At this point Android is such a privacy hell hole that creating a secure messaging app will be doomed to fail. It matter little if the app and its protocols are secure if the device is rooted or otherwise exploited and typed conversations can be siphoned which would expose both the sender and the receiver. The receiver might be an iOS device, causing the communication security/privacy integrity of an iOS user to be at the mercy of any Android device.
iOS messaging apps need an option to warn the sender (or block delivery) when the receiver has non-iOS devices, e.g. in a specific group context with sensitive data.
There is a difference between a security flaw and insecure by design as with Android. One simple example is how third party keyboards work on both platforms. First the user has to install the keyboard, then explicitly go to settings to use it and even then it doesn’t have network access by default. The user has to go back into settings to give it network access and iOS gives you a big scary warning.
Even then, iOS will switch back to the standard keyboard when you type into a password field.
It isn’t “impossible.” People have been analyzing assembly language programs and hacking them since the dawn of personal computers. How do you think Google has been able to find exploits in iOS? I have no idea why people think that assembly language is the language of wizards.
Between the binary blob drivers that the OEMs don’t even have access to and Google Play Services, Android is equally hard to audit.
