Approximately two weeks ago, Open Whisper Systems announced the merger of two of its Android apps, Redphone (secure calling) and TextSecure (encrypted messaging) into one: Signal for Android. This is a counterpart to Signal for iOS, created by the same team. A Chrome extension is forthcoming.
Signal has been getting a lot of love from the security community (Snowden, Schneier, etc) specifically for it's user-friendliness --- something that has prevented the adoption of other crypto software.
The encrypted messaging algorithm seems to be a version of OTR modified for asynchronous mobile environments. Some version of this has been implemented in CyanogenMod as WhisperPush and WhatsApp.
Their blog has a lot of nerdy crypto detail for those interested. For example: deniability, forward secrecy, calling network.
All of their code is open source and funded by donations. Donations are also possible using bitcoin. Accepted pull requests get a payout using another of their projects, Bithub (code).
(Score: 5, Insightful) by drgibbon on Friday November 20 2015, @02:46PM
Moxie is definitely not against free software, his concerns are security based. There's a thread on the Github tracker [github.com] where he explains why he prefers that F-Droid don't package Signal (back when it was TextSecure). Of course someone could just package it anyway, but ok, the guy has contributed a massive amount to security so people respect that. From what I remember, Moxie's main reasons are that he's against people checking "install apps from unknown sources" and he is also against the F-Droid centralised signing process. Actually OpenWhisper could just make their own F-Droid repo, but that would still mean that users need to install "unknown apps", which Moxie sees as a return to the "desktop security model". I can see where he's coming from, but I still think OpenWhisper should make their own F-Droid repo and release it quietly for the people who want it. However, what he doesn't want to see is geeks putting F-Droid on normal peoples' phones and checking "allow unknown apps" thus weakening security for those that don't know how to manage it. He would be happy to have APKs outside of the Play Store based on the conditions in this post [github.com], although I don't see how that gets around installing "unknown apps".
It's a bit of a hassle, but for myself I just build a version of Signal from source every now and then. They do at least make that process very easy.
Certified Soylent Fresh!