On mobile there are various options. The apps which are likely to be most secure are ones which have end-to-end encryption enabled by default and which can also be onion routed via Orbot. End-to-end encryption secures the content of the message and onion routing obscures the metadata, making it hard for a passive adversary to know who is communicating with who.
Signal has end-to-end encryption, but depends on a single server and requires a phone number for the account creation. Available on iOS and Android, and has a desktop client you can tether your phone with. It can do secure text, audio and video calls, as well as multiple types of attachments.
Briar has end-to-end encryption, and will natively use Tor over the Internet to anonymize your traffic. Also has the ability to sync communication across Bluetooth and local WiFi if Internet is censored (can be useful in a public demonstration). Doesn’t depend on a phone number or any personally-identifiable info to use. Available only on Android, no desktop client and no backup features yet so your identity isn’t portable across devices. The network is entirely decentralized. It only does secure text communication and picture transfer, no video or audio.
Matrix (Element) is a federated secure communication network, and has end-to-end encryption available. You can create an account without any email address or phone number (optional to ties those for easier discovery amongst your contact through the Vector ID Network), and you can host your own federated instance if you want. Mobile, desktop and web clients available, and you can add trusted devices to your account quite easily, making the account and existing communications easy to transfer across devices. You can route the mobile app through Orbot on Android if you want to add another layer of anonymity. It can do secure text, audio and video calls, as well as including attachments.
I think that summarizes well the three I’m most familiar with.
If you are thinking about Signal, think Wire instead. It is similar, but does not require a phone number and is not based in a 5 eyes territory.
Wire’s holdings are in USA, though. I quit using Wire immediately back then.
Signal is completely open source, has reproducible builds on Android, and uses “sealed sender” so they cant see who’s sending messages, just who the intended recipient is. Why would I use Wire when its hard enough to get people to switch to Signal, the most secure messenger, which also happens to be free?
Wire is open source too. https://github.com/wireapp/wire
IIRC both the server and client code is open source. But I don’t know if that can be easily proven.
I didn’t know about “sealed sender”. Sounds great. Though TBH it doesn’t seem to be working (yet) on my account. Have you actually tested it?
I’m not sure sealed sender is enough to compensate all signal’s other failings. Let’s wait and see.
IMO … this is all a false choice.
If there are too many choices, none will gain critical mass, and all will fail. The key is bridging. Once your messager can bridge to a few other secure messagers (and to email) then it stands a chance of taking on facebook.