Then you shouldn't trust PGP, because it's the same guy. ZRTP, the underlying protocol, uses ephemeral session keys, so unless the Android app is bugged to send the keys to their servers, they can't decrypt your calls. You pay Silent Circle for the infrastructure that routes your calls, that's about it.