There are a few reasons why I think it has to be at the app itself.
In order to be actually secure, all conversions must be encrypted, without exception.
OTR is one channel method of encrypting text, but it isn't the only method. For example using PGP over text messages is also a plugin for pidgin. Competing standards means your ven diagram of people and chat protocols now gets an entire new axis of encrption method.
Metadata is data. Without seeing the message content, it is still valuable to see who is talking to who and when.
There are always tradeoffs. While OTR may be more verifiable secure, it's difficultly hiders adoption. A balance has to be reached with ease of use and security. If it is easy to get it wrong then people will have a false sense of security. That is strictly worse than no actual security.
There are a few reasons why I think it has to be at the app itself.
I agree it needs to be in an app, just not the app that is created by the service the person is using. Missing today is a universal chat app that can speak to all the services using standard chat protocols and standard authentication mechanisms. All the popular apps today appear to be highly proprietary and in some cases the vendor will even state that using an unapproved client is forbidden.
In order to be actually secure, all conversions must be encrypted, without exception.
OTR is one channel method of encrypting text, but it isn't the only method. For example using PGP over text messages is also a plugin for pidgin. Competing standards means your ven diagram of people and chat protocols now gets an entire new axis of encrption method.
Metadata is data. Without seeing the message content, it is still valuable to see who is talking to who and when.
There are always tradeoffs. While OTR may be more verifiable secure, it's difficultly hiders adoption. A balance has to be reached with ease of use and security. If it is easy to get it wrong then people will have a false sense of security. That is strictly worse than no actual security.