@Tutanota Ok, I think I have to describe the problem a bit better.
Even as you say that encryption takes place on device locally, device needs a way to get a public key of recipient. How does device do that? Right! By asking the server! But why the client should trust that it's really original key of recipient and not the replaced one by your server, guys?
Every really secure e2e messenger has a way to verify authenticity of second party. But your application has nothing to solve this.