[erikb]

You must worry by yourself if the key from the other person is trustworthy. If you let the software do it, you need to trust the software developers, the software providers (how did you install the software?), etc. Therefore taking key management out of the hands of the users might increase usability, but it automatically decreases security.

[exelius]

In many cases, this is an acceptable trade-off. Security is not one size fits all; your average user cannot afford to be NSA-level paranoid. Otherwise we would spend all of our time verifying keys and not actually doing anything.

[erikb]

True. But he will think he is NSA safe, if he uses an App on his iPhone with the word Secure in the name. And this is actually what many of the Apps out there are promising without being able to say for sure themselves.

[exelius]

You can't protect people who aren't willing to put in a little effort to verify the programs they use are safe. Security is all about trust, and you shouldn't trust an unknown entity. But if such a product came from Microsoft or Google, the user would have more faith that it's secure.