Do you think so? The app provides a "Safety Number" and QR code with built-in scanner to verify that yup, your device and their device have nobody in the middle. It has a visible reminder that you checked this person's actual identity (if you did) and a message appears if the keys change. If you are "rigidly adhering" to protocol your response should be to arrange an in-person meet-up to reconfirm, not "New phone? Cool".
I agree that verification is easy. I think they have softened the warnings and behavior surrounding key changes to accommodate their users that have virtually no understanding of crypto (i.e. the majority of people). It's an understandable position for them to take, but yes, in my opinion the alarm bells when a key unexpectedly changes are more oriented towards casual users than a (to paraphrase c7DJTLrn) Snowden-level user. For the latter, I expect behavior more similar to an OpenSSH key mismatch (which is quite a bit more strongly worded than Signal's).
Do you think so? The app provides a "Safety Number" and QR code with built-in scanner to verify that yup, your device and their device have nobody in the middle. It has a visible reminder that you checked this person's actual identity (if you did) and a message appears if the keys change. If you are "rigidly adhering" to protocol your response should be to arrange an in-person meet-up to reconfirm, not "New phone? Cool".