Secure & anonymous communication with an encrypted phone
Previously I sold cryptophones for closed circles, the basis of them was Google Nexus 5X and view Google Nexus 6P, the firmware was based on the sources of Copperhead OS (which today should not be used anymore) stripped of all unnecessary, defaults to absolute paranoid. With only two Apps on the phone. A slight modified Conversation App to avoid users can communicate unencrypted, and use OMEMO by default. And the second CSipSimple to use ZRTP. In the beginning, all data went through a VPN(IPsec) to the ejabber and kamailio to servers in Russia. But some customers wanted to use the cheap sim cards from Vodafone which blocked VPN, so I had a lot of stress because of the stubbornness to save some cents instead of being safer. How in this time it was my main customer the VPN felt. Still, XMPP and SIP connection were encrypted by TLS with own CA. Never you should let choose the user the security level, because he will rely on the SECURE written on the package and do all to all to get the product most comfortable while sacrificing easily any security measure coming in his way. When you sell a crypto product, you sell them, in reality, the get not murdered, tortured or locked up card, not the product itself.
It doesn't help 99% of the users to sell them a hammer and a nail to put a painting on the wall when in reality the requirement is to avoid the painting falling to the ground and break. You need to make sure that the painting sticks to the wall whatever happens. They need not know if you use hammer and nail or screws or even two component glue, important is that the painting will be safe. So make it simply impossible to fall, because most users don't understand at all how it works, but they trust their life on your product. This is the important point, they trust you with their life, so priority is to protect there life. Never sacrifice security for comfort! Keep it as simple as possible, but not simpler.
Because users frequently don't use strong passwords, I generated a fairly strong password for them before delivering the phone with the advice to memorize it and tell me to destroy it when memorized. Actually, in the beginning, I destroyed them ad hoc, but how it was not possible to recover a phone without password, and it happened a lot that they forgot. This was one of my worse decisions. I had not should have customers password at all from the beginning. If I would produce today another time secure phones I would do it like the Green App, generating their password on first use, making sure they have a recovery code written down, instructions how to store this recovery code safe.
Some other thoughts I still have to elaborate are: Is there a secure way to make all communication decentralized, at least distributed? How to make the user independent of the organization selling the phone, because an attacker will ever try to or even use leverage against the manufacturer if he can't attack the target on itself. TorChat had been maybe an option if there is a way to solve the problem that the longer you are online increase the possibility to discover the hidden service real IP(device/location), with XMPP it would only be known to the ejabberd (and not even to ejabberd if connected via tor). Another thought (which only works for asynchronous communication) is AAM or similar.