Comment by KronisLV
19 hours ago
> …there's no guarantee that you could be certain of the accuracy of any information about this no matter what its source or apparent authenticity.
In any case like this, the only thing you could truly trust would be the source code and even then you’d have to be on the lookout for backdoors, which would definitely be beyond my own capability to spot.
In other words, the best bet is to probably only use open source solutions that have been audited and have a good track record, wherever available. Not that there are that many options when it comes to mobile OSes, although at least there are some for file storage and encryption.
Obviously, that's the ideal course of action but I'd reckon that in practice those who would have both a good understanding of the code as well as the intricacies/strengths of encryption algorithms and who also have need to send encrypted messages is vanishing small—except perhaps for some well-known government agencies.
Just because something you do today is legal and not a cause for scrutiny does not mean the same will be true tomorrow.
We have seen this many times throughout history, where people like academics, researchers, teachers, people of particular faith, etc are targeted and each of them has some sort of “evidence” produced as to some sort of crime they have committed either in the present or past to justify their arrest.
The group who needs it today may be small, but having it on and secure by default for all is a far better protection than any justification that the current need is small.