Prepare to be harassed by governments (including US) for releasing this. As soon as some activist uses this they will come after you. As soon as a criminal uses it, they will have a smear campaign ready to denounce this effort as 'aiding terrorist' or 'child abusers'.
It appears that moxie has already been heavily harassed by the US gov for unknown reasons, prior to this software release. So, I'm not really sure he will be that concerned with your warning.
While Tor and RedPhone might be considered to be in the same class of consumer security software, I don't think it's fair to draw comparisons to Appelbaum.
The comments on the Play Store page are just precious. The best one is this "Dave - 1 star - You people are retards. You can not place an end to end fone [sic] call with this. It will go through towers enabling anybody on the right frequency to hear"
RedPhone uses a really interesting system. The first time you initiate a call with someone redphone displays a word that is based on the keys exchanged.
Each user talks about the word and confirms they got the same word, thereby verifying that there is no man in the middle.
The assumption is that it is hard for an attacker to forge and inject a believable conversation into an ongoing real time conversation.
This is call SAS or Short Authenticated Strings and I believe it was introduced in the paper 'Secure Communications over Insecure Channels Based on Short Authenticated Strings' (the pdf can be found off of google). You can read about it here: http://en.wikipedia.org/wiki/ZRTP#Authentication
Read "Encryption Protocols" (uses ZRTP -see rfc6189- for key negotiation). Although I'm not sure I understand what is this about, I didn't notice at first it is VoIP :)
From browsing the source and referencing the architecture section of the wiki ( https://github.com/WhisperSystems/RedPhone/wiki/Architecture... ), there is a RedPhone master server (master.whispersystems.org:31337) and a relay server (relay.whispersystems.org:31337) that the phone will use during the course of all phone calls.
Apparently, most cell phone network providers disallow direct peer-to-peer communication, thus the relay server is necessary to complete this kind of encrypted call. All of your encrypted voice data will pass through the relay server, so there isn't going to be much privacy in terms of who you are talking to at what times, but the contents of your voice call won't be revealed.
This would also make me feel more comfortable and I think it would also remove some of the risk from whispersys if others could use their own servers. According to the app's privacy policy, all numbers dialed via the app are logged. http://whispersys.com/privacy.html
See what they did and do with Jacob Appelbaum