.
I am pretty sure there is.
According to the Signal support page “How do I ensure Signal is up to date?” one has to activate Auto-update apps in the g$$gle playstore app.
I guess, that’s something different from an inbuilt updater; isn’t it? 
Because that setting would auto-update all the apps and not just Signal.
yes.
in my opinion it is better to use Molly or Langis anyway because of the Google Play Services restrictions.
For myself, I am only using Molly…
The problem with using something non-Signal like Molly or Langis, which uses Signal’s network is that you are breaking Signal’s ToS and they are free to boot you off the network. That may or may not happen.
Molly has his to say about it:
Personally, I would use it if I was using say LOS + microG. But don’t complain when it has repercussions…
Yes, that’s an external updater, dependent on a third-party framework (Google Play Services). F-Droid would also be a third-party framework. You want to centralize this kind of stuff because 1001 update services is a nightmare to maintain (ie. why we have libraries and abstraction layers in the software world)