Isn't that what a Diffie–Hellman key exchange takes care of?
There's an algorithm so we each generate a public and private key on our own devices. We each send each other our public keys, but our private keys remain a secret. Using the algorithm my public key and your private key generate the same code as your public key and my private key. Then we use that code to encrypt our communications.
If someone intercepts both of our public keys, but doesn't have either of our private keys, then they can't decode the messages.
Yes, you're right. After thinking about it some more it isn't really a problem with key generation, the problem is whether the platform you're using actually uses a secure key generation method without a backdoor. Very easy for them to put in some code to make a copy of the key for recovery in the event that government requested access to your data. If you trust that the app has implemented a secure key exchange without a backdoor that would be fine.
If you want to be absolutely sure the government couldn't decrypt the communication then I still think generating your own key is simpler and easier. I'm definitely not a security expert so maybe I'm wrong, but I still think if people really want to be able to communicate securely then someone just needs to write an open source app that provide an encryption\decryption app that sends the encrypted data over regular channels like SMS and email. Simple, secure, and easy to read through the code and verify no back door.
Also, when designing an app you can really only get 2 out 3 when it comes to ease of use, functionality, and security. If you want to design something that is extremely secure with lots of functionality, then it will likely not be very easy to use. Stick with something simple and secure, easy as possible for non-tech people to use.
Isn't that what a Diffie–Hellman key exchange takes care of?
There's an algorithm so we each generate a public and private key on our own devices. We each send each other our public keys, but our private keys remain a secret. Using the algorithm my public key and your private key generate the same code as your public key and my private key. Then we use that code to encrypt our communications.
If someone intercepts both of our public keys, but doesn't have either of our private keys, then they can't decode the messages.
Yes, you're right. After thinking about it some more it isn't really a problem with key generation, the problem is whether the platform you're using actually uses a secure key generation method without a backdoor. Very easy for them to put in some code to make a copy of the key for recovery in the event that government requested access to your data. If you trust that the app has implemented a secure key exchange without a backdoor that would be fine.
If you want to be absolutely sure the government couldn't decrypt the communication then I still think generating your own key is simpler and easier. I'm definitely not a security expert so maybe I'm wrong, but I still think if people really want to be able to communicate securely then someone just needs to write an open source app that provide an encryption\decryption app that sends the encrypted data over regular channels like SMS and email. Simple, secure, and easy to read through the code and verify no back door.
Also, when designing an app you can really only get 2 out 3 when it comes to ease of use, functionality, and security. If you want to design something that is extremely secure with lots of functionality, then it will likely not be very easy to use. Stick with something simple and secure, easy as possible for non-tech people to use.