CyanogenMod Brings System-wide Secure Messaging to Android Phones

December 13, 2013 | 04:00
CyanogenMod Brings System-wide Secure Messaging to Android Phones
CyanogenMod Brings System-wide Secure Messaging to Android Phones
CyanogenMod, a community built distribution of Android, has teamed up with Open WhisperSystems to provide user friendly cross-platform encrypted text messaging.

Usability and security do not play well together. Securing one's communications asks time and dedication of the user, an investment the majority is unwilling or unable to make. Because of this perceived lack of interest on the user side developers often favor usability over privacy and security features.

Or so the story goes.

But the unceasing onslaught of Snowden revelations causes this false dichotomy to rapidly disintegrate. Users are increasingly interested in privacy and security while developers have a growing sense of responsibility.

The announcement that CyanogenMod (CM) will support easy-to-use secure texting on the OS level is indicative of this paradigm shift. It sends the strong message that private and secure communications are not some remote cypherpunk dream but a matter of setting priorities.

The foundation of CMs security solution is TextSecure, an encrypted text messaging protocol developed by Open WhisperSystems which has been available as an Android app since 2010. In the CM firmware TextSecure has been integrated at the OS level enabling encrypted messaging by default. Users can install almost any SMS application on top of the firmware to communicate securely using a familiar interface with no additional hassles.

Messages between phones with CM or the TextSecure app installed are automatically encrypted. When no version of TextSecure is detected on the other phone the text app conforms to the insecure SMS standards and sends the message in plain-text.

TextSecure encrypts messages on your phone before sending them over the network. Conversations are stored encrypted on the phone in case the device itself falls into the wrong hands. An additional security feature was added this summer with the implementation perfect forward secrecy. With PFS enabled a new crypto key is generated for each message rather than using one key for several sessions. If a single key is used over an extended period of time and an attacker manages to retrieve it, the entire session history is compromised. PFS protects against such an attack by encrypting each message with an ephemeral key.

A TextSecure iOS app as well as a browser extension are in the making, lead developer Moxie Marlinspike said on his blog, making it a truly cross-platform protocol.

CM is a community built Android spin-off. The lean OS stripped of bloatware with extra features like support for WiFi thethering, started out on the XDA-developer forum when user Cyanogen (Steve Kondik) released new firmware for the HTC Dream phone. Since then dozens of contributers have nurtured CM into a full fledged OS available for many tablets and phones from brands like Samsung and LG. Recently CM announced it was going to continue as a company.

For newly founded CyanogenMod Inc it is all about pushing the paradigm shift. A representative of the company told The Verge in an email: 'We see this as a path to show that security and privacy are priorities in the mobile space. If the former mobile race was over specifications, and the current is over camera quality, we'd like to see the next race be over who can protect their users the most. If this means we are taking on the other major systems, or just feeding them ideas for their own implementation, the users win.'


Loading comments...
related items