Shared publicly  - 
 
CM Secure Messaging and TextSecure 

"We are partnering with @Moxie from TextSecure to build this solution. He is building an iOS app [and] also going to be helping out on the Android side to build an Android equivalent into CM, as well as a standalone [app for the] Android Market...We hope that making this cross-platform will make this a lot easier for users to use this seamless messaging." - Koush

"By making this seamless into the framework, this will work regardless of the text messaging application you use, [on CyanogenMod] including all Third party apps". - Cyanogen

Tune into the +Geek.com interview for more info on the future of CM and security in the mobile space!
494
73
CyanogenMod's profile photoDavid Collett's profile photoSam Hetchler's profile photoTarun Bhengra's profile photo
66 comments
 
So this would work with Google voice ?
 
+Tam Nguyen Google Voice operates over their own messaging protocol outside of the SMS Provider - so no. 
 
I think that's a bit misleading. The encryption won't work in all cases, if the receiver isn't using an app on their side which supports the feature, and if they are on a different ROM, it'll fall back to no encryption, right? Both parties have to ensure each is using a compatible solution, isn't that right? I think that disclaimer needs to be there.
 
So will I be able to message from android to iOS and it be encrypted? 
 
The encryption will work with all available Android SMS apps EXCEPT Google Voice because it uses a different protocol. 
 
+Johan Bart Only on CyanogenMod. If said apps are running on say, a stock Samsung ROM, it won't work.
 
CM -- y'all are the righteous dudes of our day!
 
+Johan Bart, that's not really true at all. Many ROMs pull some commits from CM, as CM does from other ROMs, but several of the other big-names like PA and AOKP aren't CM-based.

And, to be clear, this encryption will work between all CM ROMs, but not when the recipient or sender is using a ROM that doesn't support this feature.
 
+Bill Puckering But if they use the Standalone app in development on Samsung's Stock OS, it will work. I understand what you are saying in regards to the SMS fallback, but that has been mentioned since this feature's first announcement. 

The gap being addressed is for secure messaging to family/friends/relatives not on CM or even those using iOS. 
 
+Johan Bart Most of the popular community ROMs are based on CM or borrow features from it, which is a good thing, but this doesn't do any good for people who stick with what the manufacturer provides, which is unfortunately, the case for most people.
 
+Sam Stuewe the hope is that we can convince the other ROMs that this is beneficial (or at the least, not harmful) to them as well. For those that don't build this into their OS, the standalone app will still allow their users to benefit. 
 
+Abhisek Devkota Oh absolutely, a standalone app on the stock ROM would work, I know that. But you need to ensure the party you are communicating with is actually using it, or is willing to switch from what they were using before and were comfortable with over to it. Therein lies the challenge.

I doubt most of my friends would switch messaging apps just because I ask them to. None of them really care about security. So my hands are tied due to their limitation of communication with myself.
 
Many features built by CM have been incorporated into Android -- the users who stick with what the manufacturer provides will get these features [edit: eventually] but CM users will be first in line.
 
+Gabriel Duke They will get it in the form of a standalone app they will need to be convinced to switch to. Which I hope is what will indeed happen with most people. Because if not those of us communicating with them don't see the benefit even if we're doing what we can on our side.

Honestly, I wish Google would just take CM's changes and merge them into the main framework.
 
+Bill Puckering Agreed, its a hurdle. At this point, we hope that educating our user base (likely the 'tech influencers' of their families/friends) will help us over come that. Yes, its a narrow and more grass-roots approach, but word-of-mouth is a powerful tool. 

In the future we hope this, or something like this, becomes the de-facto standard. For now, we will attempt to cover as many people as we can. 
 
"an Android standalone Market app" like F-Droid?
 
+Hugo Roy You misread; "standalone app for the Market" meaning a downloadable app in the Play store (or possibly third party markets). 

Not a replacement Market application. 
 
+Abhisek Devkota I share your hopes :D Keep on keeping on, and thanks for all the work and dedication you guys have shown towards this end.
 
+Bill Puckering I see where you're coming from. Yeah -- I suppose that those who are excited for new security features will not need convincing, and those who are not concerned, the new features won't really apply to. This is  my take at least. I think it's pretty fantastic that they're building out the option more than anything, it's up to the user to decide what to do with it.
 
Yay, a new venue for me to discuss completely inane things securely! Don't want any of those drug guys hacking my texts to try and find where I live so they can sell me some stinky stanky, nope.
 
Meh just for cm users only feel like a ploy to me. Instead of trying make it universal for all rom either cm or aosp , its only specific to cm based roms. Just helping cm community and not android community imo
 
+Andre Saddler Did you read the OP? 

1) Patches are available and were shared early for all source built ROMs
2) iOS app to allow non-Android user support for encryption
3) Standalone app in market for non-rooted/stock/stock-rooted users

Yep. Sounds pretty small to me too. 
 
This is great! Built into cm along with Apple Store and Playstore apps for other support is outstanding!
 
So this new functionality will be built on TextSecure? Or is it a whole new protocol?
 
Very cool guys. I love that you're trying to make it cross-platform solution.
 
+Gabriel Duke "First in Line". More like never joined the queue. Moxie released TextSecure nearly 3 years ago but who cared about privacy then? and also Red Phone for secure calling without changing your dialler app, anyone can download them Today!
https://play.google.com/store/apps/developer?id=Open+Whisper+Systems 

Here's the man ( moxie ) himself explaining what's what with the ideas behind it
Defcon 18 Changing threats to privacy Moxie Marlinspike Part

+Abhisek Devkota Just feels like it's being sent by carrier pigeon sometimes... Not tonight however... anyone got a light :D
 
+Abhisek Devkota Pfft, I mean that only covers like 90% of the smartphone user base. Seems pretty small to me. ;)

Also, if using carrier pigeons, RFC 2549 (IP over Avian Carriers with Quality of Service) is definitely the way to go. Then just layer a VPN on top of that. ;)
 
At least use the correct "Play Store" name, not "Android Market". :S
 
+Björn Lundén LOL, That is Genius, also the fact that it amends an earlier memo from 1990. Brilliant! 

+Gabriel Duke ahh I see what you've done there, very clever. Semantics  #ftw   ;) 
 
Oh, and more on topic, I can just see it now:

"This app has been rejected from the App Store as it duplicates one or more core iOS functions"
 
Could this be integrated even on tablets, using gcm to push an SMS between the user's tablet and phone? 
 
Does this work with WhatsApp too?
 
Long time user first time caller :-)

I love your Rom, I use it via the PACman combined Rom now and really like how you go to great lengths to make something good rather than "good enough".

You should try to build encryption like RedPhone into the calling system (without the central server though) of you can since you're already working with the same developers (I think).

And since kind of indicator in both would be nice so you know for sure whether or not the session is secure.

Nonetheless awesome job staying vigilant for the privacy of your users.
 
Amazing news - glad you guys looked into OTR and Moxie's apps. By the way, if you could implement RedPhone as the main dialer of CyanogenMod, that would be great, too! You could even work with Moxie to add video capability for it as well.
 
And/Or integrate TOR into the networking system.
 
Great thanks for the good work.
 
Will it be compatible with TextSecure?
 
I'm more interested in knowing if it will initiate encrypted sessions with Text Secure even if you don't have Text Secure.
 
Name it "PRISM" or "NSA" or "Facebook". 
 
Is there any way for those non CM users who use the standalone app, to incorporate this into the framework or merge it to the default msg app? I would love to be able to maybe flash a modified messaging.apk or something of the similar and have it then just be a part of my sms. I hate using third party messaging apps so I'm a huge fan of the integration. 
 
+Andy Schilder  - The TextSecure app is already in the market.  I imagine it would be compatable.
 
I understand it is compatible. I asked if it would be able to be incorporated into the ORIGINAL messaging app. I'm not sure how but perhaps using a flash able zip to modify or replace messaging.apk
I really hate third party messaging apps. I can't stand a single one. And so id really love this integration into the standard sms app.

So i was just suggesting maybe a modified messaging.apk in a flash able zip or something for those that don't want a second texting app
Translate
TS Yew
 
+Felix Stu. I think this only applies to regular SMS. 

Anyway, I think most people would be more interested in the fact that this feature allows texting over data/wifi while invisibly integrating into a normal SMS convo, rather than the security part. 
 
Can we get a Windows Phone App too? Seemless, first secure truly multi OS compatible messaging system.
 
This messaging app has to be a lot more than secure to be successful. It has to be user friendly, beautiful, and fast. It has to be packed with an awesome UI and cool features. Don't forget that. 
Add a comment...