The really hard part about encrypting communications is key distribution and validation (eg: validating that the public key for number 555-1234 actually belongs to Alice).
Key distribution isn't really something we're doing. Each user just keeps their own list of verified identities.
We're using the same system we inherited from TextSecure for encrypted SMS: Trust keys implicitly on first use, while encouraging users to verify them out of band.
The verification is handled by providing a screen that has your identity and what you think the recipient's identity is. If the recipient's identity matches what your app says and vice-versa, then you know you're talking to the right person.
Ideally, the verification would be done in-person or via another secure means of communication. Currently you can verify identities by just reading them out, or via QR code.
We're using the same system we inherited from TextSecure for encrypted SMS: Trust keys implicitly on first use, while encouraging users to verify them out of band.
The verification is handled by providing a screen that has your identity and what you think the recipient's identity is. If the recipient's identity matches what your app says and vice-versa, then you know you're talking to the right person.
Ideally, the verification would be done in-person or via another secure means of communication. Currently you can verify identities by just reading them out, or via QR code.