The fact that we have to trust TLS to deliver software doesn't automatically mean that we should trust it for secure messaging.
Also, I think App Store software delivery doesn't depend on only TLS, but also on Apple's signature. And you can visually verify that the source code downloaded from GitHub doesn't contain backdoors.
My knowledge on cryptography is next to nothing. Would you mind explaining to me what makes the case for secure messaging different than any other transfer through a secured HTTP connection? I also read a bit on OTR Messaging and the "Socialist Millionaires' Protocol" but just got even more confused.
It's not that messaging can't use TLS, of course, it can. I'm objecting to the absolute (if we don't trust TLS for messaging, we shouldn't trust it one-time download), e.g. see https://en.wikipedia.org/wiki/Threat_model
