A prerequisite for security is free software. Critical applications like the Silent Circle ones are proprietary, afaict. I have zero trust in the Blackphone and would not purchase one.
This Verge article [1] says “The company will open source the vast majority of its code for the phone in order for third parties to properly audit its techniques, find holes, and ultimately help to improve the product.”
I've talked to Silent Circle at conferences and what not. It is not like they have some crypto noob working on their project...They have Phil Zimmerman.
But, knowing nothing about them, when I asked them ``How does your protocol compare to TextSecure's Axolotl?'' the response was ``We have Phil Zimmerman''. So....I'm still a bit put off by them.
As someone who works at Silent Circle (though not someone who can speak FOR SC), I'd say "Axolotl and SCIMP are both very good". Also, I don't know who you talked to, but keep in mind that not everyone working for SC is technical and can explain (or sometimes even knows) what Axolotl is/how it works.
That would be nice if they liberated some of the code. However, "vast majority" is another way of saying that the phone runs proprietary software. I think Replicant is still the only Android distribution that has the ability to provide any sort of real security to its users.
The irony is that bad crypto like this is worse than no crypto. It is probably more valuable to specifically target users of this phone because they "have something to hide".
They aren't developed in the open (they're opened up in certain releases), but the protocols themselves are open. The server software is proprietary, but the servers don't see any plain-text data.
Even if the protocol guarantees that they don't see unencrypted data? Do you feel the same way about all the internet relay servers between your client and the server?
1. http://www.theverge.com/2014/2/24/5441642/blackphone-silent-...