Websites often enforce HTTPS to prevent snooping of sensitive input. Is there something equivalent while uploading files from local disk onto a desktop app, say the desktop version of Signal?
When I upload a file onto Signal's desktop app, where all does my file travel through? At any stage of that process, can anyone intercept that file?
What ensures that my media isn't being snooped on during the upload process?
Commonly, the same mechanisms as in the browser. Very often applications use a API made available over https. It's cheap to implement, well supported and fairly robust.
Even if not using http, it's common to use TLS to secure the traffic. This includes protocols such as imaps, smtp+starttls and so forth. TLS is a common and widely supported protocol, that can be implemented quickly and robustly in application with custom protocols.
In the case of Signal, it's an electron app. That app runs some javascript, which carries out end to end-encryption. This means that you don't upload any cleartext to Signal's servers, you encrypt it with the recipients key, before uploading it - so even someone able to read the TLS channel will not know the content; the app it self is encrypting content before handing it to the transport layer. In addition to https, it uses E2E-encryption over for instance UDP for transporting voice calls.
