Secure/push messages in +CyanogenMod
We've been focusing on data security lately; +Steve Kondik
got the ball rolling with Privacy Guard. And obviously, recent events have made privacy concerns a global discussion.
The Privacy Guard contribution is the philosophy I like to to see in these types of data security implementations: seamless protection of the user data. If it's a pain to use, or if it breaks third party apps, it's going to be a negative experience, and we're doing it wrong.
One of the interesting developments of the past couple weeks is that iMessage, is not snoopable by a third party, not even Apple (or so they would have you believe ;).
Regardless of whether that is true; I love the design philosophy of iMessage: it works transparently, and encrypts the user's message between iOS users and fails over to SMS as needed. Frictionless.
I'd thrown a poll out there, to see what sort of cohesiveness +CyanogenMod
users have. Surprisingly high. Many +CyanogenMod
text a lot with other +CyanogenMod
(Which makes sense, as our growth to 7M users is entirely organic and word of mouth)
Anyways, TL;DR. I've built out a secure/push based messaging plugin for CyanogenMod. Messages between two CyanogenMod will be encrypted end to end and sent over GCM. It's built into the framework; so it works transparently, even with third party apps.
(This is actually one of the cooler points IMO, and I do a lot of testing with GoSMS, etc)
It's basically PGP (encryption + authenticity) for text messages, built into the system.
There are two minor changes to the telephony and framework to support this:
Add Middleware hooks to IccSmsInterfaceManagerProxy. This allows a sent SMS message to be intercepted and rewritten or sent over another transport.http://review.cyanogenmod.org/44464
Add other various framework support bits (new permissions). Grant system apps priority in case of ordered broadcast priority tie.http://review.cyanogenmod.org/44545
Here's the source for the app/plugin, which is still under heavy development.https://github.com/koush/PushSms
At this point, I'm looking to get some feedback, discussion, thoughts, etc on this project. Not ready for active testing yet.