Please authenticate with something that's not a phone number! I guess that's the simplest for most people (look at WhatsApp), but the reason why I use things like Signal is because I despise cell carriers. I'd like to use this on a (cheaper) non-cellular device (for myself and family members).
The Holy Grail of Secure Communications: Group Encrypted Text, Voice, and Video. Right now, Skype gives you the unholy grail, but you get all three (+group). I wish Open Whisper Systems luck.
nice. it requires a 3rd party FB, Google, AIM, ICQ, ippi, iptel or MSN account but it says they optionally use OTR.
Not 100% secure IMHO but close. Why do they have to rely on a 3rd party for authentication? This still gives (at least, if you manually enable OTR encryption) the connection data to the service providers.
I agree with that but to bring encryption close to end-users you will have to use something that's simple and everybody has.
Said that, I'm aware of the disadvantages - they should provide an alternative to the phone number too.
The market exists, but it's in its infancy. The Snowden revelations blew a hole wide open in the privacy market, and that's why you're starting to see more and more privacy companies opening. I suspect it won't be long before one of them (whisper?) offers a cross platform, encrypted group chat like you speak of. But these things take a while to build.
if mobile/tablet-only is OK, try wickr (wickr.com).
It works fairly well for me. They have a $100.000 bounty for someone who manages to break their code/get communication contents and they're sponsored by the EFF.
The downsides are that it's closed-source and that there's no desktop client (yet).
How do you know that the app published on the App Store is the same one you have the source code for? Can't I can just give you some source code then release something else entirely?
or download from a source you trust and compare hash from another trustworthy source. just like anything you download. unless you run gentoo, but then how do you trust your sources, etc
and if you have a closed source phone os that only allows to install from their store... well you have to learn to crawl before you walk.
B) hash checksums for everything, including the resulting binaries
You probably can't do this on iOS, but on Android you can have a third party app monitoring the changes, or simply disabling the automatic updates altogether.
Complete transparency from end to end would require more than just open source. You'd have to be able to build and run the software itself, which on an iPhone costs $99 a year to do and poses significant technical challenges. To go further you'd have to transparency at the hardware level as well. Your own device, built by you, with software you compiled yourself. Maybe then you'd achieve the level of security that you're aiming for, assuming you are competent enough to evaluate the software and hardware you are using.
It wouldn't be for iPhone. For Android it might work but you'd need a hardware platform you trust (one where you are sure no radio baseband processor is going to snoop at your memory any time it wants), use AOSP and then an open source app. Then also if there are any registration or routing services those would have to be open source as well.
The Holy Grail of Secure Communications: Group Encrypted Text, Voice, and Video. Right now, Skype gives you the unholy grail, but you get all three (+group). I wish Open Whisper Systems luck.