A quick skim of the referenced document did not show where NIST recommended against the use of deterministic IVs. The document actually spends a significant amount of text in discussing how one would do such a thing. Did I miss something?
>Lack of forward secrecy
The article mentions that the key is forgotten when you close the app. Probably enough forward secrecy for most people.
>Since AES-CBC is used alongside PKCS7 padding, it is possible that the use of this encryption on its own would be susceptible to an AES-CBC padding oracle, which can lead to recovery of the encrypted plaintext.
This is a messaging app. Is there actually an available oracle? Does the implementation even generate a padding error?
[1] https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpubli...