You generate a keypair. They generate a keypair. You swap public keys. Then you encrypt messages to each other using the other persons public key.
Of course, that is still vulnerable to an active MITM attack where somebody intercepts the initial key exchange and inserts their own keys. The app has a built in option to display your fingerprints so you can compare them if you meet the other person.
Even with this vulnerability, imagine if everyone started using it overnight... All of a sudden there wouldn't be millions (billions?) of new private messages stored in a bunch of databases every day. The telcos aren't going to perform an active MITM attack to decrypt peoples SMS.
If there are a lot of people start using this, I imagine some entities can easily force all the traffics through a system that will handshake on both sides and intercepting all the contents.
Of course, that is still vulnerable to an active MITM attack where somebody intercepts the initial key exchange and inserts their own keys. The app has a built in option to display your fingerprints so you can compare them if you meet the other person.
Even with this vulnerability, imagine if everyone started using it overnight... All of a sudden there wouldn't be millions (billions?) of new private messages stored in a bunch of databases every day. The telcos aren't going to perform an active MITM attack to decrypt peoples SMS.