Signal does encrypt your messages locally. Also Android supports file encryption you don't need to use full disk encryption anymore. Also I think the policy has changed in Android 10.
> All compatible Android devices newly launching with Android Q are required to encrypt user data, with no exceptions.
Signal traditionally had an easy to get encryption key for the local encryption. Now there is a PIN but I don't think it is any protection against having access to the disk. The signal people would prefer that that you deal with the end point security yourself, because they really can't do much there.
Indeed, the PIN is just for SVR. Exported message logs on Android use separate, client-generated, 30-digit, PINs.
Unless the OS+HW provide API for some sort of TPM, it's not possible to provide strong protection for app databases without asking for strong password every time the app is opened. Android has had some sort of sandboxing for a while but it's not comparable to secure enclaves etc. AFAIK.
> All compatible Android devices newly launching with Android Q are required to encrypt user data, with no exceptions.