Cyanogenmod encrypting all text messages by default

12/09/2013 - 00:00

In July, Koush announced that CyanogenMod would be seeing integrated, system-wide secure messaging integration with compatibility with TextSecure. For those unfamiliar, TextSecure is an open-source cross-platform (iOS and Android) client that encrypts your SMS messages both locally, and over the air when sending to other TextSecure users. The application is maintained by Open WhisperSystems, and lead engineer Moxie Marlinspike.

Moxie is a veteran of open source software, cryptography and good encryption practices, and a privacy advocate. To learn more about him and his accomplishments check out his personal site and Wikipedia page. He’s also spent time as a speaker at DEFCON on multiple occasions.

Moxie has been the lead engineer on the CyanogenMod implementation of TextSecure, making sure the CM version is both secure and compatible with his existing services. Unique to the CM implementation is our SMS middleware functionality. This is the same code that allows for our Google Voice integration into any messaging application.

By leveraging this for our TextSecure implementation, we can extend the encrypted messaging functionality to nearly any SMS application you decide to use. Your messages to other CM or TextSecure users (regardless of iOS or Android) will automatically be encrypted and secured. In the event your receiving party isn’t on CM or using TextSecure, the implementation will silently fall back to a normal SMS message (unencrypted).

Today, we are launching our version initially into the CM 10.2 nightly stream to test the server load and make sure things are working at scale. Once things are dialed in, we’ll also enable this for CM 11 builds moving forward.

The source for this code is also being made public, and similar to what we did with CMAccount, we welcome outside audits of the cryptography. (1, 2)