I haven't directly explored the source for either in little while, so I should take a new look. I might be a little out of date, but the things that I have seen second hand recently confirmed my earlier conclusions.
Like I recently saw an announcement from Wire that calls are now secure, but they had been advertising them as secure all along! I had even spent time looking through the code but didn't know that calls weren't authenticated. Now are they really secure? I don't know, they said that before too, and the source is so hard to follow. Then I saw a post that showed they weren't even doing cert pinning, which is so basic.
I wanted to like it, but the more I looked the more I felt like "security" was just sprinkled on as an after thought.
Like I recently saw an announcement from Wire that calls are now secure, but they had been advertising them as secure all along! I had even spent time looking through the code but didn't know that calls weren't authenticated. Now are they really secure? I don't know, they said that before too, and the source is so hard to follow. Then I saw a post that showed they weren't even doing cert pinning, which is so basic.
I wanted to like it, but the more I looked the more I felt like "security" was just sprinkled on as an after thought.