Wickr is not open source. An implementation of its crypto protocol is available on Github, for review only.
Wickr and Signal have protocols with similar goals (in that Signal invented the goals/service model of all modern secure messaging protocols). Wickr's is clunkier and based on NIST primitives. Signal's protocol has been received peer review "organically"; it's important enough to be an academic target. Wickr has paid to have competent cryptographers review it.
I'd have a strong preference for Signal Protocol over Wickr's but, unlike something like Telegram, I wouldn't see the cryptographic gap between the two as dispositive in and of itself. Wickr is cryptographically "fine".
The bigger concern for me --- and this applies to all secure messaging systems, not just Wickr --- is that Signal remains unique in its fanatical avoidance of serverside metadata. Signal has deferred core messaging features simply to avoid collecting user data in a database. User profiles are a good example, now resolved, but the canonical one is "usernames instead of phone numbers", which looks like it'll be resolved this year.
Compare that to something like Wire, which effectively keeps a database of every person that any other person on Wire has talked to. It's not doing that because Wire is evil, but rather because Wire wants things like contact lists to work seamlessly across devices. That's understandable but is a major privacy tradeoff.
As I understand it, Wickr is better than Wire in this regard, but worse than Signal.
Wickr and Signal have protocols with similar goals (in that Signal invented the goals/service model of all modern secure messaging protocols). Wickr's is clunkier and based on NIST primitives. Signal's protocol has been received peer review "organically"; it's important enough to be an academic target. Wickr has paid to have competent cryptographers review it.
I'd have a strong preference for Signal Protocol over Wickr's but, unlike something like Telegram, I wouldn't see the cryptographic gap between the two as dispositive in and of itself. Wickr is cryptographically "fine".
The bigger concern for me --- and this applies to all secure messaging systems, not just Wickr --- is that Signal remains unique in its fanatical avoidance of serverside metadata. Signal has deferred core messaging features simply to avoid collecting user data in a database. User profiles are a good example, now resolved, but the canonical one is "usernames instead of phone numbers", which looks like it'll be resolved this year.
Compare that to something like Wire, which effectively keeps a database of every person that any other person on Wire has talked to. It's not doing that because Wire is evil, but rather because Wire wants things like contact lists to work seamlessly across devices. That's understandable but is a major privacy tradeoff.
As I understand it, Wickr is better than Wire in this regard, but worse than Signal.