09
Dec
c

The CyanogenMod team has been working on a secure messaging component for the popular ROM in recent months, and the time has come for some real world testing. The new encrypted WhisperPush messaging system is being rolled out to CyanogenMod 10.2 nightlies for compatibility and server load testing. If all goes as planned, it will reach the CM11 branch soon.

CyanogenMod's secure messaging is an implementation of TextSecure, a cross-platform encrypted SMS platform maintained by Open WhisperSystems. The CyanogenMod version of TextSecure is being handled by the lead engineer from Open WhisperSystem, Moxie Marlinspike. This isn't the same as just bundling an app with the ROM, though. CyanogenMod will implement SMS middleware powered by TextSecure to encrypt all messages sent to other CM or TextSecure users automatically. This allows you to use any SMS app and still get the benefits. If it's a regular number, your SMS will just be sent normally without encryption.

Once this technology is rolled out to all current versions of CyanogenMod users will have more secure messaging without any additional hassle. Cool, right? The source code is also being made public so interested parties can take a closer look at the cryptography.

[CyanogenMod Blog, Source Code 1, 2]

Ryan Whitwam
Ryan is a tech/science writer, skeptic, lover of all things electronic, and Android fan. In his spare time he reads golden-age sci-fi and sleeps, but rarely at the same time. His wife tolerates him as few would.

He's the author of a sci-fi novel called The Crooked City, which is available on Amazon and Google Play. http://goo.gl/WQIXBM

  • KingRando

    Used TextSecure to discuss some insider trading last week

    • blitz4075

      i told my buddy where to hide the body.

  • dogulas

    At this point, wouldn't encryption just call more attention to any messages sent by a cyanogenmod user? Until everyone is doing it, I don't see the benefit of it. The NSA either decrypts or stores all encrypted data they find.

    • h4rr4r

      They can't really be decrypting them if this is done correctly. If the leaks show us anything it is rather than cracking the encryption they get the providers to turn over the keys. The question here is can we be sure CM or Whispersystems would not turn over the keys?

      Hopefully they simply don't have them, like in pgp/gpg.

    • Wyatt Neal

      Additionally, if CM pushes it out to *most* of their users turned on by default, that's now about 10million new people to "track" times that many text messages. That might be enough in the big data realm to annoy them into not collecting these kinds of messages. Especially since it the encryption used will only all that 1 message to be decrypted if the key is discovered. Combined with the EC instead of DES (which is known to be busted) ... that's a significant amount of work to only get 160 characters ... once.

    • Miles

      Would this call attention to Cyanogenmod users? I doubt it. Also saying 'Until everyone is doing it, I don't see the benefit of it' is a bit pointless. Unless people like us start using it how will widespread encryption become mainstream? It's early adopters, modders and rommers who will start this. It's not like your Gran is going to adopt encryption...

  • Sweet Name

    Moxie Marlinspike. Greatest. Name. Ever. His parents deserve some kind of award.

    • Nevi_me

      It's just a pseudonym, not his real name

  • Michael Tamayo

    last paragraph. fix "CyanogenMod"

  • The_Chlero

    I'm not an Assassin nor a terrorist nor a serial killer nor a pedophile or something like that, so I really dont care if the NSA is spying on me. I really dont care if the NSA is watching my sexting with my girl or spying how I upload my cat pictures on Facebook or how I upload rage comics on Reddit.

    • meelyg

      easy to say that when you're success kid and life is awesome

    • T.C. Hunt

      Great, but just because you're naive and thick as shit doesn't mean the rest of us have to agree with you.