Phil knew PGP was less usable than it could be because it was an add-on to SMTP. It was always hard to use. That said, I'm encouraged by some of the folks looking at building new systems for message store systems that are secure. They will need new clients of course but that seems to be reasonable.
E-Mail has a moderately crappy experience on phones even without the security issues, so there's plenty of reason to build something new (with a new client) even if you're not worried about security.
The thing that terrifies me about trusting Silent Circle for anything real is that if you're only on mobile, there is a huge amount of evil either of two US companies (or anyone who can put pressure on them) can do to you, and it's essentially a black box. Basically every security guarantee a mobile app makes can be subverted by Apple, Google, potentially some of their suppliers, and anyone who either puts legal or technical pressure on them. It can be done to individuals, rather than some pervasive backdoor which could be uncovered. To some extent, mobile carriers, who are essentially an arm of government in many places, could also attack users.
Ubuntu Phone, Firefox mobile OS, etc. help in that they add more platforms, but don't seem to fundamentally improve security. The only thing which would really be viable, IMO, is a totally open hardware design and OS, where users get to pick their own update sources, and all the baseband crap essentially firewalled off into a little FCC-approved area which can't attack the rest of the device. And potentially with the entire baseband removable so you could have just a PDA, PDA+wifi/bt, or maybe in a future world, some novel radio protocols designed for protection from monitoring.
This was my reaction as well to Silent Circle. If the attacker can own your OS, who cares how secure the app is? Silent Circle may keep things encrypted while going over the fiber and the wires and the airwaves, but what comfort is that when the government can remotely turn on your mic or camera?
There is probably a way to use Android safely, and hopefully a way to use iOS safely -- some kind of firewalled/VPN'd network, proxying any public traffic, and periodic checks for that. You'd ideally verify each OS version before doing updates, and maybe even do some destructive teardowns. I assume NSA plans to do something similar when DOD does smartphone deployments. There's potentially the SE Android stuff, too, but that's largely orthogonal to this.
However, in the corporate BYOD world, or in the consumer world, it's probably not going to work.
