Enabling the advisory mode by default seems like a mistake, at least with the current UI. It is so unobtrusive that it carries a very distinct implication of <i>"we've looked into this for you, and you don't need to worry about it"</i>, which is not the case. The iconography of the shield also implies this - it says "Signal is protecting you".<p>The message probably needs to be more explicit: <i>"Voltairine de Cleyre isn't using the same safety numbers anymore. Probably this contact just has a new phone or reinstalled Signal, but you might want to confirm the new safety numbers with them."</i>. And the accompanying icon should be an ! or ? or something.
One features that Threema has is that you can see that you have verified the other persons key. I think Signal should have that too. If the other person reinstalls you just drop down back to a lower trust level.<p>Threema does it with 3 dots red, orange ad green, but other versions of this might be experented with.
One of Signals worst problems is that it entirely relies on Google to not provide a malicious APK during initial installation of the app.<p>(Yes, it is open source, but most people don't have the knowledge or time to compile software themselves)<p>I still think Signal is one of the best secure messengers though.
The problem is non security minded users probably won't take the time to verify the numbers in the first place. They should look into a method that verifies identities without user interaction. Possibly by having signal store users public keys after they verify their phone numbers or better yet provide users with signed certificates for verification purposes.
There was something weird going on when I set up Signal for my partner today. She had downloaded and installed Signal through the play store and we tried to scan and exchange safety numbers. My phone gave me the message that <i>her</i> version was outdated. The other way around gave her the same message.<p>When I updated my version it all worked out.